Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan agent/ Gen-Zbot [Solved]


  • This topic is locked This topic is locked

#31
blink10

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
OTL logfile created on: 6/4/2013 03:47:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Allaho akbar\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.41% Memory free
3.84 Gb Paging File | 2.65 Gb Available in Paging File | 69.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.80 Gb Total Space | 19.67 Gb Free Space | 29.90% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 6.28 Gb Free Space | 6.28% Space Free | Partition Type: NTFS
Drive E: | 150.01 Gb Total Space | 41.90 Gb Free Space | 27.93% Space Free | Partition Type: NTFS
Drive F: | 149.94 Gb Total Space | 39.56 Gb Free Space | 26.38% Space Free | Partition Type: NTFS

Computer Name: ALLAHO-3FEA220E | User Name: Allaho akbar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/04 15:46:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTl.exe
PRC - [2013/06/03 02:33:13 | 003,565,432 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2013/05/23 22:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/23 07:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/05/15 03:08:19 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/03/15 07:47:17 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/12/12 15:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2012/11/18 13:31:37 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/08/25 22:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/07/31 12:39:14 | 000,658,632 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2012/05/31 19:00:26 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2009/03/02 14:06:16 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/23 07:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/23 07:44:06 | 013,136,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013/05/23 07:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/23 07:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013/05/23 07:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013/05/23 07:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2012/05/31 18:58:16 | 000,072,632 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\vulnerability_status_provider.dll
MOD - [2012/05/31 18:57:10 | 001,305,016 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
MOD - [2010/06/13 12:01:28 | 000,410,432 | ---- | M] () -- C:\Program Files\Perfect Uninstaller\Contextmenu.dll
MOD - [2009/03/13 11:30:44 | 000,109,096 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\ycc.dll
MOD - [2009/03/02 14:06:16 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/05/23 22:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/05 00:46:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/03/15 07:47:17 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/28 19:47:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/25 22:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/05/31 19:00:26 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2009/03/02 14:06:16 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\virtualnet.sys -- (vnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vfilter.sys -- (pflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (anhycy12)
DRV - [2013/06/04 15:29:27 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2013/05/25 17:00:12 | 000,115,912 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2013/03/29 21:42:40 | 005,444,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2012/11/28 09:10:35 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/08/25 22:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/05/29 15:55:40 | 000,581,464 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/05/25 19:38:48 | 000,023,896 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012/05/25 19:30:34 | 000,024,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012/05/24 11:34:46 | 000,140,120 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2012/05/12 17:13:34 | 000,043,696 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2012/04/13 13:54:06 | 000,135,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2012/03/27 18:34:20 | 000,039,728 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/01 04:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/06/29 13:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes\{936D9208-EA09-4d41-A0B9-00992EBE65F1}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes\{D9D0C96B-E727-41cc-9320-4708150E9806}: "URL" = http://search.yahoo....icevm&type=IEBD
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Allaho akbar\Application Data\IDM\idmmzcc5 [2013/06/03 02:31:10 | 000,000,000 | ---D | M]

[2012/11/17 11:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allaho akbar\Application Data\Mozilla\Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.microsoft...er=6&ar=msnhome
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\plugin/npABPlugin.dll
CHR - plugin: Internet Download Manager Plugin (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.23_0\IDMGCExt.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.0.3370_0\
CHR - Extension: Safe Money = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.0.3370_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.0.3370_0\
CHR - Extension: IDM Integration = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.14_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: Bitdefender QuickScan = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\
CHR - Extension: Gmail = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.0.3370_0\

O1 HOSTS File: ([2013/06/04 13:59:47 | 000,000,056 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - e:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1003..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1003..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1008..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1008..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1008..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1008..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H File not found
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1008..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1008..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1008..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1008..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: &Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1353063063046 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1353063532625 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36A26C56-4AA9-4FC7-AED2-287C1585DD15}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/15 23:34:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/06/04 15:46:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTl.exe
[2013/06/04 02:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\SUPERAntiSpyware.com
[2013/06/04 02:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/06/04 02:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/06/04 02:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/06/04 01:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\My Documents\call of juarez
[2013/06/04 01:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Call of Juarez
[2013/06/04 01:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Call of Juarez
[2013/06/04 01:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Tracing
[2013/06/04 01:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/06/04 01:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2013/06/04 01:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2013/06/04 01:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2013/06/04 01:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/06/04 01:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2013/06/04 01:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2013/06/04 00:59:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/06/04 00:59:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/06/04 00:59:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/06/04 00:59:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/06/03 23:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\QuickScan
[2013/06/03 18:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Desktop\Tarkan - Olurum Sana 1997
[2013/06/02 22:18:04 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3231422.dll
[2013/06/02 22:18:04 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco3231422.dll
[2013/06/02 21:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2013/06/02 17:41:49 | 015,668,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2013/06/02 17:41:49 | 000,223,008 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2013/06/02 17:41:49 | 000,144,160 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2013/06/02 17:41:49 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2013/06/02 17:40:59 | 000,888,168 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll
[2013/06/02 17:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\NVIDIA
[2013/06/01 23:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2013/06/01 23:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2013/06/01 23:27:00 | 006,074,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
[2013/06/01 23:26:59 | 019,689,472 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2013/06/01 23:26:59 | 017,551,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2013/06/01 23:26:59 | 007,745,536 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2013/06/01 23:26:59 | 002,733,344 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2013/06/01 23:26:59 | 002,490,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2013/06/01 23:26:59 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2013/06/01 23:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Call of Juarez - Bound in Blood
[2013/06/01 23:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Call of Juarez - Bound in Blood
[2013/06/01 17:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Malwarebytes
[2013/06/01 17:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/01 17:14:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/01 17:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/01 15:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\My Documents\Call of Juarez - Bound in Blood
[2013/06/01 03:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/06/01 03:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/06/01 02:30:28 | 000,000,000 | ---D | C] -- C:\ProcessExplorer
[2013/05/29 01:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2013/05/29 01:25:00 | 003,649,536 | ---- | C] (x264vfw project) -- C:\WINDOWS\System32\x264vfw.dll
[2013/05/29 01:25:00 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2013/05/29 01:24:59 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2013/05/28 16:41:53 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2013/05/28 16:06:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/05/28 15:34:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/05/27 17:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Shrew Soft VPN
[2013/05/27 17:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Shrew Soft VPN
[2013/05/27 14:23:20 | 000,079,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstIIXP.dll
[2013/05/27 14:23:20 | 000,011,368 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoLDRXP.dll
[2013/05/25 01:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Darksiders2
[2013/05/22 14:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2013/05/22 14:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Sun
[2013/05/22 14:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2013/05/22 14:14:42 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/05/22 14:14:42 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/05/22 14:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/05/22 14:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Sun
[2013/05/19 03:33:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2013/05/18 16:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\My Documents\StreamTransport
[2013/05/10 15:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/05/10 15:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Power MP3 Cutter
[2013/05/10 15:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Power MP3 Recorder Cutter
[2013/05/10 15:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\Power Mp3 Recorder Cutter
[2013/05/05 20:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/05/05 20:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013/05/05 20:12:42 | 000,581,464 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2013/05/05 20:12:42 | 000,067,928 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klflt.sys

========== Files - Modified Within 30 Days ==========

[2013/06/04 15:46:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTl.exe
[2013/06/04 15:43:00 | 000,000,842 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/04 15:43:00 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/04 15:35:58 | 000,001,490 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/06/04 15:29:40 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1606980848-839522115-1003.job
[2013/06/04 15:29:38 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1606980848-839522115-1003.job
[2013/06/04 15:29:27 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2013/06/04 15:29:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/04 14:24:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/04 14:02:08 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003UA.job
[2013/06/04 13:59:47 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/06/04 02:47:07 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/04 01:40:38 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Call of Juarez DX9.lnk
[2013/06/04 01:03:45 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Update Checker.lnk
[2013/06/04 00:46:55 | 000,361,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/02 22:18:39 | 001,083,296 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/06/02 22:18:39 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/06/02 22:18:35 | 001,083,296 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/06/02 18:10:53 | 000,527,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/02 18:10:53 | 000,096,430 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/06/02 17:41:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/06/02 13:17:31 | 000,003,908 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\RpcSs.reg
[2013/06/02 13:17:31 | 000,001,054 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\LEGACY_RPCSS.reg
[2013/06/01 23:41:06 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Play Call of Juarez - Bound in Blood.lnk
[2013/06/01 23:21:16 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Call of Juarez - Bound in Blood.lnk
[2013/06/01 20:01:00 | 000,001,004 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003Core.job
[2013/06/01 17:14:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/01 15:50:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/06/01 01:32:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/27 02:18:52 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/05/25 17:00:12 | 000,115,912 | ---- | M] (Tonec Inc.) -- C:\WINDOWS\System32\drivers\idmtdi.sys
[2013/05/22 14:14:24 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/05/22 14:14:24 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/05/21 00:59:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/05/19 03:31:22 | 000,002,072 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013/05/18 16:45:13 | 001,933,948 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\My Documents\politicsofpronunciation - Politics of pronunciation Webcast.flv
[2013/05/18 13:19:16 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Rosetta Stone Version 3.lnk
[2013/05/17 11:29:02 | 003,123,421 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Beyond Samsung.mp3
[2013/05/15 12:22:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/12 15:31:50 | 000,001,088 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to UpdateUtility-Gui.lnk
[2013/05/12 00:10:27 | 000,000,413 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to ross.lnk
[2013/05/10 20:44:32 | 000,002,009 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Alpha - Chrome.lnk
[2013/05/10 15:48:36 | 000,002,017 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Slice - Chrome.lnk
[2013/05/10 15:22:18 | 001,205,855 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa ya balady - Dalida.mp3
[2013/05/10 15:18:22 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power Mp3 Recorder.lnk
[2013/05/10 15:18:21 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Classic.lnk
[2013/05/10 15:18:21 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Pro.lnk
[2013/05/10 14:58:09 | 009,694,386 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa Ya Balady - Dalida (Egypt My Beautiful Home Land) - YouTube_2.mp4
[2013/05/07 06:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/05 20:16:48 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Safe Money.lnk
[2013/05/05 20:13:50 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk

========== Files Created - No Company Name ==========

[2013/06/04 02:47:07 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/04 01:40:38 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Call of Juarez DX9.lnk
[2013/06/04 01:03:45 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Start Menu\Programs\Update Checker.lnk
[2013/06/04 01:03:45 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Update Checker.lnk
[2013/06/04 00:59:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/06/04 00:59:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/06/04 00:59:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/06/04 00:59:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/06/04 00:59:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/06/02 18:11:16 | 000,374,386 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/06/02 17:46:12 | 000,001,490 | ---- | C] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/06/02 13:17:57 | 000,003,908 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\RpcSs.reg
[2013/06/02 13:17:57 | 000,001,054 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\LEGACY_RPCSS.reg
[2013/06/01 23:41:06 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Play Call of Juarez - Bound in Blood.lnk
[2013/06/01 23:33:26 | 001,083,296 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/06/01 23:33:26 | 001,083,296 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/06/01 23:33:26 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/06/01 23:33:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/06/01 23:27:00 | 000,016,514 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/06/01 23:26:59 | 002,288,632 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/06/01 23:21:16 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Call of Juarez - Bound in Blood.lnk
[2013/06/01 17:14:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/29 01:25:00 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/05/29 01:25:00 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/05/29 01:25:00 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2013/05/29 01:24:57 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/05/27 14:23:18 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/05/18 16:44:01 | 001,933,948 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\My Documents\politicsofpronunciation - Politics of pronunciation Webcast.flv
[2013/05/12 15:31:50 | 000,001,088 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to UpdateUtility-Gui.lnk
[2013/05/12 00:10:27 | 000,000,413 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to ross.lnk
[2013/05/10 15:48:35 | 000,002,017 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Slice - Chrome.lnk
[2013/05/10 15:23:41 | 003,123,421 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Beyond Samsung.mp3
[2013/05/10 15:21:34 | 001,205,855 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa ya balady - Dalida.mp3
[2013/05/10 15:18:22 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power Mp3 Recorder.lnk
[2013/05/10 15:18:21 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Classic.lnk
[2013/05/10 15:18:21 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Pro.lnk
[2013/05/10 14:56:20 | 009,694,386 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa Ya Balady - Dalida (Egypt My Beautiful Home Land) - YouTube_2.mp4
[2013/05/05 20:16:48 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Safe Money.lnk
[2013/05/05 20:14:02 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013/04/06 02:33:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/03 13:12:52 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\SecurityKISSTunnel.config
[2012/11/27 17:33:34 | 000,001,995 | ---- | C] () -- C:\WINDOWS\AccMling.ini
[2012/11/20 17:50:04 | 021,161,332 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\SKIDROW.rar
[2012/11/18 14:28:28 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/11/17 20:52:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/11/17 11:27:11 | 000,002,072 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/11/16 15:32:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/11/16 14:59:34 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/16 11:41:15 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\WebpageIcons.db
[2012/11/16 10:27:35 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012/11/16 10:22:13 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2012/11/16 10:22:13 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2012/11/16 01:23:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/11/16 01:23:00 | 000,361,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/15 23:36:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/11/15 23:32:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012/11/16 18:13:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/17 17:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2012/11/17 17:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zbshareware Lab
[2013/05/10 15:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/03/29 15:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IDM
[2013/05/03 22:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2012/11/19 20:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RELOADED
[2013/05/18 14:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2013/05/27 17:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shrew Soft VPN
[2013/03/29 19:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steam
[2012/11/17 11:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2013/03/24 17:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Audacity
[2013/03/17 14:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\cald3
[2012/12/15 17:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\calibre
[2013/06/04 01:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Call of Juarez
[2013/06/01 23:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Call of Juarez - Bound in Blood
[2012/11/16 14:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\DAEMON Tools
[2013/06/04 15:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\DMCache
[2013/03/11 13:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Doublefine
[2013/04/12 20:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\FreeArc
[2013/06/03 02:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\IDM
[2013/04/13 02:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\OmegaT
[2013/04/13 01:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\OpenOffice.org
[2013/05/10 15:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Power MP3 Cutter
[2012/11/23 14:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Product_RM
[2013/06/03 23:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\QuickScan
[2012/11/16 18:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Windows Desktop Search
[2012/11/16 18:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Windows Search
[2012/11/17 11:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Zbshareware Lab

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 05:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 05:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 15:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 05:41:52 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 19:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Services.exe -- (Eventlog)
SRV - [2008/04/14 05:41:54 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 05:42:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 05:42:24 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 05:41:54 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 05:42:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 05:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 05:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 18:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Services.exe -- (PlugPlay)
SRV - [2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 05:42:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 05:42:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 14:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 05:42:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 05:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 07:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 05:42:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 05:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 05:42:08 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 05:42:40 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 05:41:52 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 05:41:56 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 05:42:10 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 05:42:30 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 05:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 14:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 05:41:54 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 05:42:12 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 08:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcSs /s >
"Description" = Provides the endpoint mapper and other miscellaneous RPC services.
"DisplayName" = Remote Procedure Call (RPC)
"ErrorControl" = 1
"Group" = COM Infrastructure
"ImagePath" = %SystemRoot%\system32\svchost.exe -k rpcss -- [2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation)
"ObjectName" = NT Authority\NetworkService
"Start" = 2
"Type" = 16
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 60 EA 00 00 [binary data]
"ServiceSidType" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcSs\Parameters]
"ServiceDll" = %SystemRoot%\system32\rpcss.dll -- [2009/02/09 14:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcSs\Security]
"Security" = 01 00 14 80 A8 00 00 00 B4 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 78 00 05 00 00 00 00 00 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 18 00 8D 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 00 00 14 00 9D 00 00 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 18 00 9D 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcSs\Enum]
"0" = Root\LEGACY_RPCSS\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RPCSS /s >
"NextInstance" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RPCSS\0000]
"Service" = RpcSs -- [2009/02/09 14:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
"Legacy" = 1
"ConfigFlags" = 32
"Class" = LegacyDriver
"ClassGUID" = {8ECC055D-047F-11D1-A537-0000F8753ED1}
"DeviceDesc" = Remote Procedure Call (RPC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RPCSS\0000\Control]
"ActiveService" = RpcSs -- [2009/02/09 14:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)

< %SYSTEMDRIVE%\*.exe >

< C:\windows\*. /RP /s >
[2012/11/15 23:33:14 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012/11/15 23:37:34 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012/11/17 11:25:34 | 000,000,838 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2012/11/17 11:25:34 | 000,000,842 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012/11/18 13:36:51 | 000,000,300 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1606980848-839522115-1003.job
[2012/11/28 19:47:17 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012/12/14 13:00:47 | 000,000,292 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1606980848-839522115-1003.job
[2012/12/15 19:56:51 | 000,001,004 | ---- | C] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003Core.job
[2012/12/15 19:56:51 | 000,001,026 | ---- | C] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003UA.job

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is F868-6FBE
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
05/15/2013 12:27 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
05/15/2013 12:27 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
06/02/2013 06:09 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
06/02/2013 06:10 PM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 21,079,822,336 bytes free

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >











OTL Extras logfile created on: 6/4/2013 03:47:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Allaho akbar\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.41% Memory free
3.84 Gb Paging File | 2.65 Gb Available in Paging File | 69.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.80 Gb Total Space | 19.67 Gb Free Space | 29.90% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 6.28 Gb Free Space | 6.28% Space Free | Partition Type: NTFS
Drive E: | 150.01 Gb Total Space | 41.90 Gb Free Space | 27.93% Space Free | Partition Type: NTFS
Drive F: | 149.94 Gb Total Space | 39.56 Gb Free Space | 26.38% Space Free | Partition Type: NTFS

Computer Name: ALLAHO-3FEA220E | User Name: Allaho akbar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-299502267-1606980848-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"F:\Program Files\Counter-Strike 1.6\hl.exe" = F:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0610.1
"{0830C2E8-01B9-4CD1-B218-12B0107D5BED}" = calibre
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}" = Nero 7 Essentials
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DA9D7E6-8F69-4171-9007-81B0A84C83F6}" = CDisplay
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4A8FCAB-9D30-4509-A3F1-D0B7E1BE9F00}" = Devil May Cry 3 Special Edition
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.3
"Blueline_is1" = Blueline 1.1.1
"Call of Juarez - Bound in Blood_is1" = Call of Juarez - Bound in Blood
"Call of Juarez_is1" = Call of Juarez
"Counter-Strike 1.6" = Counter-Strike 1.6
"EasyLingoV1" = EasyLingo v2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fass" = Pawsoft Fass
"FileHippo.com" = FileHippo.com Update Checker
"FormatFactory" = FormatFactory 3.0.1
"FreeArc" = FreeArc 0.666
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NSIS_cald3" = Cambridge Advanced Learner's Dictionary - 3rd Edition
"OmegaT 2.6.3_is1" = OmegaT version 2.6.3
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"Power MP3 Recorder Cutter_is1" = Power MP3 Recorder Cutter v6.2
"QUICKfind" = QUICKfind server v1.1
"RealPlayer 15.0" = RealPlayer
"Sandboxie" = Sandboxie 3.74 (32-bit)
"SecurityKISS Tunnel_is1" = SecurityKISS Tunnel v0.3.0
"SpywareBlaster_is1" = SpywareBlaster 5.0
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.6
"USB Disk Security_is1" = USB Disk Security
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/4/2013 07:54:02 AM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/4/2013 07:54:03 AM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

Error - 6/4/2013 07:54:03 AM | Computer Name = ALLAHO-3FEA220E | Source = NativeWrapper | ID = 5000
Description =

Error - 6/4/2013 08:02:07 AM | Computer Name = ALLAHO-3FEA220E | Source = Google Update | ID = 20
Description =

Error - 6/4/2013 08:23:53 AM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/4/2013 08:23:53 AM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\ALLAHO~1\LOCALS~1\Temp\MSI1ede8.LOG.

Error - 6/4/2013 08:33:52 AM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/4/2013 08:33:52 AM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\ALLAHO~1\LOCALS~1\Temp\MSI3fcc1.LOG.

Error - 6/4/2013 08:58:39 AM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/4/2013 08:58:46 AM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\ALLAHO~1\LOCALS~1\Temp\MSI3797a.LOG.

[ System Events ]
Error - 6/3/2013 06:29:22 PM | Computer Name = ALLAHO-3FEA220E | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/3/2013 06:29:22 PM | Computer Name = ALLAHO-3FEA220E | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/3/2013 06:40:21 PM | Computer Name = ALLAHO-3FEA220E | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/3/2013 06:59:00 PM | Computer Name = ALLAHO-3FEA220E | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/3/2013 08:21:42 PM | Computer Name = ALLAHO-3FEA220E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

Error - 6/3/2013 09:11:24 PM | Computer Name = ALLAHO-3FEA220E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

Error - 6/4/2013 04:49:46 AM | Computer Name = ALLAHO-3FEA220E | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 6CF049D17FAE has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/4/2013 07:51:40 AM | Computer Name = ALLAHO-3FEA220E | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 6CF049D17FAE has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/4/2013 07:59:11 AM | Computer Name = ALLAHO-3FEA220E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

Error - 6/4/2013 08:43:00 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}


< End of report >
  • 0

Advertisements


#32
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

Please redo post #10 where you merge the reg file for RpcSs.reg only.



Step 2.

We want to make the hosts file protected.

Please try this utility below to accomplish this.

Download the HostsXpert 4.3 - Hosts File Manager.

  • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.3 - Hosts File Manager
  • Run HostsXpert 4.3 - Hosts File Manager from the folder you extracted it to
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Let me know how this works.
  • 0

#33
blink10

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Forbidden
You don't have permission to access /download/HostsXpert.zip on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.


  • 0

#34
blink10

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
I cant even open that site
  • 0

#35
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Try this link
  • 0

#36
blink10

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
done , thank you CompCav
  • 0

#37
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
We will need to get a baseline for the delays on startup.

So with it booting normally please do the following two steps.

Step 1.

Boot Logging

When you boot, press F8 to get into the boot menu.

There select "enable boot logging" , select normal XP windows, and try to boot your PC normally.

After it boots up then locate the file ntblog.txt in the windows directory and post it in your next reply.


Step 2.

Download and extract autoruns from this page onto your desktop.

Then run autoruns.

Make sure the Everything tab is showing then save the file autoruns.arn on your desktop. File > Save > autoruns check 1, it will save as an .arn file.
Please zip this file then attach it to your next post.



What I need from you:

  • Post ntblog.txt
  • Attach autoruns.arn file

  • 0

#38
blink10

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
NTLOG is too long for the site editor to post so I uploaded it as well

Attached Files


  • 0

#39
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Please rerun autoruns and uncheck the following lines then reboot.


Google Chrome Google Chrome Google Inc. c:\program files\google\chrome\application\27.0.1453.94\installer\chrmstp.exe 5/23/2013 3:13 AM

msnmsgr File not found: C:\Program Files\Windows Live\Messenger\msnmsgr.exe

BCSShellMenuExt Babylon Compressor Menu Extention Babylon Ltd. f:\program files\babylon\babylon-pro\utils\babylondoctranslationpi.dll 2/26/2013 3:55 PM

BCSShellMenuExt Babylon Compressor Menu Extention Babylon Ltd. f:\program files\babylon\babylon-pro\utils\babylondoctranslationpi.dll 2/26/2013 3:55 PM

FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003Core.job Facebook Installer Facebook Inc. c:\documents and settings\allaho akbar\local settings\application data\facebook\update\facebookupdate.exe 7/2/2012 11:07 PM

FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003UA.job Facebook Installer Facebook Inc. c:\documents and settings\allaho akbar\local settings\application data\facebook\update\facebookupdate.exe 7/2/2012 11:07 PM


Then see if it comes up faster.


Regards,

CompCav
  • 0

#40
blink10

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
It says "settings from loaded scans cannot be modified "
  • 0

Advertisements


#41
blink10

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
Ok I managed to do it and there is no change
  • 0

#42
blink10

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
There are entries marked in pink in autoruns , what does that mean??
  • 0

#43
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Just worth more investigation.
  • 0

#44
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
We need to get a fresh boot log. There are several drivers not loading on earlier boots (pre 06 04).
  • Please delete the ntblog.txt in your windows sub directory.
  • Then reboot tapping F8 to bring up advanced options.
  • Select Enable Bootlogging
  • Select your Windows XP
  • After it finishes booting please retrieve the new ntblog.txt from the windows subdirectory and post the contents in your next reply.

  • 0

#45
blink10

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
here is the file

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP