OTL logfile created on: 1/16/2010 12:01:36 PM - Run 1 OTL by OldTimer - Version 3.1.25.1 Folder = C:\Users\Ahmad Ashraf Lukman\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 80.08 Gb Total Space | 6.72 Gb Free Space | 8.39% Space Free | Partition Type: NTFS Drive D: | 218.00 Gb Total Space | 130.72 Gb Free Space | 59.97% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DARKPIERROT Current User Name: Ahmad Ashraf Lukman Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/01/16 10:10:25 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmad Ashraf Lukman\Desktop\OTL.exe PRC - [2010/01/07 16:07:10 | 00,429,392 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/01/07 16:07:10 | 00,236,368 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/01/01 22:06:15 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/12/28 17:24:40 | 02,940,664 | ---- | M] (www.BitComet.com) -- D:\Program Files\BitComet\BitComet.exe PRC - [2009/11/25 21:58:59 | 03,171,760 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe PRC - [2009/11/20 20:33:00 | 00,122,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe PRC - [2009/10/15 17:51:51 | 00,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe PRC - [2009/08/26 08:09:09 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe PRC - [2009/08/03 13:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/07/29 16:07:54 | 01,033,448 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe PRC - [2009/07/28 18:36:02 | 00,231,992 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2009/07/24 10:32:50 | 01,593,344 | ---- | M] () -- C:\Program Files\ASUS\Wireless Console 3\wcourier.exe PRC - [2009/07/23 10:30:06 | 00,544,768 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2009/07/22 17:58:46 | 00,017,976 | ---- | M] () -- C:\Program Files\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009/07/14 09:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/07 11:20:56 | 08,493,624 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009/05/18 15:58:38 | 00,305,720 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe PRC - [2009/04/23 21:24:44 | 00,178,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe PRC - [2009/04/20 11:09:30 | 00,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2009/04/09 21:17:08 | 00,237,568 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe PRC - [2009/04/08 15:37:12 | 04,319,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OSPPSVC.EXE PRC - [2009/04/01 21:05:34 | 00,098,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe PRC - [2008/12/22 17:15:34 | 00,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe PRC - [2008/08/13 20:59:52 | 00,100,920 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe PRC - [2008/08/13 16:21:56 | 02,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2008/07/07 23:46:45 | 00,416,768 | ---- | M] (Stardock Corporation) -- D:\Program Files\Stardock\CursorFX\CursorFX.exe PRC - [2007/08/08 00:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2005/07/06 15:43:42 | 00,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/01/16 10:10:25 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmad Ashraf Lukman\Desktop\OTL.exe MOD - [2009/07/14 09:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009/07/14 09:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009/07/14 09:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009/07/14 09:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009/07/14 09:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009/07/14 09:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009/07/14 09:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009/07/14 09:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009/07/14 09:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009/07/14 09:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009/07/14 09:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010/01/07 16:07:10 | 00,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/01/01 00:34:16 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/11/20 20:33:00 | 00,122,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc) SRV - [2009/08/26 08:09:09 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security) SRV - [2009/07/23 17:13:38 | 00,306,232 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\System32\Fast Boot\FastBootAgent.exe -- (FastBootAgent) SRV - [2009/07/14 09:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009/07/14 09:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009/07/14 09:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009/07/14 09:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009/07/14 09:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009/07/14 09:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009/07/14 09:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 09:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 09:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009/07/14 09:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009/07/14 09:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/14 09:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009/07/14 09:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/07/14 09:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009/07/14 09:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/07/14 09:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009/07/14 09:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009/07/14 09:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009/07/14 09:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV) SRV - [2009/07/14 09:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009/07/14 09:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2009/04/25 18:18:48 | 33,480,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2009/04/08 15:37:12 | 04,319,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\OSPPSVC.EXE -- (osppsvc) SRV - [2009/04/08 15:31:36 | 00,163,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2008/08/13 20:59:52 | 00,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2007/08/08 00:08:40 | 00,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007/08/03 12:24:54 | 00,125,496 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-my IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC A9 D8 5C F0 94 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local O1 HOSTS File: (824 bytes) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [BitComet] D:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O4 - HKCU..\Run: [CursorFX] D:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation) O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.) O4 - Startup: C:\Users\Ahmad Ashraf Lukman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk = C:\Users\Ahmad Ashraf Lukman\AppData\Roaming\Microsoft\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &D&ownload &with BitComet - D:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all video with BitComet - D:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all with BitComet - D:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm () O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: S&end to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - D:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\idmmbc.dll (Tonec Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\idmmbc.dll (Tonec Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\idmmbc.dll (Tonec Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\idmmbc.dll (Tonec Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\idmmbc.dll (Tonec Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\idmmbc.dll (Tonec Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\idmmbc.dll (Tonec Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\idmmbc.dll (Tonec Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\idmmbc.dll (Tonec Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\idmmbc.dll (Tonec Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\idmmbc.dll (Tonec Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.188.0.133 202.188.1.5 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - D:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/11 05:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /r \??\D:) - File not found O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2009/07/14 10:37:08 | 00,000,000 | ---D | M] NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [2010/01/16 10:10:25 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\Ahmad Ashraf Lukman\Desktop\OTL.exe [2010/01/16 10:08:40 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Ahmad Ashraf Lukman\Desktop\TFC.exe [2010/01/16 08:54:37 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW [2010/01/16 08:49:50 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010/01/16 08:26:57 | 00,176,392 | ---- | C] (Kaspersky Lab) -- C:\Users\Ahmad Ashraf Lukman\Desktop\TDSSKiller.exe [2010/01/15 01:20:41 | 00,000,000 | ---D | C] -- C:\Windows\temp [2010/01/14 17:12:01 | 00,000,000 | ---D | C] -- C:\Users\Ahmad Ashraf Lukman\AppData\Local\temp [2010/01/14 15:56:55 | 00,000,000 | ---D | C] -- C:\Users\Ahmad Ashraf Lukman\Desktop\XDelBox [2010/01/10 17:13:06 | 00,000,000 | ---D | C] -- C:\Combo-Fix [2010/01/10 17:08:53 | 00,000,000 | ---D | C] -- C:\Windows\Minidump [2010/01/10 16:53:56 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/01/09 20:30:38 | 00,000,000 | ---D | C] -- C:\Users\Ahmad Ashraf Lukman\AppData\Local\GPUMonitor [2010/01/07 20:51:29 | 00,000,000 | ---D | C] -- C:\Users\Ahmad Ashraf Lukman\Desktop\New folder [2010/01/07 10:35:55 | 00,000,000 | ---D | C] -- C:\Config.Msi [2010/01/07 10:34:42 | 00,000,000 | ---D | C] -- C:\Windows\System32\AGEIA [2010/01/07 10:34:41 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2010/01/07 10:34:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010/01/07 10:34:04 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2010/01/07 10:32:21 | 00,076,392 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2010/01/07 10:32:15 | 00,000,000 | ---D | C] -- C:\NVIDIA [2010/01/05 18:59:39 | 00,000,000 | ---D | C] -- C:\Users\Ahmad Ashraf Lukman\Library [2010/01/05 18:59:39 | 00,000,000 | ---D | C] -- C:\Users\Ahmad Ashraf Lukman\AppData\Roaming\com.adobe.ExMan [2010/01/04 22:10:03 | 00,000,000 | ---D | C] -- C:\Users\Ahmad Ashraf Lukman\Desktop\Biotechno [2010/01/02 18:49:35 | 00,000,000 | ---D | C] -- C:\Downloads [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [2010/01/16 12:03:04 | 03,145,728 | -HS- | M] () -- C:\Users\Ahmad Ashraf Lukman\NTUSER.DAT [2010/01/16 11:52:27 | 00,022,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/01/16 11:52:27 | 00,022,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/01/16 11:51:37 | 00,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe [2010/01/16 11:51:18 | 00,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/01/16 11:51:18 | 00,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/01/16 11:51:18 | 00,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/01/16 11:47:00 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/01/16 11:46:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/01/16 11:46:39 | 28,179,98848 | -HS- | M] () -- C:\hiberfil.sys [2010/01/16 11:37:34 | 01,072,126 | -H-- | M] () -- C:\Users\Ahmad Ashraf Lukman\AppData\Local\IconCache.db [2010/01/16 11:18:00 | 00,000,964 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-816264750-1808010721-2845045166-1000UA.job [2010/01/16 10:10:25 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmad Ashraf Lukman\Desktop\OTL.exe [2010/01/16 10:08:45 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmad Ashraf Lukman\Desktop\TFC.exe [2010/01/16 10:08:29 | 00,284,915 | ---- | M] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\gmer.zip [2010/01/16 08:48:23 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini [2010/01/16 08:25:33 | 00,152,401 | ---- | M] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\tdsskiller.zip [2010/01/15 23:44:54 | 04,143,931 | ---- | M] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\T-shirt ptb50 formal.psd [2010/01/15 22:11:04 | 00,828,045 | ---- | M] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\T-shirt ptb50 finale.jpg [2010/01/15 22:10:24 | 06,161,009 | ---- | M] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\T-shirt ptb50 finale.psd [2010/01/15 00:57:07 | 00,000,678 | ---- | M] () -- C:\Windows\RegGenie.ini [2010/01/14 15:48:09 | 00,897,635 | ---- | M] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\XDelBox.zip [2010/01/14 15:26:45 | 00,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-816264750-1808010721-2845045166-1000Core.job [2010/01/14 15:01:07 | 00,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml [2010/01/14 15:01:07 | 00,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2010/01/13 08:44:14 | 00,176,392 | ---- | M] (Kaspersky Lab) -- C:\Users\Ahmad Ashraf Lukman\Desktop\TDSSKiller.exe [2010/01/13 06:54:31 | 00,647,541 | ---- | M] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\ptbnewlogo copy.png [2010/01/11 23:39:19 | 00,025,313 | ---- | M] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\Englsh project paper.docx [2010/01/11 07:33:36 | 00,036,864 | ---- | M] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\Tutorial Pharm Econ.doc [2010/01/11 00:30:58 | 00,040,960 | ---- | M] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\Englsh project paper.doc [2010/01/10 18:46:01 | 00,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\pgdfgsvc.exe [2010/01/10 01:24:19 | 00,022,087 | ---- | M] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\Tutorial Pharm Econ.docx [2010/01/08 07:08:26 | 02,575,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/01/08 02:19:40 | 00,134,120 | ---- | M] () -- C:\Users\Ahmad Ashraf Lukman\AppData\Local\GDIPFONTCACHEV1.DAT [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/01/05 14:51:38 | 00,000,000 | -H-- | M] () -- C:\Users\Ahmad Ashraf Lukman\Documents\Default.rdp [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/01/16 10:22:20 | 00,293,376 | ---- | C] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\gmer.exe [2010/01/16 10:08:25 | 00,284,915 | ---- | C] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\gmer.zip [2010/01/16 08:25:40 | 00,152,401 | ---- | C] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\tdsskiller.zip [2010/01/15 23:44:49 | 04,143,931 | ---- | C] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\T-shirt ptb50 formal.psd [2010/01/15 21:09:21 | 00,828,045 | ---- | C] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\T-shirt ptb50 finale.jpg [2010/01/15 21:09:07 | 06,161,009 | ---- | C] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\T-shirt ptb50 finale.psd [2010/01/14 15:45:14 | 00,897,635 | ---- | C] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\XDelBox.zip [2010/01/13 06:54:24 | 00,647,541 | ---- | C] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\ptbnewlogo copy.png [2010/01/11 07:33:34 | 00,036,864 | ---- | C] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\Tutorial Pharm Econ.doc [2010/01/11 00:30:54 | 00,040,960 | ---- | C] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\Englsh project paper.doc [2010/01/10 16:54:02 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe [2010/01/10 16:54:02 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010/01/09 16:13:10 | 00,022,087 | ---- | C] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\Tutorial Pharm Econ.docx [2010/01/08 23:44:58 | 00,025,313 | ---- | C] () -- C:\Users\Ahmad Ashraf Lukman\Desktop\Englsh project paper.docx [2010/01/07 10:32:22 | 00,007,133 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2010/01/05 14:51:38 | 00,000,000 | -H-- | C] () -- C:\Users\Ahmad Ashraf Lukman\Documents\Default.rdp [2010/01/02 13:59:21 | 00,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml [2010/01/02 13:59:21 | 00,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2010/01/01 16:15:45 | 00,021,035 | ---- | C] () -- C:\Users\Ahmad Ashraf Lukman\AppData\Local\Perfmon.PerfmonCfg [2009/12/25 14:31:54 | 00,233,472 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009/12/07 18:09:30 | 00,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini [2009/11/27 10:03:54 | 00,007,597 | ---- | C] () -- C:\Users\Ahmad Ashraf Lukman\AppData\Local\Resmon.ResmonCfg [2009/11/26 22:40:50 | 00,000,678 | ---- | C] () -- C:\Windows\RegGenie.ini [2009/11/10 22:43:48 | 00,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2009/11/10 22:16:19 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009/11/10 21:08:38 | 01,766,592 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2009/11/10 21:08:38 | 00,035,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2009/08/03 00:21:54 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009/07/14 07:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 07:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/02/28 07:18:28 | 00,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll [color=#E56717]========== LOP Check ==========[/color] [2010/01/05 18:59:39 | 00,000,000 | ---D | M] -- C:\Users\Ahmad Ashraf Lukman\AppData\Roaming\com.adobe.ExMan [2010/01/16 11:47:54 | 00,000,000 | ---D | M] -- C:\Users\Ahmad Ashraf Lukman\AppData\Roaming\DMCache [2009/11/26 12:01:41 | 00,000,000 | ---D | M] -- C:\Users\Ahmad Ashraf Lukman\AppData\Roaming\FFSJ [2009/11/24 14:58:26 | 00,000,000 | ---D | M] -- C:\Users\Ahmad Ashraf Lukman\AppData\Roaming\GuiltyGearIsuka [2009/12/31 07:05:32 | 00,000,000 | ---D | M] -- C:\Users\Ahmad Ashraf Lukman\AppData\Roaming\IDM [2009/11/10 22:50:08 | 00,000,000 | ---D | M] -- C:\Users\Ahmad Ashraf Lukman\AppData\Roaming\URSoft [2009/07/14 12:53:46 | 00,028,012 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009/07/14 09:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys [2009/07/14 09:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 09:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 09:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009/07/14 09:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009/07/14 09:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 09:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 09:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color] [2009/07/14 09:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll [2009/07/14 09:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 09:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [color=#A23BEC]< MD5 for: IASTORV.SYS >[/color] [2009/07/14 09:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/14 09:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 09:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2009/07/14 09:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll [2009/07/14 09:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 09:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll [color=#A23BEC]< MD5 for: NVRD32.SYS >[/color] [2009/10/21 17:58:46 | 00,139,296 | ---- | M] (NVIDIA Corporation) MD5=85CD20083368E4AEF24706E649722CE9 -- C:\Users\Ahmad Ashraf Lukman\My Documents\Windows 7 Asus K40IN Drivers\Chipset_nVidia_WIN7_32_1546\IDE\Win7\sataraid\nvrd32.sys [color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color] [2009/07/14 09:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/14 09:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 09:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys [color=#A23BEC]< MD5 for: NVSTOR32.SYS >[/color] [2009/10/21 17:58:46 | 00,212,000 | ---- | M] (NVIDIA Corporation) MD5=3A1A03FF72DF7114B35AE0FD6781464D -- C:\Users\Ahmad Ashraf Lukman\My Documents\Windows 7 Asus K40IN Drivers\Chipset_nVidia_WIN7_32_1546\IDE\Win7\sataraid\nvstor32.sys [2009/10/21 17:58:47 | 00,213,024 | ---- | M] (NVIDIA Corporation) MD5=9748F2BEE2100066571AE0651DB03513 -- C:\Users\Ahmad Ashraf Lukman\My Documents\Windows 7 Asus K40IN Drivers\Chipset_nVidia_WIN7_32_1546\IDE\Win7\sata_ide\nvstor32.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2009/07/14 09:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll [2009/07/14 09:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 09:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:B3D74A13 @Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:1CE11B51 < End of report >