Hallelujah , someone finally answered. Thank you CompCav for coming to the rescue.
The site being out of order for a while freaked me out.
OTL new log
OTL logfile created on: 6/1/2013 03:53:18 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Allaho akbar\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 85.55% Memory free
3.85 Gb Paging File | 3.76 Gb Available in Paging File | 97.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.80 Gb Total Space | 8.86 Gb Free Space | 13.46% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 6.28 Gb Free Space | 6.28% Space Free | Partition Type: NTFS
Drive E: | 150.01 Gb Total Space | 41.90 Gb Free Space | 27.93% Space Free | Partition Type: NTFS
Drive F: | 149.94 Gb Total Space | 55.36 Gb Free Space | 36.92% Space Free | Partition Type: NTFS
Drive J: | 3.65 Gb Total Space | 3.15 Gb Free Space | 86.29% Space Free | Partition Type: FAT32
Computer Name: ALLAHO-3FEA220E | User Name: Allaho akbar | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/06/01 03:47:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTL.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/05 00:46:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/02/28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/28 19:47:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/23 16:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/25 22:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/07/11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/05/31 19:00:26 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/03/02 14:06:16 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\virtualnet.sys -- (vnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vfilter.sys -- (pflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\PciCon.sys -- (PciCon)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (mbamswissarmy)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALLAHO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ayrdvot1)
DRV - [2013/06/01 03:11:31 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/06/01 03:05:06 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2013/04/05 13:32:40 | 000,114,608 | ---- | M] (Tonec Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2013/03/29 21:42:40 | 005,444,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2012/11/28 09:10:35 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/08/25 22:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/05/29 15:55:40 | 000,581,464 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/05/25 19:38:48 | 000,023,896 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012/05/25 19:30:34 | 000,024,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012/05/24 11:34:46 | 000,140,120 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2012/05/12 17:13:34 | 000,043,696 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2012/04/13 13:54:06 | 000,135,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2012/03/27 18:34:20 | 000,039,728 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/01 04:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/06/29 13:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...ferrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes\{936D9208-EA09-4d41-A0B9-00992EBE65F1}: "URL" =
http://www.google.co...q={searchTerms}IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes\{D9D0C96B-E727-41cc-9320-4708150E9806}: "URL" =
http://search.yahoo....icevm&type=IEBDIE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: f:\Program Files\Babylon\Babylon-Pro\Utils\
[email protected] [2013/04/23 01:28:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected] [2013/05/05 21:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected] [2013/05/05 21:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected] [2013/05/05 21:07:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected] [2013/05/05 21:07:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\
[email protected]: C:\Documents and Settings\Allaho akbar\Application Data\IDM\idmmzcc5 [2013/05/22 13:36:10 | 000,000,000 | ---D | M]
[2012/11/17 11:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allaho akbar\Application Data\Mozilla\Firefox\extensions
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
http://www.microsoft...er=6&ar=msnhomeCHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\plugin/npABPlugin.dll
CHR - plugin: Internet Download Manager Plugin (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.23_0\IDMGCExt.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.0.3370_0\
CHR - Extension: Safe Money = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.0.3370_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.0.3370_0\
CHR - Extension: IDM Integration = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.12.2_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: Gmail = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.0.3370_0\
O1 HOSTS File: ([2013/05/17 20:08:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - e:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1003..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1003..\RunOnce: [DeleteOnReboot] C:\WINDOWS\DeleteOnReboot.bat ()
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1003..\RunOnce: [Report] C:\AdwCleaner[S1].txt ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: &Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://windowsupdate...b?1353063063046 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.micros...b?1353063532625 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36A26C56-4AA9-4FC7-AED2-287C1585DD15}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/15 23:34:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
========== Files/Folders - Created Within 30 Days ========== [2013/06/01 03:48:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTL.exe
[2013/06/01 03:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/06/01 03:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/06/01 02:51:34 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Allaho akbar\Desktop\tdsskiller.exe
[2013/06/01 02:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Desktop\RK_Quarantine
[2013/06/01 02:30:28 | 000,000,000 | ---D | C] -- C:\ProcessExplorer
[2013/06/01 02:23:47 | 000,037,888 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\ADSSpy.exe
[2013/05/29 01:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2013/05/29 01:25:00 | 003,649,536 | ---- | C] (x264vfw project) -- C:\WINDOWS\System32\x264vfw.dll
[2013/05/29 01:25:00 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2013/05/29 01:24:59 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2013/05/29 01:19:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/05/28 16:41:53 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2013/05/28 16:06:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/05/28 15:34:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/05/27 17:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Shrew Soft VPN
[2013/05/27 17:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Shrew Soft VPN
[2013/05/27 14:23:20 | 000,079,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstIIXP.dll
[2013/05/27 14:23:20 | 000,011,368 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoLDRXP.dll
[2013/05/25 01:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Darksiders2
[2013/05/22 14:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2013/05/22 14:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Sun
[2013/05/22 14:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2013/05/22 14:14:42 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/05/22 14:14:42 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/05/22 14:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/05/22 14:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Sun
[2013/05/19 03:33:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2013/05/18 16:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\My Documents\StreamTransport
[2013/05/10 15:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/05/10 15:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Power MP3 Cutter
[2013/05/10 15:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Power MP3 Recorder Cutter
[2013/05/10 15:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\Power Mp3 Recorder Cutter
[2013/05/05 20:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/05/05 20:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013/05/05 20:12:42 | 000,581,464 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2013/05/05 20:12:42 | 000,067,928 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klflt.sys
[2013/05/03 22:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/05/03 22:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2013/05/03 22:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/05/03 16:41:08 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/05/03 16:19:54 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2013/05/03 16:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2013/05/03 15:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Desktop\kavremover
[2013/05/03 13:30:28 | 000,017,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2013/05/03 02:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/05/03 00:49:51 | 000,000,000 | ---D | C] -- C:\ComboFix_10
[2013/05/02 14:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Medical Dictionary
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/06/01 03:47:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTL.exe
[2013/06/01 03:29:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/01 03:24:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/01 03:11:31 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/06/01 03:05:54 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1606980848-839522115-1003.job
[2013/06/01 03:05:52 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1606980848-839522115-1003.job
[2013/06/01 03:05:06 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2013/06/01 03:04:58 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/01 03:02:42 | 000,000,214 | ---- | M] () -- C:\WINDOWS\DeleteOnReboot.bat
[2013/06/01 02:51:10 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Allaho akbar\Desktop\tdsskiller.exe
[2013/06/01 02:43:02 | 000,000,842 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/01 01:32:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/31 17:29:26 | 000,037,888 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\ADSSpy.exe
[2013/05/29 02:01:14 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003UA.job
[2013/05/28 15:20:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/05/27 02:18:52 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/05/27 02:06:11 | 005,071,432 | R--- | M] (Swearware) -- C:\Documents and Settings\Allaho akbar\Desktop\ComboFix_6.exe
[2013/05/26 20:01:00 | 000,001,004 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003Core.job
[2013/05/22 14:14:24 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/05/22 14:14:24 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/05/21 00:59:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/05/19 03:31:22 | 000,002,072 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013/05/18 16:45:13 | 001,933,948 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\My Documents\politicsofpronunciation - Politics of pronunciation Webcast.flv
[2013/05/18 13:19:16 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Rosetta Stone Version 3.lnk
[2013/05/17 20:08:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/05/17 11:29:02 | 003,123,421 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Beyond Samsung.mp3
[2013/05/15 14:29:55 | 000,361,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/15 12:28:01 | 000,505,972 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/15 12:28:01 | 000,087,870 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/15 12:22:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/12 15:31:50 | 000,001,088 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to UpdateUtility-Gui.lnk
[2013/05/12 00:10:27 | 000,000,413 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to ross.lnk
[2013/05/10 20:44:32 | 000,002,009 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Alpha - Chrome.lnk
[2013/05/10 15:48:36 | 000,002,017 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Slice - Chrome.lnk
[2013/05/10 15:22:18 | 001,205,855 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa ya balady - Dalida.mp3
[2013/05/10 15:18:22 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power Mp3 Recorder.lnk
[2013/05/10 15:18:21 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Classic.lnk
[2013/05/10 15:18:21 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Pro.lnk
[2013/05/10 14:58:09 | 009,694,386 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa Ya Balady - Dalida (Egypt My Beautiful Home Land) - YouTube_2.mp4
[2013/05/07 06:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/05 20:16:48 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Safe Money.lnk
[2013/05/05 20:13:50 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013/05/04 23:19:19 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Application Data\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
[2013/05/03 22:40:00 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/05/03 17:21:08 | 002,156,079 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\kavremover.zip
[2013/05/03 02:32:16 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/06/01 03:11:31 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/06/01 03:02:32 | 000,000,214 | ---- | C] () -- C:\WINDOWS\DeleteOnReboot.bat
[2013/05/29 01:25:00 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/05/29 01:25:00 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/05/29 01:25:00 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2013/05/29 01:24:57 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/05/27 14:23:18 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/05/18 16:44:01 | 001,933,948 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\My Documents\politicsofpronunciation - Politics of pronunciation Webcast.flv
[2013/05/12 15:31:50 | 000,001,088 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to UpdateUtility-Gui.lnk
[2013/05/12 00:10:27 | 000,000,413 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to ross.lnk
[2013/05/10 15:48:35 | 000,002,017 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Slice - Chrome.lnk
[2013/05/10 15:23:41 | 003,123,421 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Beyond Samsung.mp3
[2013/05/10 15:21:34 | 001,205,855 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa ya balady - Dalida.mp3
[2013/05/10 15:18:22 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power Mp3 Recorder.lnk
[2013/05/10 15:18:21 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Classic.lnk
[2013/05/10 15:18:21 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Pro.lnk
[2013/05/10 14:56:20 | 009,694,386 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa Ya Balady - Dalida (Egypt My Beautiful Home Land) - YouTube_2.mp4
[2013/05/05 20:16:48 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Safe Money.lnk
[2013/05/05 20:14:02 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013/05/03 22:40:00 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/05/03 17:20:47 | 002,156,079 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\kavremover.zip
[2013/05/03 02:32:16 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/04/26 23:16:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/04/26 23:16:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/04/26 23:16:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/04/26 23:16:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/04/26 23:16:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/04/06 02:33:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/03 13:12:52 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\SecurityKISSTunnel.config
[2012/11/27 17:33:34 | 000,001,995 | ---- | C] () -- C:\WINDOWS\AccMling.ini
[2012/11/20 17:50:04 | 021,161,332 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\SKIDROW.rar
[2012/11/18 14:28:28 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/11/17 20:52:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/11/17 11:27:11 | 000,002,072 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/11/16 18:24:30 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/11/16 18:24:30 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/11/16 18:24:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/11/16 15:32:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/11/16 14:59:34 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/16 11:41:15 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\WebpageIcons.db
[2012/11/16 10:27:35 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012/11/16 10:22:13 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2012/11/16 10:22:13 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2012/11/16 01:23:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/11/16 01:23:00 | 000,361,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/15 23:36:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/11/15 23:32:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/02/09 22:40:00 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
========== ZeroAccess Check ========== [2012/11/16 18:13:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ========== [2012/11/17 17:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2012/11/17 17:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zbshareware Lab
[2013/05/10 15:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/03/29 15:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IDM
[2013/05/03 22:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2012/11/19 20:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RELOADED
[2013/05/18 14:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2013/05/27 17:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shrew Soft VPN
[2013/03/29 19:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steam
[2012/11/17 11:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2013/03/24 17:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Audacity
[2013/03/17 14:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\cald3
[2012/12/15 17:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\calibre
[2012/11/16 14:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\DAEMON Tools
[2013/05/29 03:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\DMCache
[2013/03/11 13:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Doublefine
[2013/04/12 20:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\FreeArc
[2013/05/29 01:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\IDM
[2013/04/13 02:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\OmegaT
[2013/04/13 01:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\OpenOffice.org
[2013/05/10 15:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Power MP3 Cutter
[2012/11/23 14:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Product_RM
[2012/11/23 14:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Registry Mechanic
[2013/06/01 03:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\uTorrent
[2012/11/16 18:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Windows Desktop Search
[2012/11/16 18:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Windows Search
[2012/11/17 11:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Zbshareware Lab
========== Purity Check ========== ========== Custom Scans ========== ========== Base Services ==========SRV - [2008/04/14 05:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 05:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 15:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 05:41:52 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 19:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Services.exe -- (Eventlog)
SRV - [2008/04/14 05:41:54 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 05:42:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 05:42:24 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 05:41:54 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 05:42:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 05:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 05:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 18:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Services.exe -- (PlugPlay)
SRV - [2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 05:42:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 05:42:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 14:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 05:42:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 05:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 07:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 05:42:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 05:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 05:42:08 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 05:42:40 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 05:41:52 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 05:41:56 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 05:42:10 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 05:42:30 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 05:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 14:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 05:41:54 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 05:42:12 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 08:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
< %SYSTEMDRIVE%\*.exe >[2013/05/31 17:29:26 | 000,037,888 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\ADSSpy.exe
< MD5 for: EXPLORER.EXE >[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: SERVICES >[2006/02/28 14:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
< MD5 for: SERVICES.CFG >[2012/12/18 21:08:30 | 000,559,043 | ---- | M] () MD5=BA25E8F1460C7453B7488FE4B42F6919 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
< MD5 for: SERVICES.EXE >[2009/02/06 13:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\Services.exe
[2006/02/28 14:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
< MD5 for: SERVICES.EXE.VIR >[2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\Qoobox\Quarantine\C\WINDOWS\system32\Services.exe.vir
< MD5 for: SERVICES.LNK >[2012/11/15 23:34:53 | 000,001,602 | ---- | M] () MD5=6B30FB4930D644D42DD124855D97924E -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
< MD5 for: SERVICES.MSC >[2006/02/28 14:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
< MD5 for: SERVICES.RDB >[2012/08/13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012/08/10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
< MD5 for: SVCHOST.EXE >[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: USERINIT.EXE >[2006/02/28 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >[2006/02/28 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< dir C:\ /S /A:L /C > Volume in drive C has no label.
Volume Serial Number is F868-6FBE
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
05/15/2013 12:27 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
05/15/2013 12:27 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
05/15/2013 12:23 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
3 Dir(s) 9,509,511,168 bytes free
< End of report >
OTL old extras log
OTL Extras logfile created on: 5/28/2013 4:46:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Allaho akbar\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 57.85% Memory free
3.84 Gb Paging File | 2.97 Gb Available in Paging File | 77.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.80 Gb Total Space | 0.80 Gb Free Space | 1.22% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 6.34 Gb Free Space | 6.34% Space Free | Partition Type: NTFS
Drive E: | 150.01 Gb Total Space | 41.90 Gb Free Space | 27.93% Space Free | Partition Type: NTFS
Drive F: | 149.94 Gb Total Space | 64.70 Gb Free Space | 43.15% Space Free | Partition Type: NTFS
Computer Name: ALLAHO-3FEA220E | User Name: Allaho akbar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"F:\Program Files\Counter-Strike 1.6\hl.exe" = F:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0610.1
"{0830C2E8-01B9-4CD1-B218-12B0107D5BED}" = calibre
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}" = Nero 7 Essentials
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8DA9D7E6-8F69-4171-9007-81B0A84C83F6}" = CDisplay
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4A8FCAB-9D30-4509-A3F1-D0B7E1BE9F00}" = Devil May Cry 3 Special Edition
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.3
"Babylon" = Babylon
"Blueline_is1" = Blueline 1.1.1
"Counter-Strike 1.6" = Counter-Strike 1.6
"EasyLingoV1" = EasyLingo v2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fass" = Pawsoft Fass
"FormatFactory" = FormatFactory 3.0.1
"FreeArc" = FreeArc 0.666
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.9.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NSIS_cald3" = Cambridge Advanced Learner's Dictionary - 3rd Edition
"OmegaT 2.6.3_is1" = OmegaT version 2.6.3
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"Power MP3 Recorder Cutter_is1" = Power MP3 Recorder Cutter v6.2
"QUICKfind" = QUICKfind server v1.1
"RealPlayer 15.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Sandboxie" = Sandboxie 3.74 (32-bit)
"SecurityKISS Tunnel_is1" = SecurityKISS Tunnel v0.3.0
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"SpywareBlaster_is1" = SpywareBlaster 5.0
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.6
"USB Disk Security_is1" = USB Disk Security
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 5/27/2013 4:34:42 PM | Computer Name = ALLAHO-3FEA220E | Source = NativeWrapper | ID = 5000
Description =
Error - 5/27/2013 8:01:25 PM | Computer Name = ALLAHO-3FEA220E | Source = Google Update | ID = 20
Description =
Error - 5/27/2013 8:38:45 PM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 5/27/2013 8:38:46 PM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.
Error - 5/27/2013 8:38:46 PM | Computer Name = ALLAHO-3FEA220E | Source = NativeWrapper | ID = 5000
Description =
Error - 5/28/2013 2:01:13 AM | Computer Name = ALLAHO-3FEA220E | Source = Google Update | ID = 20
Description =
Error - 5/28/2013 2:07:56 AM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 5/28/2013 2:07:57 AM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.
Error - 5/28/2013 2:07:57 AM | Computer Name = ALLAHO-3FEA220E | Source = NativeWrapper | ID = 5000
Description =
Error - 5/28/2013 8:01:21 AM | Computer Name = ALLAHO-3FEA220E | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 5/28/2013 1:43:00 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
Error - 5/28/2013 2:07:58 AM | Computer Name = ALLAHO-3FEA220E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).
Error - 5/28/2013 7:03:59 AM | Computer Name = ALLAHO-3FEA220E | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 6CF049D17FAE has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 5/28/2013 7:43:00 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
Error - 5/28/2013 9:16:14 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 5/28/2013 9:17:11 AM | Computer Name = ALLAHO-3FEA220E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm KLIF kneps SASDIFSV SASKUTIL
Error - 5/28/2013 9:17:48 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 5/28/2013 9:40:31 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 5/28/2013 9:59:42 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}
Error - 5/28/2013 9:59:42 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}
< End of report >
Rogue killer first log since I deleted what I found , it produced 2 logs
# AdwCleaner v2.301 - Logfile created 06/01/2013 at 03:01:07
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Allaho akbar - ALLAHO-3FEA220E
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Allaho akbar\My Documents\Downloads\Programs\AdwCleaner.exe
# Option [Search]
***** [Services] *****
Found : BCUService
***** [Files / Folders] *****
File Found : C:\Documents and Settings\All Users\Desktop\Babylon.lnk
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\Babylon
Folder Found : C:\Documents and Settings\Allaho akbar\Application Data\Babylon
Folder Found : C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Babylon
Folder Found : C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Found : C:\Program Files\DeviceVM
***** [Registry] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Babylon
Key Found : HKCU\Software\DeviceVM
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\PIP
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Found : HKLM\SOFTWARE\Classes\BabyDict
Key Found : HKLM\SOFTWARE\Classes\BabyGloss
Key Found : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Found : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Found : HKLM\SOFTWARE\Classes\BabyOptFile
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Found : HKLM\Software\DeviceVM
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Found : HKLM\Software\PIP
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v27.0.1453.94
File : C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [6047 octets] - [01/06/2013 03:01:07]
########## EOF - C:\AdwCleaner[R1].txt - [6107 octets] ##########
# AdwCleaner v2.301 - Logfile created 06/01/2013 at 03:01:58
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Allaho akbar - ALLAHO-3FEA220E
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Allaho akbar\My Documents\Downloads\Programs\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
Stopped & Deleted : BCUService
***** [Files / Folders] *****
Deleted on reboot : C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
File Deleted : C:\Documents and Settings\All Users\Desktop\Babylon.lnk
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Babylon
Folder Deleted : C:\Documents and Settings\Allaho akbar\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Babylon
Folder Deleted : C:\Program Files\DeviceVM
***** [Registry] *****
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Deleted : HKLM\Software\PIP
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v27.0.1453.94
File : C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [6176 octets] - [01/06/2013 03:01:07]
AdwCleaner[S1].txt - [6252 octets] - [01/06/2013 03:01:58]
########## EOF - C:\AdwCleaner[S1].txt - [6312 octets] ##########
I promise I wont run anything without being told to do so first however I ran some programs like TDSS , Adw and Rouge killer in normal mode
When I deleted the files in rogue killer I could not see desktop icons upon rebooting to normal mode.
TDSS log in normal mode
02:51:38.0609 0396 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
02:51:38.0828 0396 ============================================================
02:51:38.0828 0396 Current date / time: 2013/06/01 02:51:38.0828
02:51:38.0828 0396 SystemInfo:
02:51:38.0828 0396
02:51:38.0828 0396 OS Version: 5.1.2600 ServicePack: 3.0
02:51:38.0828 0396 Product type: Workstation
02:51:38.0828 0396 ComputerName: ALLAHO-3FEA220E
02:51:38.0828 0396 UserName: Allaho akbar
02:51:38.0828 0396 Windows directory: C:\WINDOWS
02:51:38.0828 0396 System windows directory: C:\WINDOWS
02:51:38.0828 0396 Processor architecture: Intel x86
02:51:38.0828 0396 Number of processors: 2
02:51:38.0828 0396 Page size: 0x1000
02:51:38.0828 0396 Boot type: Normal boot
02:51:38.0828 0396 ============================================================
02:51:39.0718 0396 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:51:39.0718 0396 Drive \Device\Harddisk1\DR5 - Size: 0xEA108000 (3.66 Gb), SectorSize: 0x200, Cylinders: 0x1DD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:51:39.0718 0396 ============================================================
02:51:39.0718 0396 \Device\Harddisk0\DR0:
02:51:39.0718 0396 MBR partitions:
02:51:39.0718 0396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x839AFCF
02:51:39.0734 0396 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x839B04D, BlocksNum 0xC803400
02:51:39.0750 0396 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x14B9E48C, BlocksNum 0x12C02EBF
02:51:39.0765 0396 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x277A138A, BlocksNum 0x12BE38B7
02:51:39.0765 0396 \Device\Harddisk1\DR5:
02:51:39.0765 0396 MBR partitions:
02:51:39.0765 0396 \Device\Harddisk1\DR5\Partition1: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0x74E8C0
02:51:39.0765 0396 ============================================================
02:51:39.0843 0396 D: <-> \Device\Harddisk0\DR0\Partition2
02:51:39.0937 0396 E: <-> \Device\Harddisk0\DR0\Partition3
02:51:40.0031 0396 F: <-> \Device\Harddisk0\DR0\Partition4
02:51:40.0062 0396 C: <-> \Device\Harddisk0\DR0\Partition1
02:51:40.0062 0396 ============================================================
02:51:40.0062 0396 Initialize success
02:51:40.0062 0396 ============================================================
02:53:34.0750 3436 ============================================================
02:53:34.0750 3436 Scan started
02:53:34.0750 3436 Mode: Manual; SigCheck; TDLFS;
02:53:34.0750 3436 ============================================================
02:53:35.0968 3436 ================ Scan system memory ========================
02:53:35.0968 3436 System memory - ok
02:53:35.0968 3436 ================ Scan services =============================
02:53:36.0046 3436 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
02:53:36.0546 3436 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
02:53:36.0546 3436 !SASCORE - detected UnsignedFile.Multi.Generic (1)
02:53:36.0625 3436 Abiosdsk - ok
02:53:36.0625 3436 abp480n5 - ok
02:53:36.0656 3436 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:53:37.0015 3436 ACPI - ok
02:53:37.0062 3436 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
02:53:37.0156 3436 ACPIEC - ok
02:53:37.0218 3436 [ 76D5A3D2A50402A0B9B6ED13C4371E79 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:53:37.0218 3436 AdobeFlashPlayerUpdateSvc - ok
02:53:37.0234 3436 adpu160m - ok
02:53:37.0234 3436 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
02:53:37.0328 3436 aec - ok
02:53:37.0343 3436 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
02:53:37.0375 3436 AFD - ok
02:53:37.0375 3436 Aha154x - ok
02:53:37.0375 3436 aic78u2 - ok
02:53:37.0375 3436 aic78xx - ok
02:53:37.0406 3436 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
02:53:37.0484 3436 Alerter - ok
02:53:37.0500 3436 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
02:53:37.0546 3436 ALG - ok
02:53:37.0546 3436 AliIde - ok
02:53:37.0671 3436 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
02:53:37.0765 3436 Ambfilt - ok
02:53:37.0765 3436 amsint - ok
02:53:37.0781 3436 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
02:53:37.0828 3436 AppMgmt - ok
02:53:37.0828 3436 asc - ok
02:53:37.0843 3436 asc3350p - ok
02:53:37.0843 3436 asc3550 - ok
02:53:37.0921 3436 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:53:37.0937 3436 aspnet_state - ok
02:53:37.0953 3436 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:53:38.0031 3436 AsyncMac - ok
02:53:38.0046 3436 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
02:53:38.0140 3436 atapi - ok
02:53:38.0140 3436 Atdisk - ok
02:53:38.0156 3436 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:53:38.0234 3436 Atmarpc - ok
02:53:38.0265 3436 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
02:53:38.0328 3436 AudioSrv - ok
02:53:38.0359 3436 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
02:53:38.0437 3436 audstub - ok
02:53:38.0484 3436 [ 6FDDD18A650764A59302A018765E5521 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
02:53:38.0500 3436 AVP - ok
02:53:38.0546 3436 [ F29D375926E36E3A56AF4805C7749302 ] BCUService C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
02:53:38.0562 3436 BCUService - ok
02:53:38.0578 3436 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
02:53:38.0656 3436 Beep - ok
02:53:38.0687 3436 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
02:53:38.0781 3436 BITS - ok
02:53:38.0812 3436 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
02:53:38.0843 3436 Browser - ok
02:53:38.0937 3436 catchme - ok
02:53:38.0968 3436 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
02:53:39.0046 3436 cbidf2k - ok
02:53:39.0062 3436 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:53:39.0125 3436 CCDECODE - ok
02:53:39.0140 3436 cd20xrnt - ok
02:53:39.0156 3436 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
02:53:39.0218 3436 Cdaudio - ok
02:53:39.0234 3436 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
02:53:39.0312 3436 Cdfs - ok
02:53:39.0312 3436 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:53:39.0406 3436 Cdrom - ok
02:53:39.0406 3436 Changer - ok
02:53:39.0421 3436 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
02:53:39.0500 3436 CiSvc - ok
02:53:39.0515 3436 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
02:53:39.0593 3436 ClipSrv - ok
02:53:39.0625 3436 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:53:39.0625 3436 clr_optimization_v2.0.50727_32 - ok
02:53:39.0671 3436 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:53:39.0687 3436 clr_optimization_v4.0.30319_32 - ok
02:53:39.0687 3436 CmdIde - ok
02:53:39.0703 3436 COMSysApp - ok
02:53:39.0703 3436 Cpqarray - ok
02:53:39.0718 3436 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
02:53:39.0796 3436 CryptSvc - ok
02:53:39.0796 3436 dac2w2k - ok
02:53:39.0812 3436 dac960nt - ok
02:53:39.0843 3436 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
02:53:39.0859 3436 DcomLaunch - ok
02:53:39.0890 3436 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
02:53:39.0968 3436 Dhcp - ok
02:53:39.0984 3436 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
02:53:40.0062 3436 Disk - ok
02:53:40.0078 3436 dmadmin - ok
02:53:40.0140 3436 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
02:53:40.0218 3436 dmboot - ok
02:53:40.0234 3436 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
02:53:40.0312 3436 dmio - ok
02:53:40.0312 3436 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
02:53:40.0390 3436 dmload - ok
02:53:40.0406 3436 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
02:53:40.0500 3436 dmserver - ok
02:53:40.0515 3436 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
02:53:40.0578 3436 DMusic - ok
02:53:40.0609 3436 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
02:53:40.0625 3436 Dnscache - ok
02:53:40.0656 3436 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
02:53:40.0734 3436 Dot3svc - ok
02:53:40.0734 3436 dpti2o - ok
02:53:40.0734 3436 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
02:53:40.0828 3436 drmkaud - ok
02:53:40.0859 3436 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
02:53:40.0937 3436 EapHost - ok
02:53:40.0953 3436 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
02:53:41.0031 3436 ERSvc - ok
02:53:41.0062 3436 [ 2C31DCAA88D269E13A935910DBB4CC61 ] ES lite Service C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
02:53:41.0078 3436 ES lite Service - ok
02:53:41.0093 3436 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
02:53:41.0109 3436 Eventlog - ok
02:53:41.0140 3436 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
02:53:41.0171 3436 EventSystem - ok
02:53:41.0187 3436 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
02:53:41.0265 3436 Fastfat - ok
02:53:41.0281 3436 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
02:53:41.0328 3436 FastUserSwitchingCompatibility - ok
02:53:41.0328 3436 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
02:53:41.0406 3436 Fdc - ok
02:53:41.0406 3436 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
02:53:41.0484 3436 Fips - ok
02:53:41.0531 3436 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:53:41.0546 3436 FLEXnet Licensing Service - ok
02:53:41.0562 3436 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
02:53:41.0625 3436 Flpydisk - ok
02:53:41.0656 3436 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
02:53:41.0718 3436 FltMgr - ok
02:53:41.0765 3436 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:53:41.0781 3436 FontCache3.0.0.0 - ok
02:53:41.0781 3436 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:53:41.0859 3436 Fs_Rec - ok
02:53:41.0859 3436 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:53:41.0937 3436 Ftdisk - ok
02:53:41.0968 3436 [ D556CB79967E92B5CC69686D16C1D846 ] gdrv C:\WINDOWS\gdrv.sys
02:53:41.0968 3436 gdrv - ok
02:53:42.0000 3436 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:53:42.0093 3436 Gpc - ok
02:53:42.0140 3436 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
02:53:42.0140 3436 gupdate - ok
02:53:42.0156 3436 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
02:53:42.0156 3436 gupdatem - ok
02:53:42.0171 3436 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:53:42.0234 3436 HDAudBus - ok
02:53:42.0296 3436 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:53:42.0375 3436 helpsvc - ok
02:53:42.0375 3436 HidServ - ok
02:53:42.0390 3436 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:53:42.0468 3436 HidUsb - ok
02:53:42.0484 3436 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
02:53:42.0562 3436 hkmsvc - ok
02:53:42.0578 3436 hpn - ok
02:53:42.0609 3436 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
02:53:42.0640 3436 HTTP - ok
02:53:42.0671 3436 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
02:53:42.0750 3436 HTTPFilter - ok
02:53:42.0750 3436 i2omgmt - ok
02:53:42.0750 3436 i2omp - ok
02:53:42.0750 3436 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:53:42.0828 3436 i8042prt - ok
02:53:42.0843 3436 [ 271B6EBCDC29723EE4CDF151C2037EDF ] IDMTDI C:\WINDOWS\system32\DRIVERS\idmtdi.sys
02:53:42.0843 3436 IDMTDI - ok
02:53:42.0906 3436 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:53:42.0937 3436 idsvc - ok
02:53:42.0937 3436 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
02:53:43.0015 3436 Imapi - ok
02:53:43.0031 3436 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
02:53:43.0125 3436 ImapiService - ok
02:53:43.0125 3436 ini910u - ok
02:53:43.0218 3436 [ A7564CC4E170F1E5B84BAE6BB8C5F16E ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
02:53:43.0343 3436 IntcAzAudAddService - ok
02:53:43.0343 3436 IntelIde - ok
02:53:43.0359 3436 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:53:43.0437 3436 intelppm - ok
02:53:43.0453 3436 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
02:53:43.0546 3436 Ip6Fw - ok
02:53:43.0546 3436 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:53:43.0625 3436 IpFilterDriver - ok
02:53:43.0625 3436 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:53:43.0718 3436 IpInIp - ok
02:53:43.0718 3436 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:53:43.0796 3436 IpNat - ok
02:53:43.0796 3436 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:53:43.0875 3436 IPSec - ok
02:53:43.0890 3436 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
02:53:43.0953 3436 IRENUM - ok
02:53:43.0953 3436 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:53:44.0031 3436 isapnp - ok
02:53:44.0046 3436 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:53:44.0109 3436 Kbdclass - ok
02:53:44.0140 3436 [ 0C78F66259B312DA2A2B565659FD5EBF ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
02:53:44.0156 3436 KL1 - ok
02:53:44.0187 3436 [ B8FD2E8D24EBC01D7CEB888CA1F0CA58 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
02:53:44.0203 3436 KLIF - ok
02:53:44.0234 3436 [ 09BCB45E7AF12B82BB5B68BB599A6022 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
02:53:44.0234 3436 klim5 - ok
02:53:44.0250 3436 [ 862A0C212CFF3F2B0E8FB11C80037C0D ] klkbdflt C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
02:53:44.0250 3436 klkbdflt - ok
02:53:44.0265 3436 [ 2C88A8FEF90F6133842E267B40693D6F ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
02:53:44.0265 3436 klmouflt - ok
02:53:44.0281 3436 [ 378FD5C977D56D08AF4316F815B35FD6 ] kltdi C:\WINDOWS\system32\DRIVERS\kltdi.sys
02:53:44.0281 3436 kltdi - ok
02:53:44.0296 3436 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
02:53:44.0375 3436 kmixer - ok
02:53:44.0375 3436 [ 1C488D4B7808D20C382A0D54F72DF01C ] kneps C:\WINDOWS\system32\DRIVERS\kneps.sys
02:53:44.0390 3436 kneps - ok
02:53:44.0406 3436 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
02:53:44.0437 3436 KSecDD - ok
02:53:44.0468 3436 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
02:53:44.0484 3436 lanmanserver - ok
02:53:44.0515 3436 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
02:53:44.0562 3436 lanmanworkstation - ok
02:53:44.0562 3436 lbrtfdc - ok
02:53:44.0609 3436 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
02:53:44.0625 3436 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
02:53:44.0625 3436 LightScribeService - detected UnsignedFile.Multi.Generic (1)
02:53:44.0656 3436 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
02:53:44.0718 3436 LmHosts - ok
02:53:44.0750 3436 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
02:53:44.0828 3436 Messenger - ok
02:53:44.0890 3436 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
02:53:44.0890 3436 Microsoft Office Groove Audit Service - ok
02:53:44.0906 3436 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
02:53:44.0984 3436 mnmdd - ok
02:53:45.0000 3436 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
02:53:45.0093 3436 mnmsrvc - ok
02:53:45.0109 3436 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
02:53:45.0187 3436 Modem - ok
02:53:45.0281 3436 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
02:53:45.0312 3436 Monfilt - ok
02:53:45.0328 3436 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:53:45.0406 3436 Mouclass - ok
02:53:45.0406 3436 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:53:45.0484 3436 mouhid - ok
02:53:45.0500 3436 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
02:53:45.0578 3436 MountMgr - ok
02:53:45.0578 3436 mraid35x - ok
02:53:45.0578 3436 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:53:45.0656 3436 MRxDAV - ok
02:53:45.0687 3436 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:53:45.0734 3436 MRxSmb - ok
02:53:45.0734 3436 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
02:53:45.0812 3436 MSDTC - ok
02:53:45.0828 3436 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
02:53:45.0890 3436 Msfs - ok
02:53:45.0890 3436 MSIServer - ok
02:53:45.0906 3436 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:53:45.0984 3436 MSKSSRV - ok
02:53:46.0000 3436 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:53:46.0062 3436 MSPCLOCK - ok
02:53:46.0078 3436 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
02:53:46.0140 3436 MSPQM - ok
02:53:46.0156 3436 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:53:46.0218 3436 mssmbios - ok
02:53:46.0250 3436 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
02:53:46.0328 3436 MSTEE - ok
02:53:46.0343 3436 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
02:53:46.0375 3436 Mup - ok
02:53:46.0375 3436 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:53:46.0437 3436 NABTSFEC - ok
02:53:46.0468 3436 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
02:53:46.0546 3436 napagent - ok
02:53:46.0625 3436 [ 0D01287D85B3715FA8270E8EC919B7F7 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
02:53:46.0640 3436 NBService ( UnsignedFile.Multi.Generic ) - warning
02:53:46.0640 3436 NBService - detected UnsignedFile.Multi.Generic (1)
02:53:46.0656 3436 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
02:53:46.0718 3436 NDIS - ok
02:53:46.0750 3436 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:53:46.0828 3436 NdisIP - ok
02:53:46.0843 3436 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:53:46.0875 3436 NdisTapi - ok
02:53:46.0890 3436 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:53:46.0968 3436 Ndisuio - ok
02:53:46.0968 3436 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:53:47.0031 3436 NdisWan - ok
02:53:47.0062 3436 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
02:53:47.0078 3436 NDProxy - ok
02:53:47.0093 3436 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
02:53:47.0171 3436 NetBIOS - ok
02:53:47.0187 3436 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
02:53:47.0250 3436 NetBT - ok
02:53:47.0281 3436 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
02:53:47.0359 3436 NetDDE - ok
02:53:47.0359 3436 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
02:53:47.0421 3436 NetDDEdsdm - ok
02:53:47.0453 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
02:53:47.0531 3436 Netlogon - ok
02:53:47.0531 3436 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
02:53:47.0625 3436 Netman - ok
02:53:47.0640 3436 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:53:47.0640 3436 NetTcpPortSharing - ok
02:53:47.0656 3436 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
02:53:47.0671 3436 Nla - ok
02:53:47.0718 3436 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
02:53:47.0750 3436 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
02:53:47.0750 3436 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
02:53:47.0765 3436 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
02:53:47.0828 3436 Npfs - ok
02:53:47.0828 3436 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
02:53:47.0906 3436 Ntfs - ok
02:53:47.0906 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
02:53:47.0984 3436 NtLmSsp - ok
02:53:48.0000 3436 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
02:53:48.0078 3436 NtmsSvc - ok
02:53:48.0109 3436 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
02:53:48.0187 3436 Null - ok
02:53:48.0359 3436 [ 68B8C35782FFD20973524F748234B5A9 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:53:48.0593 3436 nv - ok
02:53:48.0625 3436 [ FFD30DAAF62D605069F6EB42D2E807C3 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
02:53:48.0640 3436 NVSvc - ok
02:53:48.0703 3436 [ 210EE09CB9C2655E55BD48D851369DC1 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:53:48.0734 3436 nvUpdatusService - ok
02:53:48.0750 3436 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:53:48.0828 3436 NwlnkFlt - ok
02:53:48.0828 3436 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:53:48.0890 3436 NwlnkFwd - ok
02:53:48.0968 3436 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:53:48.0984 3436 odserv - ok
02:53:49.0015 3436 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:53:49.0031 3436 ose - ok
02:53:49.0062 3436 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
02:53:49.0140 3436 Parport - ok
02:53:49.0140 3436 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
02:53:49.0218 3436 PartMgr - ok
02:53:49.0250 3436 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
02:53:49.0328 3436 ParVdm - ok
02:53:49.0343 3436 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
02:53:49.0406 3436 PCI - ok
02:53:49.0421 3436 PciCon - ok
02:53:49.0421 3436 PCIDump - ok
02:53:49.0437 3436 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
02:53:49.0515 3436 PCIIde - ok
02:53:49.0531 3436 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
02:53:49.0593 3436 Pcmcia - ok
02:53:49.0625 3436 [ 3E9CD8646EBF1C15438F9135796C02B7 ] PCToolsSSDMonitorSvc C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
02:53:49.0656 3436 PCToolsSSDMonitorSvc - ok
02:53:49.0656 3436 PDCOMP - ok
02:53:49.0656 3436 PDFRAME - ok
02:53:49.0656 3436 PDRELI - ok
02:53:49.0656 3436 PDRFRAME - ok
02:53:49.0671 3436 perc2 - ok
02:53:49.0671 3436 perc2hib - ok
02:53:49.0687 3436 pflt - ok
02:53:49.0687 3436 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
02:53:49.0703 3436 PlugPlay - ok
02:53:49.0718 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
02:53:49.0781 3436 PolicyAgent - ok
02:53:49.0796 3436 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:53:49.0875 3436 PptpMiniport - ok
02:53:49.0875 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
02:53:49.0937 3436 ProtectedStorage - ok
02:53:49.0953 3436 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
02:53:50.0031 3436 PSched - ok
02:53:50.0031 3436 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:53:50.0109 3436 Ptilink - ok
02:53:50.0109 3436 ql1080 - ok
02:53:50.0109 3436 Ql10wnt - ok
02:53:50.0125 3436 ql12160 - ok
02:53:50.0125 3436 ql1240 - ok
02:53:50.0125 3436 ql1280 - ok
02:53:50.0140 3436 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:53:50.0203 3436 RasAcd - ok
02:53:50.0234 3436 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
02:53:50.0312 3436 RasAuto - ok
02:53:50.0328 3436 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:53:50.0390 3436 Rasl2tp - ok
02:53:50.0421 3436 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
02:53:50.0484 3436 RasMan - ok
02:53:50.0500 3436 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:53:50.0578 3436 RasPppoe - ok
02:53:50.0578 3436 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
02:53:50.0640 3436 Raspti - ok
02:53:50.0656 3436 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:53:50.0718 3436 Rdbss - ok
02:53:50.0734 3436 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:53:50.0812 3436 RDPCDD - ok
02:53:50.0828 3436 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:53:50.0890 3436 rdpdr - ok
02:53:50.0921 3436 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
02:53:50.0953 3436 RDPWD - ok
02:53:50.0968 3436 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
02:53:51.0046 3436 RDSessMgr - ok
02:53:51.0046 3436 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
02:53:51.0109 3436 redbook - ok
02:53:51.0140 3436 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
02:53:51.0203 3436 RemoteAccess - ok
02:53:51.0234 3436 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
02:53:51.0296 3436 RemoteRegistry - ok
02:53:51.0312 3436 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
02:53:51.0375 3436 RpcLocator - ok
02:53:51.0390 3436 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
02:53:51.0421 3436 RpcSs - ok
02:53:51.0437 3436 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
02:53:51.0515 3436 RSVP - ok
02:53:51.0531 3436 [ 79B4FE884C18DD82D5449F6B6026D092 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
02:53:51.0578 3436 RTLE8023xp - ok
02:53:51.0578 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
02:53:51.0656 3436 SamSs - ok
02:53:51.0656 3436 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
02:53:51.0671 3436 SASDIFSV - ok
02:53:51.0687 3436 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
02:53:51.0703 3436 SASKUTIL - ok
02:53:51.0734 3436 [ 224049C51E2C2D07B02B1BED262976A1 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
02:53:51.0750 3436 SbieDrv - ok
02:53:51.0765 3436 [ 3129023CEF1A2225665D44F9545DAED4 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
02:53:51.0781 3436 SbieSvc - ok
02:53:51.0812 3436 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
02:53:51.0875 3436 SCardSvr - ok
02:53:51.0890 3436 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
02:53:51.0984 3436 Schedule - ok
02:53:51.0984 3436 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:53:52.0031 3436 Secdrv - ok
02:53:52.0031 3436 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
02:53:52.0109 3436 seclogon - ok
02:53:52.0140 3436 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
02:53:52.0218 3436 SENS - ok
02:53:52.0218 3436 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
02:53:52.0281 3436 serenum - ok
02:53:52.0296 3436 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
02:53:52.0359 3436 Serial - ok
02:53:52.0390 3436 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
02:53:52.0453 3436 Sfloppy - ok
02:53:52.0500 3436 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
02:53:52.0562 3436 SharedAccess - ok
02:53:52.0578 3436 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:53:52.0593 3436 ShellHWDetection - ok
02:53:52.0593 3436 Simbad - ok
02:53:52.0703 3436 [ 0C1B2E3A897397738D9F81CD3D152AF0 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
02:53:52.0812 3436 Skype C2C Service - ok
02:53:52.0859 3436 [ 3467821FD04A66C9786DF0C8C0219A73 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
02:53:52.0875 3436 SkypeUpdate - ok
02:53:52.0890 3436 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:53:52.0953 3436 SLIP - ok
02:53:52.0968 3436 Sparrow - ok
02:53:52.0984 3436 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
02:53:53.0062 3436 splitter - ok
02:53:53.0093 3436 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
02:53:53.0109 3436 Spooler - ok
02:53:53.0140 3436 [ 71E276F6D189413266EA22171806597B ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
02:53:53.0140 3436 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B
02:53:53.0140 3436 sptd ( LockedFile.Multi.Generic ) - warning
02:53:53.0140 3436 sptd - detected LockedFile.Multi.Generic (1)
02:53:53.0156 3436 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
02:53:53.0203 3436 sr - ok
02:53:53.0234 3436 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
02:53:53.0265 3436 srservice - ok
02:53:53.0281 3436 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
02:53:53.0312 3436 Srv - ok
02:53:53.0328 3436 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
02:53:53.0390 3436 SSDPSRV - ok
02:53:53.0406 3436 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
02:53:53.0500 3436 stisvc - ok
02:53:53.0515 3436 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:53:53.0578 3436 streamip - ok
02:53:53.0593 3436 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
02:53:53.0671 3436 swenum - ok
02:53:53.0687 3436 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
02:53:53.0750 3436 swmidi - ok
02:53:53.0765 3436 SwPrv - ok
02:53:53.0765 3436 symc810 - ok
02:53:53.0765 3436 symc8xx - ok
02:53:53.0781 3436 sym_hi - ok
02:53:53.0781 3436 sym_u3 - ok
02:53:53.0796 3436 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
02:53:53.0875 3436 sysaudio - ok
02:53:53.0875 3436 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
02:53:53.0937 3436 SysmonLog - ok
02:53:53.0984 3436 [ 98A1E6BC9F766B0B0A5BF00AF847EF20 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
02:53:53.0984 3436 tap0901 ( UnsignedFile.Multi.Generic ) - warning
02:53:53.0984 3436 tap0901 - detected UnsignedFile.Multi.Generic (1)
02:53:54.0000 3436 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
02:53:54.0062 3436 TapiSrv - ok
02:53:54.0078 3436 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:53:54.0109 3436 Tcpip - ok
02:53:54.0125 3436 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
02:53:54.0203 3436 TDPIPE - ok
02:53:54.0218 3436 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
02:53:54.0281 3436 TDTCP - ok
02:53:54.0281 3436 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
02:53:54.0359 3436 TermDD - ok
02:53:54.0375 3436 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
02:53:54.0453 3436 TermService - ok
02:53:54.0468 3436 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
02:53:54.0484 3436 Themes - ok
02:53:54.0515 3436 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
02:53:54.0546 3436 TlntSvr - ok
02:53:54.0546 3436 TosIde - ok
02:53:54.0562 3436 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
02:53:54.0625 3436 TrkWks - ok
02:53:54.0640 3436 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
02:53:54.0703 3436 Udfs - ok
02:53:54.0718 3436 ultra - ok
02:53:54.0750 3436 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
02:53:54.0812 3436 Update - ok
02:53:54.0828 3436 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
02:53:54.0859 3436 upnphost - ok
02:53:54.0875 3436 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
02:53:54.0937 3436 UPS - ok
02:53:54.0968 3436 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:53:55.0046 3436 usbccgp - ok
02:53:55.0062 3436 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:53:55.0125 3436 usbehci - ok
02:53:55.0156 3436 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:53:55.0234 3436 usbhub - ok
02:53:55.0265 3436 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:53:55.0328 3436 USBSTOR - ok
02:53:55.0343 3436 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:53:55.0406 3436 usbuhci - ok
02:53:55.0406 3436 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
02:53:55.0484 3436 usbvideo - ok
02:53:55.0500 3436 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
02:53:55.0578 3436 VgaSave - ok
02:53:55.0578 3436 ViaIde - ok
02:53:55.0578 3436 vnet - ok
02:53:55.0593 3436 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
02:53:55.0671 3436 VolSnap - ok
02:53:55.0687 3436 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
02:53:55.0718 3436 VSS - ok
02:53:55.0734 3436 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
02:53:55.0796 3436 W32Time - ok
02:53:55.0812 3436 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:53:55.0890 3436 Wanarp - ok
02:53:55.0906 3436 WDICA - ok
02:53:55.0906 3436 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
02:53:55.0984 3436 wdmaud - ok
02:53:56.0015 3436 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
02:53:56.0078 3436 WebClient - ok
02:53:56.0140 3436 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
02:53:56.0203 3436 winmgmt - ok
02:53:56.0234 3436 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
02:53:56.0281 3436 WinRM - ok
02:53:56.0296 3436 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
02:53:56.0343 3436 WmdmPmSN - ok
02:53:56.0359 3436 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
02:53:56.0390 3436 Wmi - ok
02:53:56.0421 3436 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:53:56.0500 3436 WmiApSrv - ok
02:53:56.0546 3436 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
02:53:56.0593 3436 WMPNetworkSvc - ok
02:53:56.0593 3436 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:53:56.0609 3436 WpdUsb - ok
02:53:56.0671 3436 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:53:56.0687 3436 WPFFontCache_v0400 - ok
02:53:56.0718 3436 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:53:56.0812 3436 WS2IFSL - ok
02:53:56.0828 3436 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
02:53:56.0906 3436 wscsvc - ok
02:53:56.0906 3436 WSearch - ok
02:53:56.0921 3436 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:53:56.0984 3436 WSTCODEC - ok
02:53:57.0000 3436 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
02:53:57.0062 3436 wuauserv - ok
02:53:57.0093 3436 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:53:57.0140 3436 WudfPf - ok
02:53:57.0140 3436 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:53:57.0156 3436 WudfRd - ok
02:53:57.0156 3436 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
02:53:57.0187 3436 WudfSvc - ok
02:53:57.0234 3436 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
02:53:57.0312 3436 WZCSVC - ok
02:53:57.0343 3436 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
02:53:57.0406 3436 xmlprov - ok
02:53:57.0453 3436 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
02:53:57.0468 3436 YahooAUService - ok
02:53:57.0468 3436 ================ Scan global ===============================
02:53:57.0500 3436 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
02:53:57.0531 3436 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
02:53:57.0546 3436 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
02:53:57.0546 3436 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
02:53:57.0546 3436 [Global] - ok
02:53:57.0546 3436 ================ Scan MBR ==================================
02:53:57.0562 3436 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
02:53:57.0828 3436 \Device\Harddisk0\DR0 - ok
02:53:57.0828 3436 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR5
02:53:57.0953 3436 \Device\Harddisk1\DR5 - ok
02:53:57.0953 3436 ================ Scan VBR ==================================
02:53:57.0953 3436 [ 67C7282CF6517A5455C7A98143CF4379 ] \Device\Harddisk0\DR0\Partition1
02:53:57.0953 3436 \Device\Harddisk0\DR0\Partition1 - ok
02:53:57.0968 3436 [ C5F81E6065A3025467BC58240BF81871 ] \Device\Harddisk0\DR0\Partition2
02:53:57.0968 3436 \Device\Harddisk0\DR0\Partition2 - ok
02:53:57.0968 3436 [ BD08FDAFFFD074A8277B991966FFB91F ] \Device\Harddisk0\DR0\Partition3
02:53:57.0968 3436 \Device\Harddisk0\DR0\Partition3 - ok
02:53:57.0984 3436 [ B706D5009DE54601736CB863A96E295A ] \Device\Harddisk0\DR0\Partition4
02:53:57.0984 3436 \Device\Harddisk0\DR0\Partition4 - ok
02:53:58.0000 3436 [ 1660D0E1463C57731D8671751CB38D06 ] \Device\Harddisk1\DR5\Partition1
02:53:58.0000 3436 \Device\Harddisk1\DR5\Partition1 - ok
02:53:58.0000 3436 ============================================================
02:53:58.0000 3436 Scan finished
02:53:58.0000 3436 ============================================================
02:53:58.0109 1616 Detected object count: 6
02:53:58.0109 1616 Actual detected object count: 6
02:56:39.0718 1616 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
02:56:39.0718 1616 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:56:39.0718 1616 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
02:56:39.0718 1616 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:56:39.0718 1616 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
02:56:39.0718 1616 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:56:39.0718 1616 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
02:56:39.0718 1616 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:56:39.0718 1616 sptd ( LockedFile.Multi.Generic ) - skipped by user
02:56:39.0718 1616 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
Rouge killer logs
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback :
http://www.geekstogo...13-roguekiller/Website :
http://tigzy.geeksto...roguekiller.phpBlog :
http://tigzyrk.blogspot.com/Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Allaho akbar [Admin rights]
Mode : Scan -- Date : 06/01/2013 02:32:54
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
_INLINE_ : NtRequestPort -> HOOKED (Unknown @ 0xB8774CA0)
_INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0xB8774C00)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKS-00V1A0 +++++
--- User ---
[MBR] d34c580656262264258722c15e87e137
[BSP] 1709651ce1ef41903140425779a7e030 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 67381 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 137998350 | Size: 409555 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Kingston DT 101 G2 USB Device +++++
--- User ---
[MBR] cf786e02642c6f15da9b9bc8e3b78aab
[BSP] f2e920cbb348efa659923a6ba441194e : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 3741 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_06012013_02d0232.txt >>
RKreport[1]_S_06012013_02d0232.txt
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback :
http://www.geekstogo...13-roguekiller/Website :
http://tigzy.geeksto...roguekiller.phpBlog :
http://tigzyrk.blogspot.com/Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Allaho akbar [Admin rights]
Mode : Remove -- Date : 06/01/2013 02:46:16
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
_INLINE_ : NtRequestPort -> HOOKED (Unknown @ 0xB8774CA0)
_INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0xB8774C00)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKS-00V1A0 +++++
--- User ---
[MBR] d34c580656262264258722c15e87e137
[BSP] 1709651ce1ef41903140425779a7e030 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 67381 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 137998350 | Size: 409555 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Kingston DT 101 G2 USB Device +++++
--- User ---
[MBR] cf786e02642c6f15da9b9bc8e3b78aab
[BSP] f2e920cbb348efa659923a6ba441194e : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 3741 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_D_06012013_02d0246.txt >>
RKreport[1]_S_06012013_02d0232.txt ; RKreport[2]_D_06012013_02d0246.txt