TheTechGuide Forum
General Category => Tech Clinic => Topic started by: faraz on January 14, 2011, 11:16:50 AM
-
the Problem i m facing is of strange nature
[color="#FF0000"]while using internet my desktop appearance blinks changes to classic window appearance & then reverts backs to its original xp appearance[/color]
but after that my audio stops working & i m not able to use internet......
in order to rectify audio problem i hav to go to control panel and add hardware......
but lan/internet problem persists there & i have to restart the pc in oder to get connect to internet again
while posting this topic i have to restart my pc at least 4 to 5 times
plz help me out of this trouble
***********************************************************************************
Logfile of Trend Micro HijackThis v2.0.4Scan saved at 9:09:35 PM, on 1/14/2011Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\Internet Download Manager\IDMan.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Documents and Settings\ALI\Desktop\HijackThis.exeR3 - URLSearchHook: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dllO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dllO2 - BHO: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO3 - Toolbar: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dllO3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dllO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htmO8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htmO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exeO23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe--End of file - 6668 bytes
-
I am facing a strange kind of problem......
i hav installed kasper antvirus and one of spyware remover recommended in one of your topics
[color="#FF0000"]but while using internet suddenly appearance of windows xp blinks & changed to classic appearance [/color]
[color="#FF0000"]
[/color]
[color="#FF0000"]but just after a moment it reverts back to original appearance.......[/color].
after this thing my internet stops working as i got diss connected from internet LAN & also the audio driver stops working
and i have to go to "add hardware from control panel " and after this procedure i m able to listen the sound...... but problem remains with lan & i have to restart the system every time in order to get connected with internet....
i am tired of by restarting my system again and again..............
please help me out from this situation......i hav posted my hikack log file above
-
the Problem i m facing is of strange nature
[color="#FF0000"]while using internet my desktop appearance blinks changes to classic window appearance & then reverts backs to its original xp appearance[/color]
[color="#FF0000"]
[/color]
but after that my audio stops working & i m not able to use internet......
in order to rectify audio problem i hav to go to control panel and add hardware......
but lan/internet problem persists there & i have to restart the pc in oder to get connect to internet again
while posting this topic i have to restart my pc at least 3 to 4 times
plz help me out of this trouble
-
Download [color="#FF0000"]OTL.exe[/color] (http://"http://oldtimer.geekstogo.com/OTL.exe")[/url] by OldTimer to your Desktop.
- Close all windows and right click on OTL.exe and choose to "Run as Administrator"
- Click Run Scan and let the program run uninterrupted.
- It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
-
[quote name='guestolo' date='16 January 2011 - 08:48 PM' timestamp='1295192926' post='474911']
Download [color="#FF0000"]OTL.exe[/color] (http://"http://oldtimer.geekstogo.com/OTL.exe")[/url] by OldTimer to your Desktop.
- Close all windows and right click on OTL.exe and choose to "Run as Administrator"
- Click Run Scan and let the program run uninterrupted.
- It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
[/quote]
********************************************************************************************************************
upon right click i didnt found any option to run as administrator...........i simply ran it
and i only got this otl.txt and no extras.txt is saved on desktop....
[color="#FF0000"]after this i m not aslo able to c my hidden files[/color]
*************************************************************************
OTL logfile created on: 1/17/2011 2:08:20 PM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\ALI\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
894.00 Mb Total Physical Memory | 232.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 10.76 Gb Free Space | 43.02% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 0.72 Gb Free Space | 2.89% Space Free | Partition Type: NTFS
Drive E: | 49.70 Gb Total Space | 0.79 Gb Free Space | 1.59% Space Free | Partition Type: NTFS
Drive F: | 49.34 Gb Total Space | 1.46 Gb Free Space | 2.96% Space Free | Partition Type: NTFS
Drive J: | 298.09 Gb Total Space | 5.53 Gb Free Space | 1.86% Space Free | Partition Type: NTFS
Computer Name: MAGMA | User Name: ALI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/01/17 14:04:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALI\Desktop\OTL.exe
PRC - [2010/12/26 01:31:49 | 003,179,952 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2010/08/12 17:15:19 | 001,355,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/08/12 17:15:19 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/10/15 14:51:51 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/10/05 16:18:50 | 000,230,664 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
PRC - [2004/09/01 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2011/01/17 14:04:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALI\Desktop\OTL.exe
MOD - [2009/03/26 20:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2004/09/01 13:00:00 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (xeoeobt)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/08/12 17:15:19 | 001,355,416 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2007/10/05 16:18:50 | 000,230,664 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe -- (AVP)
SRV - [2007/02/21 17:26:40 | 000,151,552 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe -- (bepldr)
========== Driver Services (SafeList) ==========
DRV - [2010/08/12 17:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/12 17:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/05/10 23:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/17 23:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/25 14:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/10/05 14:48:04 | 000,190,736 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2007/07/18 15:39:54 | 000,110,096 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2007/05/30 18:49:06 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2007/03/26 16:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/03 01:03:24 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/13 23:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2011/01/15 12:29:12 | 000,428,637 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14760 more lines...
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (Kaspersky Lab)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm ()
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\ALI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ALI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/25 23:49:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/01/17 14:05:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ALI\Desktop\OTL.exe
[2011/01/16 15:29:42 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/01/16 15:23:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2011/01/16 15:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/01/16 15:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/01/16 15:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/01/15 19:53:36 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/01/15 19:53:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/01/15 03:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/15 03:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/15 03:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/01/14 21:09:22 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\ALI\Desktop\HijackThis.exe
[2011/01/14 18:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/14 18:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\SUPERAntiSpyware.com
[2011/01/14 18:55:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/01/14 18:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/14 17:09:27 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2011/01/14 17:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011/01/14 17:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Simply Super Software
[2011/01/14 16:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Threat Expert
[2011/01/14 15:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/01/14 15:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/10 22:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2011/01/10 22:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\MYIE2
[2011/01/09 21:09:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2011/01/09 21:08:40 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2011/01/08 17:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\skypePM
[2011/01/08 17:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/01/08 17:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/01/08 17:48:42 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/01/08 17:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Skype
[2011/01/08 15:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Contacts
[2011/01/08 15:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\My Documents\My Received Files
[2011/01/07 21:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\vlc
[2011/01/07 21:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Graboid_Inc
[2011/01/07 21:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Graboid
[2011/01/07 21:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Geckofx
[2011/01/07 21:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Mozilla
[2011/01/07 21:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/01/07 21:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2011/01/07 18:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\My Documents\OneNote Notebooks
[2011/01/07 14:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/01/05 21:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\GetRightToGo
[2011/01/05 21:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/01/05 21:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Conduit
[2011/01/05 21:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Brothersoft
[2011/01/05 21:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\ConduitEngine
[2011/01/05 21:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/01/05 21:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Brothersoft
[2011/01/05 12:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Start Menu\Programs\ImTOO
[2011/01/05 12:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\ImTOO
[2011/01/05 12:33:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/01/04 15:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Nokia
[2011/01/04 15:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\PC Suite
[2011/01/04 15:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/01/04 15:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia PC Suite
[2011/01/04 15:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2011/01/04 15:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2011/01/04 15:44:45 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2011/01/04 15:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2011/01/04 15:44:27 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2011/01/04 15:44:26 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2011/01/04 15:44:25 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll
[2011/01/04 15:44:25 | 000,662,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2011/01/04 15:44:25 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2011/01/04 15:44:23 | 000,092,672 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2011/01/04 15:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2011/01/04 15:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/01/04 15:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/01/03 19:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/01/03 19:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/01/03 19:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/01/03 19:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/01/03 19:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Adobe
[2011/01/03 15:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/01/01 15:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Encarta
[2011/01/01 15:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Encarta
[2010/12/31 15:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Nitro PDF
[2010/12/31 15:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BCL Technologies
[2010/12/31 15:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2010/12/31 15:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/12/31 15:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Downloaded Installations
[2010/12/31 11:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/12/31 11:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\uTorrent
[2010/12/30 15:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BurstCopy
[2010/12/30 15:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BurstCopy Labs
[2010/12/30 15:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\BurstCopy
[2010/12/30 15:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2010/12/30 15:34:27 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2010/12/30 15:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/12/30 15:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/12/30 15:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/12/30 15:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/12/30 15:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/12/30 15:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/12/30 15:28:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/12/30 15:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Microsoft Help
[2010/12/30 15:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/12/30 15:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/12/30 15:27:11 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/12/30 14:53:51 | 000,000,000 | ---D | C] -- C:\new movies
[2010/12/26 14:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\dvdcss
[2010/12/26 13:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Start Menu\Programs\Google Chrome
[2010/12/26 13:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Temp
[2010/12/26 13:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Google
[2010/12/26 13:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Deployment
[2010/12/26 13:16:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\ALI\UserData
[2010/12/26 12:35:00 | 000,000,000 | ---D | C] -- C:\PIX
[2010/12/26 11:07:21 | 000,000,000 | ---D | C] -- C:\D
[2010/12/26 11:07:19 | 000,000,000 | ---D | C] -- C:\COW
[2010/12/26 11:07:16 | 000,000,000 | ---D | C] -- C:\CAM
[2010/12/26 11:07:12 | 000,000,000 | ---D | C] -- C:\Birthday
[2010/12/26 11:00:24 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2010/12/26 09:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/12/26 01:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Media Player Classic
[2010/12/26 01:32:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2010/12/26 01:31:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/12/26 01:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/12/26 01:31:01 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2010/12/26 01:31:01 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2010/12/26 01:31:00 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2010/12/26 01:30:59 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2010/12/26 01:30:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2010/12/26 01:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/12/26 01:30:58 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll
[2010/12/26 01:30:58 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/12/26 01:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/12/26 01:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/12/26 01:30:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2010/12/26 01:30:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2010/12/26 01:30:56 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2010/12/26 01:30:56 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2010/12/26 01:30:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2010/12/26 01:30:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2010/12/26 01:30:56 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2010/12/26 01:30:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2010/12/26 01:30:54 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2010/12/26 01:30:53 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2010/12/26 01:30:53 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2010/12/26 01:30:53 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2010/12/26 01:30:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2010/12/26 01:30:53 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2010/12/26 01:30:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2010/12/26 01:30:52 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2010/12/26 01:30:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2010/12/26 01:30:52 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2010/12/26 01:30:52 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2010/12/26 01:30:52 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2010/12/26 01:30:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2010/12/26 01:30:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2010/12/26 01:30:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2010/12/26 01:30:51 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2010/12/26 01:30:51 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2010/12/26 01:30:51 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2010/12/26 01:30:51 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2010/12/26 01:30:51 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2010/12/26 01:30:51 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2010/12/26 01:30:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2010/12/26 01:30:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2010/12/26 01:30:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2010/12/26 01:30:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2010/12/26 01:30:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2010/12/26 01:30:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2010/12/26 01:30:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2010/12/26 01:30:50 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2010/12/26 01:30:50 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2010/12/26 01:30:50 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2010/12/26 01:30:50 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2010/12/26 01:30:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2010/12/26 01:30:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2010/12/26 01:30:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2010/12/26 01:30:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2010/12/26 01:30:50 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2010/12/26 01:30:50 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2010/12/26 01:30:50 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2010/12/26 01:30:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2010/12/26 01:30:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2010/12/26 01:30:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2010/12/26 01:30:49 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2010/12/26 01:30:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2010/12/26 01:30:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2010/12/26 01:30:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2010/12/26 01:30:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2010/12/26 01:30:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2010/12/26 01:30:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2010/12/26 01:30:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2010/12/26 01:30:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2010/12/26 01:30:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2010/12/26 01:30:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2010/12/26 01:30:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2010/12/26 01:30:47 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2010/12/26 01:30:47 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2010/12/26 01:30:47 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2010/12/26 01:30:47 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2010/12/26 01:30:47 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2010/12/26 01:30:47 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2010/12/26 01:30:47 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/12/26 01:30:47 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/12/26 01:30:47 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2010/12/26 01:30:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/12/26 01:30:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/12/26 01:30:47 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2010/12/26 01:30:47 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2010/12/26 01:30:47 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2010/12/26 01:30:46 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2010/12/26 01:30:46 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2010/12/26 01:30:46 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2010/12/26 01:30:46 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2010/12/26 01:30:46 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2010/12/26 01:30:46 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2010/12/26 01:30:46 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2010/12/26 01:30:46 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2010/12/26 01:30:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2010/12/26 01:30:46 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2010/12/26 01:30:46 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2010/12/26 01:30:46 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2010/12/26 01:30:46 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2010/12/26 01:30:46 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2010/12/26 01:30:45 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2010/12/26 01:30:45 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2010/12/26 01:30:45 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2010/12/26 01:30:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2010/12/26 01:30:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2010/12/26 01:30:45 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys
[2010/12/26 01:30:45 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\batt.dll
[2010/12/26 01:30:45 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2010/12/26 01:30:44 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2010/12/26 01:30:44 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2010/12/26 01:30:41 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2010/12/26 01:30:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2010/12/26 01:30:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/12/26 01:30:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/12/26 01:30:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/12/26 01:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/12/26 01:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/12/26 01:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\IDM
[2010/12/26 01:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\My Documents\Downloads
[2010/12/26 01:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\DMCache
[2010/12/26 01:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager
[2010/12/26 01:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Start Menu\Programs\Internet Download Manager
[2010/12/26 01:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2010/12/26 01:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Opera
[2010/12/26 01:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Opera
[2010/12/26 01:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/12/26 01:28:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/12/26 01:28:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/12/26 01:28:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/12/26 01:28:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/12/26 01:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2010/12/26 01:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Foxit
[2010/12/26 01:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/12/26 01:28:19 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/12/26 01:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/12/26 01:26:10 | 000,065,536 | ---- | C] (Apple Computer, Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/12/26 01:26:10 | 000,049,152 | ---- | C] (Apple Computer, Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/12/26 01:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2010/12/26 01:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/12/26 01:26:01 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/12/26 01:26:01 | 000,176,167 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/12/26 01:26:01 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/12/26 01:26:01 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/12/26 01:26:00 | 001,650,688 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplva6.dll
[2010/12/26 01:26:00 | 001,581,056 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvw7.dll
[2010/12/26 01:26:00 | 001,552,384 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvm6.dll
[2010/12/26 01:26:00 | 001,122,304 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvpx.dll
[2010/12/26 01:25:59 | 001,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\WINDOWS\System32\vorbis.acm
[2010/12/26 01:25:59 | 000,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/12/26 01:25:58 | 001,415,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMV9VCM.dll
[2010/12/26 01:25:58 | 001,024,000 | ---- | C] (3ivx.com) -- C:\WINDOWS\System32\3ivx.dll
[2010/12/26 01:25:58 | 000,286,720 | ---- | C] (3ivx.com) -- C:\WINDOWS\System32\3ivxVfWCodec.dll
[2010/12/26 01:25:57 | 001,044,480 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libdivx.dll
[2010/12/26 01:25:57 | 000,619,156 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2010/12/26 01:25:57 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssldivx.dll
[2010/12/26 01:25:57 | 000,200,704 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dtu100.dll
[2010/12/26 01:25:57 | 000,090,112 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpl100.dll
[2010/12/26 01:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/12/26 01:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Real
[2010/12/26 01:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/12/26 01:22:40 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/12/26 01:22:40 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/12/26 01:22:40 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/12/26 01:22:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010/12/26 01:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/12/26 01:20:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/12/26 01:19:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ASUSInstAll
[2010/12/26 01:19:11 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2010/12/26 01:19:10 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2010/12/26 01:19:09 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2010/12/26 01:19:08 | 000,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2010/12/26 01:19:08 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2010/12/26 01:19:07 | 000,171,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2010/12/26 01:19:06 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2010/12/26 01:19:06 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2010/12/26 01:19:05 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2010/12/26 01:19:04 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2010/12/26 01:19:03 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2010/12/26 01:18:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010/12/26 01:18:54 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2010/12/26 01:18:54 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2010/12/26 01:18:54 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010/12/26 01:18:54 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2010/12/26 01:18:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2010/12/26 01:18:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2010/12/26 01:18:27 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010/12/26 01:18:23 | 000,086,016 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
[2010/12/26 01:18:22 | 001,822,720 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2010/12/26 01:18:22 | 001,191,936 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2010/12/26 01:18:22 | 000,282,624 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.cpl
[2010/12/26 01:18:20 | 009,715,200 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.exe
[2010/12/26 01:18:19 | 004,395,008 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2010/12/26 01:18:17 | 002,157,568 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2010/12/26 01:18:16 | 000,069,632 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2010/12/26 01:18:15 | 002,808,832 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2010/12/26 01:18:15 | 000,299,008 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSndMgr.cpl
[2010/12/26 01:18:12 | 000,520,192 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2010/12/26 01:18:12 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[2010/12/26 01:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\ATI
[2010/12/26 01:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\ATI
[2010/12/26 01:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/12/26 01:15:30 | 000,036,864 | ---- | C] (Advanced Micro Devices) -- C:\WINDOWS\System32\drivers\AmdK8.sys
[2010/12/26 01:15:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/12/26 01:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2010/12/26 01:11:37 | 000,130,432 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys
[2010/12/26 01:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/12/26 01:10:12 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/12/26 01:09:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/12/26 01:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2010/12/26 01:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Start Menu\Programs\WinRAR
[2010/12/26 01:09:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/12/26 01:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/12/26 01:09:04 | 000,307,200 | R--- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010/12/26 01:09:04 | 000,307,200 | R--- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2010/12/26 01:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/12/26 01:08:48 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/12/26 01:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/12/26 01:06:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/25 23:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Identities
[2010/12/25 23:56:33 | 000,000,0
-
reopen OTL.exe
When it opens, put all selections to NONE
EXCEPT under "Extra Registry" >> Select "Use Safelist"
Then click the Run Scan button
The scan won't take long, post back the contents of Extras.txt minimized in the taskbar or on desktop
-
OTL Extras logfile created on: 1/18/2011 1:56:06 PM - Run 4
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\ALI\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
894.00 Mb Total Physical Memory | 419.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 11.05 Gb Free Space | 44.20% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 0.72 Gb Free Space | 2.89% Space Free | Partition Type: NTFS
Drive E: | 49.70 Gb Total Space | 1.47 Gb Free Space | 2.96% Space Free | Partition Type: NTFS
Drive F: | 49.34 Gb Total Space | 1.46 Gb Free Space | 2.96% Space Free | Partition Type: NTFS
Drive J: | 298.09 Gb Total Space | 5.53 Gb Free Space | 1.86% Space Free | Partition Type: NTFS
Computer Name: MAGMA | User Name: ALI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3666:TCP" = 3666:TCP:*:Enabled:pqhtmzbg
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{078E59A5-668C-D895-1BFF-68AB834A95F3}" = Catalyst Control Center Graphics Full New
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B6E7EA9-D17E-A9BB-7CE0-A1C737EFB5EE}" = Catalyst Control Center Localization Swedish
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FE9DBCE-AB97-90AC-DC4B-BB6C2EDAFF71}" = CCC Help Hungarian
"{12F9942A-E85D-44A6-B054-0B3BC9009625}" = Opera 10.01
"{155FD632-60F5-A777-538C-3194E889C1D0}" = Catalyst Control Center Localization Greek
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1E44E5A6-4DCE-F13F-E00E-22076CE97FEA}" = CCC Help Turkish
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26C70E22-6E6D-B28F-9039-5E2052C2A3BB}" = CCC Help Danish
"{29138741-C0FD-3812-EA30-3D4790DBF951}" = CCC Help Korean
"{2BFCBEDB-79F3-17C4-67B8-A0098E214F6A}" = Catalyst Control Center Graphics Full Existing
"{324B54DB-8576-73C9-7089-9373FFD85E18}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{38797561-17CD-94D2-F422-D83D5133B427}" = CCC Help Chinese Standard
"{3A6898A1-538B-562F-7339-8C5DA25B7254}" = Catalyst Control Center Localization Polish
"{3D190422-5A11-BB51-18B8-7C404DB0E46A}" = Catalyst Control Center Localization Chinese Standard
"{4063CCFF-AEB3-B34C-7D1A-4B32CE46E368}" = CCC Help German
"{41D38ED0-B916-667A-FDD2-965D04D128D5}" = CCC Help Spanish
"{4FB3FCC4-AAB5-AED5-4412-B21DABE87025}" = Catalyst Control Center Localization Korean
"{4FDF7A38-81F4-55F3-1661-CC211DBC96A2}" = CCC Help English
"{52E1EC3F-B8E4-19B5-7EE6-A728B64A4310}" = CCC Help Swedish
"{55BD9B64-A9A8-44DF-E4AE-BDF60F5D4E90}" = CCC Help Thai
"{5B014615-5EB8-EE17-4256-A7B1640819A3}" = CCC Help Italian
"{5B852893-9997-AE56-ED51-5F332938B543}" = Skins
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E33F77B-952D-0FF5-87C4-7CDB66B0E8A1}" = Catalyst Control Center Localization Czech
"{709A7F8D-E1DA-A26F-2C10-B91CDA616FD9}" = CCC Help Portuguese
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"{79DE041C-BCA2-EFBF-5BC1-B89CCC2893D2}" = CCC Help Polish
"{7BD95C90-3FAA-F55C-E9C2-2951F19474A2}" = Catalyst Control Center Localization Portuguese
"{80B4EB2E-F609-F443-E114-5D935412F085}" = CCC Help Greek
"{80EB1351-E642-33EA-0BF9-C681D616E270}" = CCC Help Czech
"{854B9E99-4007-E575-8E8E-3EDFA5B64CA9}" = CCC Help Dutch
"{8D5C88CA-2B55-C174-5AC3-643A638C91C8}" = Catalyst Control Center Localization Italian
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90502AE6-C689-A70E-D03D-1AFB6C233EA0}" = Catalyst Control Center Localization Norwegian
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96639158-501C-D2C4-D25A-B6A86AA4B906}" = Catalyst Control Center Localization Danish
"{977AB934-E01A-DDEC-CF30-B686D5C0A248}" = Catalyst Control Center Localization French
"{982476DE-F2B9-00B0-36E3-DA06948EC1B4}" = Catalyst Control Center Localization Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4E913EC-8F82-14BB-F31F-0B983F540968}" = Catalyst Control Center Localization Spanish
"{A75BF1D0-C7C3-CB55-EE17-3225387FD154}" = ccc-core-static
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA39701D-F5EA-7EC9-D311-08AB84970CD8}" = Catalyst Control Center Localization German
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AD69F082-B9EE-29BE-14A9-6B453A0B644A}" = CCC Help Japanese
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C122B78E-8ACA-BDF3-D150-78B26C3C4B94}" = Catalyst Control Center Graphics Light
"{C1E28A5C-94A0-DE77-52FC-177C2930FC48}" = Catalyst Control Center Localization Hungarian
"{C7DA7D9E-56A7-1E08-1B47-427AE3B0C254}" = Catalyst Control Center Core Implementation
"{CBE269E6-CB57-7F2E-3A11-3FF3DE4C1B5D}" = CCC Help Norwegian
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CFAF33CA-01A5-5FD7-70F4-0195A0FBFD8E}" = CCC Help French
"{D0CA80F4-880D-8929-A78D-54E2CC46565D}" = Catalyst Control Center Localization Dutch
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB40817E-C5E6-6818-47F2-0359EAE14271}" = Catalyst Control Center Localization Japanese
"{DC49E045-EB3F-9A88-7404-933FF86D9E2F}" = CCC Help Finnish
"{E0DB1A31-F468-8E22-B158-C7756F4DE68E}" = CCC Help Russian
"{E0FF82C1-E2DE-D6D3-A264-F9FBCFFE7D24}" = Catalyst Control Center Localization Russian
"{E33A3E61-E7DA-65FB-75B4-AA68B6F9D83B}" = ccc-utility
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E65906BF-1BB5-0D31-A62C-54A56B687EF5}" = Catalyst Control Center Localization Thai
"{E97C3316-8C49-2267-0976-C6A56C5DC2F8}" = Catalyst Control Center Localization Turkish
"{F0C2AD51-9F09-4B75-82EE-74DA80F708D8}" = Nitro PDF Professional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17CE6DC-028C-C02E-3739-2C2802C08D7C}" = Catalyst Control Center Localization Chinese Traditional
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BurstCopy_is1" = BurstCopy v2.700
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EWED 2000 A" = Microsoft Encarta World English Dictionary
"Foxit Reader" = Foxit Reader
"InstallWIX_{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.53
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Nokia PC Suite" = Nokia PC Suite
"VLC media player" = VLC media player 1.0.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 1/9/2011 10:32:50 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.152, faulting module
skype.exe, version 5.0.0.152, fault address 0x00114828.
Error - 1/10/2011 12:41:26 PM | Computer Name = MAGMA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 1/10/2011 12:41:26 PM | Computer Name = MAGMA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 1/11/2011 8:21:46 AM | Computer Name = MAGMA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 1/11/2011 8:21:46 AM | Computer Name = MAGMA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 1/11/2011 11:57:57 AM | Computer Name = MAGMA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 1/11/2011 11:57:57 AM | Computer Name = MAGMA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 1/12/2011 2:48:44 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application myie.exe, version 0.7.1355.0, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x000106c3.
Error - 1/12/2011 6:41:45 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application myie.exe, version 0.7.1355.0, faulting module
mshtml.dll, version 6.0.2900.2180, fault address 0x001d39c9.
Error - 1/14/2011 7:08:38 AM | Computer Name = MAGMA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.
[ System Events ]
Error - 1/16/2011 6:31:43 AM | Computer Name = MAGMA | Source = Service Control Manager | ID = 7023
Description = The Config Microsoft service terminated with the following error:
%%126
Error - 1/16/2011 8:27:46 AM | Computer Name = MAGMA | Source = Service Control Manager | ID = 7023
Description = The Config Microsoft service terminated with the following error:
%%126
Error - 1/16/2011 10:48:22 AM | Computer Name = MAGMA | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.
Error - 1/16/2011 4:01:10 PM | Computer Name = MAGMA | Source = Service Control Manager | ID = 7023
Description = The Config Microsoft service terminated with the following error:
%%126
Error - 1/17/2011 5:00:40 AM | Computer Name = MAGMA | Source = Service Control Manager | ID = 7023
Description = The Config Microsoft service terminated with the following error:
%%126
Error - 1/17/2011 5:17:28 AM | Computer Name = MAGMA | Source = Service Control Manager | ID = 7023
Description = The Config Microsoft service terminated with the following error:
%%126
Error - 1/17/2011 5:18:59 AM | Computer Name = MAGMA | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.
Error - 1/17/2011 8:29:50 AM | Computer Name = MAGMA | Source = Service Control Manager | ID = 7023
Description = The Config Microsoft service terminated with the following error:
%%126
Error - 1/18/2011 4:17:21 AM | Computer Name = MAGMA | Source = Service Control Manager | ID = 7023
Description = The Config Microsoft service terminated with the following error:
%%126
Error - 1/18/2011 4:42:04 AM | Computer Name = MAGMA | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{A6D6BACD-B12C-4FEB-82A1-97FBB2521F1F}. The
backup browser is stopping.
< End of report >
-
Let's try the following:
Please download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.
Back in Windows
download Malwarebytes' Anti-Malware from Here (http://"http://www.besttechie.net/tools/mbam-setup.exe") or Here (http://"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html")
Save the installer to desktop
Double Click mbam-setup.exe to install the application.- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
-
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5552
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
1/19/2011 1:54:40 PM
mbam-log-2011-01-19 (13-54-40).txt
Scan type: Quick scan
Objects scanned: 129254
Time elapsed: 4 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\WINDOWS\system32\termsrv.dll (Trojan.Downloader) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\system32\termsrv.dll (Trojan.Downloader) -> Delete on reboot.
**********************************************************************************************************
i hav performed another quick scan after restart......but this time no malware detected......thanks
one thing is still there that at the start of this malwares action.............
come icons were changed to unknown file extension as shown in caption attached with the post ........[attachment=5262:p2.bmp]
(http://C:\Documents%20and%20Settings\ALI\My%20Documents\My%20Pictures)
-
the problem is still persisting ...................
again the same thing is happening i m attaching the caption of that blinking.......here[attachment=5263:untitled.PNG]
after this i got disconnected from internet....7 i hav to restart my pc
-
I can't believe I forgot about this topic again, I'm very sorry, can you do the following please
Download ComboFix from the following location
[color="#0000FF"]Link 1[/color] (http://"http://download.bleepingcomputer.com/sUBs/ComboFix.exe")
[color="#FF0000"]Save it ONLY to your Desktop[/color]
--------------------------------------------------------------------
[color="#2E8B57"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
[color="#2e8b57"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply
NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please
-
i did every thing as per previous post .....
but after 5-10 mins of scanning started a message appeared on screen:
[size="4"][color="#FF0000"]"A rootkit virus has found & combofix needs to reboot the system"[/color][/size]
after restart before startup of window again scanning window of combofix appeared but after 50 mints system got hang............and no log of combofix is created in C drive
expect a thing like a caption was created [attachment=5267:p3.bmp]
-
Did you ensure that your AntiVirus software was disabled?
I also see Spybot's TeaTimer running, that could also interfere
Can you do the following, delete your copy of ComboFix from desktop
Then redownload a fresh copy to desktop from the following link, save Only to your desktop
[color="#0000FF"]Link[/color] (http://"http://download.bleepingcomputer.com/sUBs/ComboFix.exe")
To disable SpybotSD TeaTimer:
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot
Reboot your computer, Back in Windows
Definitely ensure that Kaspersky is disabled before running ComboFix
Right click Kaspersky by the clock and select "Pause protection" follow the prompts
If possible, have it paused permanently so it doesn't run on startup
Run ComboFix again with previous instructions, if it does need to reboot the computer to complete it's fix
On startup allow up to only 15 minutes to produce a log
-
sory for delay
after a lot of attempts i m able to complete the scanning process
**********************************************************************************************
ComboFix 11-02-06.01 - ALI 02/07/2011 11:21:38.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.613 [GMT 5:00]
Running from: c:\documents and settings\ALI\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ALI\Application Data\Local
c:\windows\SW_Win9423X24.DLL
K:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_usnjsvc
((((((((((((((((((((((((( Files Created from 2011-01-07 to 2011-02-07 )))))))))))))))))))))))))))))))
.
2011-02-06 12:18 . 2005-03-18 09:01 626688 ----a-w- c:\windows\system32\NCTImageFile.dll
2011-02-03 18:45 . 2011-02-04 11:26 -------- d-----w- c:\program files\Tiff To PDF Component
2011-02-03 09:25 . 2011-02-03 09:25 -------- d-----w- c:\documents and settings\ALI\IGC
2011-02-03 09:25 . 2011-02-03 09:25 -------- d-----w- c:\documents and settings\ALI\Application Data\IGC
2011-02-03 09:25 . 2003-05-28 08:19 245408 ------w- c:\windows\system32\unicows.dll
2011-02-03 09:24 . 2011-02-03 09:24 -------- d-----w- c:\program files\IGC
2011-02-03 09:10 . 2004-07-15 19:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2011-02-03 09:10 . 2004-07-15 19:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2011-02-03 09:10 . 2004-07-15 19:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2011-02-03 09:10 . 2004-07-15 19:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2011-02-03 09:10 . 2004-07-15 19:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2011-02-03 09:10 . 2011-02-03 09:10 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2011-02-03 09:10 . 2011-02-03 09:10 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2011-02-03 08:48 . 2011-02-03 08:48 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\Mozilla
2011-02-03 08:48 . 2011-02-03 08:49 -------- d-----w- c:\program files\Mozilla Sunbird
2011-02-01 07:05 . 2011-02-01 07:05 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\ACDSee
2011-02-01 07:05 . 2011-02-01 07:07 -------- d-----w- c:\documents and settings\ALI\Application Data\ACD Systems
2011-02-01 07:03 . 2011-02-04 11:11 -------- d-----w- c:\program files\Common Files\ACD Systems
2011-02-01 07:02 . 2011-02-01 07:02 -------- d-----w- c:\windows\Downloaded Installations
2011-01-29 22:27 . 2004-05-26 16:06 417792 ----a-w- c:\windows\system32\ac3filter.ax
2011-01-29 22:27 . 2004-01-11 10:02 258048 ----a-w- c:\windows\system32\gplmpgdec.ax
2011-01-28 18:19 . 2011-01-29 09:41 -------- d-----w- c:\documents and settings\ALI\Application Data\DivX
2011-01-28 18:16 . 2011-01-28 18:16 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-01-24 14:40 . 2011-01-24 14:40 -------- d-----w- c:\program files\RAR Password Cracker
2011-01-24 14:38 . 2011-01-24 14:38 -------- d-----w- c:\program files\PDF Password Remover v2.2
2011-01-24 10:50 . 2011-01-24 10:50 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\Identities
2011-01-22 16:30 . 2011-01-22 16:30 -------- d-----w- c:\program files\MSN Messenger
2011-01-19 09:18 . 2011-01-19 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-01-19 09:17 . 2011-01-22 10:23 -------- d-----w- c:\program files\Yahoo!
2011-01-19 09:14 . 2011-01-19 09:15 -------- dc-h--w- c:\windows\ie8
2011-01-19 09:14 . 2011-01-20 07:44 -------- d--h--w- c:\windows\msdownld.tmp
2011-01-19 08:46 . 2011-01-19 08:46 -------- d-----w- c:\documents and settings\ALI\Application Data\Malwarebytes
2011-01-19 08:45 . 2010-12-20 13:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 08:45 . 2011-01-19 08:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-19 08:45 . 2010-12-20 13:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 08:45 . 2011-01-19 08:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-18 10:38 . 2011-01-30 12:16 -------- d-----w- c:\program files\DivX
2011-01-16 10:22 . 2011-01-17 09:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-01-15 14:53 . 2011-01-15 14:53 -------- d--h--w- c:\windows\$hf_mig$
2011-01-14 22:53 . 2011-01-15 07:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-14 22:53 . 2011-01-15 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-01-14 13:56 . 2011-01-14 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-14 12:09 . 2006-06-19 08:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-01-14 12:09 . 2006-05-25 10:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-01-14 12:09 . 2005-08-25 20:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-01-14 12:09 . 2002-03-05 20:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-01-14 12:09 . 2003-02-02 15:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2011-01-14 12:09 . 2011-01-14 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2011-01-14 12:09 . 2011-01-14 12:09 -------- d-----w- c:\documents and settings\ALI\Application Data\Simply Super Software
2011-01-14 11:05 . 2011-01-14 11:05 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\Threat Expert
2011-01-14 10:59 . 2009-10-08 06:31 767952 ----a-w- c:\windows\BDTSupport.dll.old
2011-01-14 10:58 . 2011-01-14 14:47 -------- d-----w- c:\program files\Spyware Doctor
2011-01-14 10:58 . 2011-01-14 13:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-01-10 17:56 . 2011-01-10 17:56 -------- d-----w- c:\program files\Siber Systems
2011-01-10 17:55 . 2011-01-15 22:32 -------- d-----w- c:\program files\MYIE2
2011-01-09 16:09 . 2004-08-03 18:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-01-09 16:09 . 2004-08-03 18:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-01-09 16:08 . 2008-11-07 13:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-01-08 12:52 . 2011-02-06 18:01 -------- d-----w- c:\documents and settings\ALI\Application Data\skypePM
2011-01-08 12:48 . 2011-01-08 12:48 -------- d-----w- c:\program files\Common Files\Skype
2011-01-08 12:48 . 2011-02-06 18:57 -------- d-----w- c:\documents and settings\ALI\Application Data\Skype
2011-01-08 12:48 . 2011-01-17 09:38 -------- d-----r- c:\program files\Skype
2011-01-08 10:28 . 2011-01-08 10:28 -------- d-----w- c:\documents and settings\ALI\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-25 20:18 . 2010-12-25 20:18 315392 ----a-w- c:\windows\HideWin.exe
.
------- Sigcheck -------
[-] 2004-09-01 . 7B11118B078B88F87183FE69EDA43137 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
c:\windows\System32\termsrv.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77245F75-3D8C-40CD-8F64-F9AA1388406F}]
2010-11-12 11:06 2646528 ------w- c:\program files\TheChatPhone Toolbar\tbcore3.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-12-01 06:27 2735200 ----a-w- c:\program files\Zynga\tbZyng.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]
"{01193D00-C7F9-4C26-92A2-1CA91F170068}"= "c:\program files\TheChatPhone Toolbar\tbcore3.dll" [2010-11-12 2646528]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CLASSES_ROOT\clsid\{01193d00-c7f9-4c26-92a2-1ca91f170068}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]
"{01193D00-C7F9-4C26-92A2-1CA91F170068}"= "c:\program files\TheChatPhone Toolbar\tbcore3.dll" [2010-11-12 2646528]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CLASSES_ROOT\clsid\{01193d00-c7f9-4c26-92a2-1ca91f170068}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-12-25 3179952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" [2007-10-05 230664]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^ALI^Start Menu^Programs^Startup^Encarta Dictionary Quickshelf.lnk]
path=c:\documents and settings\ALI\Start Menu\Programs\Startup\Encarta Dictionary Quickshelf.lnk
backup=c:\windows\pss\Encarta Dictionary Quickshelf.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ALI^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\ALI\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 22:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-21 23:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
2007-10-05 11:18 230664 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-26 08:17 136176 ----atw- c:\documents and settings\ALI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 19:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 20:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 05:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 11:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 11:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-01-01 04:49 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 08:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3666:TCP"= 3666:TCP:pqhtmzbg
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/30/2007 6:49 PM 24344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2007 9:49 AM 136176]
S2 xeoeobt;Config Microsoft;c:\windows\system32\svchost.exe -k netsvcs [9/1/2004 1:00 PM 14336]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2/21/2007 5:26 PM 151552]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xeoeobt
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-07 23:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2011-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2007-01-01 04:49]
2011-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2007-01-01 04:49]
2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1177238915-725345543-1003Core.job
- c:\documents and settings\ALI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-26 08:17]
2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1177238915-725345543-1003UA.job
- c:\documents and settings\ALI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-26 08:17]
2011-02-07 c:\windows\Tasks\User_Feed_Synchronization-{D5E359FE-18D3-4EDA-90CF-4EE7AB928AD4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 23:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.thechatphone.com
uSearchAssistant =
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: QuickDefine - c:\program files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
LSP: c:\windows\system32\idmmbc.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
MSConfigStartUp-Virtual PDF Printer - c:\program files\Virtual PDF Printer\VirtualPDFPrinter.exe
HKLM_ActiveSetup-ccc-core-static - msiexec
AddRemove-Convert Image To PDF_is1 - c:\program files\Softinterface
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-07 11:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uavslubi]
"ServiceDll"="c:\windows\system32\wxjgwkd.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uavslubi]
"ServiceDll"="c:\windows\system32\wxjgwkd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bf,30,54,38,b7,c2,50,fb,0c,2d,86,33,90,5f,38,9c,4b,aa,0d,04,13,
1b,a7,08,15,1b,18,b4,3e,3e,5f,28,a6,db,9d,3e,4b,a6,99,5a,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{80d28757-c52c-4bc2-b1b9-28e250ffaaf3}]
@Denied: (Full) (Everyone)
"Model"=dword:0000016b
"Therad"=dword:00000016
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,51,c4,5c,06,a5,56,2b,b8,06,52,ef,38,3c,45,e2,58,83,e0,8b,c5,07,bb,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1132)
c:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(3384)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-02-07 11:33:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-07 06:33
Pre-Run: 10,048,827,392 bytes free
Post-Run: 10,915,282,944 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 89917F627FEE09C7A9530E8CCF47FF19
-
Can you run the following tools for me please
1. - Download [color="#0000FF"]TDSSKiller[/color] (http://"http://support.kaspersky.com/downloads/utils/tdsskiller.zip") and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
2. download MBRCheck (http://"http://ad13.geekstogo.com/MBRCheck.exe") to your desktop.- Double click MBRCheck.exe to run it
- It will open a black window, please do not fix anything (if it gives you an option).
- When it's done click Enter to Exit that window and it will produce a log (MBRCheck_date_time) on your desktop
- Please post that log when you reply.
3. Download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
- Double-click SystemLook.exe to run it.
- Copy the contents of the following codebox into the main textfield:
:filefind
tcpip.sys
termsrv.dll
- Click the Look button to start the scan. This scan can take a few minutes
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
-
[color="#1C2837"][font="arial, verdana, tahoma, sans-serif"][size="2"][color="#0000FF"]TDSSKiller (http://"http://support.kaspersky.com/downloads/utils/tdsskiller.zip") this link is not working for me ................i m not able to download it [/color][/font][/color]
[color="#1C2837"][font="arial, verdana, tahoma, sans-serif"][size="2"][color="#0000FF"]
[/color][/size][/font][/color]
[color="#1C2837"][font="arial, verdana, tahoma, sans-serif"][size="2"][color="#0000FF"]i have also tried to download it...................but a error message appears of some firewall settings or broken DNS[/color][/size][/font][/color][/size][color="#1C2837"][font="arial, verdana, tahoma, sans-serif"][size="2"][color="#0000FF"][attachment=5273:error.JPG]
[/color][/font][/color][/size][color="#1C2837"][font="arial, verdana, tahoma, sans-serif"][size="2"][color="#0000FF"]i am receiving this error shown in the caption[/color][/font][/color][/size][color="#1C2837"][font="arial, verdana, tahoma, sans-serif"][size="2"][color="#0000FF"]
[/color][/font][/color][/size]
-
or some times explorer shows error or invalid address.................i have tried to download it with idm without idm and other locations on the net but im not able to download it
-
It looks as if your having problems allowing the program to download thru Kaspersky
You will have to check your settings
or kaspersky's link was temporarily down
In the meantime, try downloading TDSKiller from here
http://support.kaspersky.com/faq/?qid=208283363
Don't stop at just one step, carry on with the others
-
2011/02/09 13:16:16.0468 3140 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/09 13:16:16.0500 3140 ================================================================================
2011/02/09 13:16:16.0500 3140 SystemInfo:
2011/02/09 13:16:16.0500 3140
2011/02/09 13:16:16.0500 3140 OS Version: 5.1.2600 ServicePack: 2.0
2011/02/09 13:16:16.0500 3140 Product type: Workstation
2011/02/09 13:16:16.0500 3140 ComputerName: MAGMA
2011/02/09 13:16:16.0500 3140 UserName: ALI
2011/02/09 13:16:16.0500 3140 Windows directory: C:\WINDOWS
2011/02/09 13:16:16.0500 3140 System windows directory: C:\WINDOWS
2011/02/09 13:16:16.0500 3140 Processor architecture: Intel x86
2011/02/09 13:16:16.0500 3140 Number of processors: 2
2011/02/09 13:16:16.0500 3140 Page size: 0x1000
2011/02/09 13:16:16.0500 3140 Boot type: Normal boot
2011/02/09 13:16:16.0500 3140 ================================================================================
2011/02/09 13:16:18.0046 3140 Initialize success
2011/02/09 13:16:26.0765 2808 ================================================================================
2011/02/09 13:16:26.0765 2808 Scan started
2011/02/09 13:16:26.0765 2808 Mode: Manual;
2011/02/09 13:16:26.0765 2808 ================================================================================
2011/02/09 13:16:28.0031 2808 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/09 13:16:28.0109 2808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/09 13:16:28.0265 2808 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/02/09 13:16:28.0359 2808 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/02/09 13:16:28.0703 2808 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/02/09 13:16:29.0046 2808 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/09 13:16:29.0140 2808 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/09 13:16:29.0328 2808 ati2mtag (a1789368b4a31d2111af7aeda0c8d3fc) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/02/09 13:16:29.0453 2808 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/09 13:16:29.0531 2808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/09 13:16:29.0625 2808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/09 13:16:29.0718 2808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/09 13:16:29.0875 2808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/09 13:16:30.0171 2808 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/09 13:16:30.0265 2808 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/09 13:16:30.0656 2808 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/09 13:16:30.0765 2808 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/09 13:16:30.0875 2808 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/09 13:16:30.0968 2808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/09 13:16:31.0031 2808 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/09 13:16:31.0171 2808 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/09 13:16:31.0265 2808 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/09 13:16:31.0343 2808 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/09 13:16:31.0437 2808 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/09 13:16:31.0515 2808 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/09 13:16:31.0593 2808 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/02/09 13:16:31.0703 2808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/09 13:16:31.0796 2808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/09 13:16:31.0859 2808 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/09 13:16:31.0953 2808 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/09 13:16:32.0375 2808 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/09 13:16:32.0578 2808 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/09 13:16:32.0671 2808 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/09 13:16:32.0906 2808 IntcAzAudAddService (cbddab14249b2f05407fc09ab8fffb88) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/02/09 13:16:33.0140 2808 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/02/09 13:16:33.0218 2808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/09 13:16:33.0312 2808 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/09 13:16:33.0390 2808 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/09 13:16:33.0468 2808 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/09 13:16:33.0562 2808 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/09 13:16:33.0640 2808 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/09 13:16:33.0750 2808 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/09 13:16:33.0812 2808 kl1 (ed7e0b85d891e06ab1a29725cad8e67a) C:\WINDOWS\system32\drivers\kl1.sys
2011/02/09 13:16:33.0906 2808 klif (015539fe045c9ae146282b2779b23fd2) C:\WINDOWS\system32\drivers\klif.sys
2011/02/09 13:16:34.0000 2808 klim5 (517ac27b4b3c0df5ec5e5212ca1cbd8c) C:\WINDOWS\system32\DRIVERS\klim5.sys
2011/02/09 13:16:34.0093 2808 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/09 13:16:34.0171 2808 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/09 13:16:34.0375 2808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/09 13:16:34.0453 2808 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/09 13:16:34.0562 2808 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/09 13:16:34.0640 2808 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/09 13:16:34.0796 2808 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/09 13:16:34.0890 2808 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/09 13:16:35.0000 2808 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/09 13:16:35.0093 2808 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/09 13:16:35.0187 2808 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/09 13:16:35.0265 2808 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/09 13:16:35.0343 2808 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/09 13:16:35.0421 2808 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/02/09 13:16:35.0500 2808 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/09 13:16:35.0593 2808 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/09 13:16:35.0671 2808 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/09 13:16:35.0765 2808 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/09 13:16:35.0843 2808 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/09 13:16:35.0921 2808 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/09 13:16:36.0000 2808 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/09 13:16:36.0093 2808 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/09 13:16:36.0203 2808 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/02/09 13:16:36.0296 2808 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/02/09 13:16:36.0375 2808 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/09 13:16:36.0453 2808 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/09 13:16:36.0562 2808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/09 13:16:36.0640 2808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/09 13:16:36.0734 2808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/09 13:16:36.0843 2808 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/09 13:16:36.0921 2808 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/09 13:16:37.0000 2808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/09 13:16:37.0062 2808 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/02/09 13:16:37.0156 2808 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/09 13:16:37.0296 2808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/09 13:16:37.0375 2808 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/09 13:16:37.0859 2808 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/09 13:16:37.0953 2808 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/09 13:16:38.0046 2808 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/09 13:16:38.0125 2808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/09 13:16:38.0484 2808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/09 13:16:38.0578 2808 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/09 13:16:38.0656 2808 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/09 13:16:38.0765 2808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/09 13:16:38.0828 2808 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/09 13:16:38.0921 2808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/09 13:16:38.0984 2808 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/09 13:16:39.0109 2808 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/09 13:16:39.0218 2808 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/09 13:16:39.0328 2808 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/02/09 13:16:39.0421 2808 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/09 13:16:39.0531 2808 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/09 13:16:39.0609 2808 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/09 13:16:39.0703 2808 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/09 13:16:39.0906 2808 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/09 13:16:40.0000 2808 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/09 13:16:40.0093 2808 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/09 13:16:40.0187 2808 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/09 13:16:40.0265 2808 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/09 13:16:40.0593 2808 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/09 13:16:40.0718 2808 Tcpip (7b11118b078b88f87183fe69eda43137) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/09 13:16:40.0828 2808 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/09 13:16:40.0921 2808 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/09 13:16:41.0000 2808 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/09 13:16:41.0109 2808 Suspicious service (NoAccess): uavslubi
2011/02/09 13:16:41.0171 2808 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/09 13:16:41.0312 2808 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/09 13:16:41.0406 2808 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/02/09 13:16:41.0484 2808 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/09 13:16:41.0578 2808 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/09 13:16:41.0656 2808 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/09 13:16:41.0750 2808 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/02/09 13:16:41.0828 2808 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/09 13:16:41.0906 2808 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/02/09 13:16:42.0062 2808 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/09 13:16:42.0171 2808 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/09 13:16:42.0265 2808 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/02/09 13:16:42.0421 2808 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/09 13:16:42.0546 2808 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/09 13:16:43.0359 2808 ================================================================================
2011/02/09 13:16:43.0359 2808 Scan finished
2011/02/09 13:16:43.0359 2808 ================================================================================
-
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000006fc
Kernel Drivers (total 110):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xF79D0000 \WINDOWS\system32\KDCOM.DLL
0xF78E0000 \WINDOWS\system32\BOOTVID.dll
0xF73A1000 ACPI.sys
0xF79D2000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7390000 pci.sys
0xF74D0000 isapnp.sys
0xF7A98000 pciide.sys
0xF7750000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74E0000 MountMgr.sys
0xF7371000 ftdisk.sys
0xF79D4000 dmload.sys
0xF734B000 dmio.sys
0xF7758000 PartMgr.sys
0xF74F0000 VolSnap.sys
0xF7333000 atapi.sys
0xF7500000 disk.sys
0xF7510000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7314000 fltMgr.sys
0xF7302000 sr.sys
0xF72EB000 KSecDD.sys
0xF725E000 Ntfs.sys
0xF7231000 NDIS.sys
0xF7216000 Mup.sys
0xF71FA000 kl1.sys
0xF7760000 \WINDOWS\system32\drivers\TDI.SYS
0xF7630000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF6F9E000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6F8A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF77F0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6F67000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77F8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6F42000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6F22000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF7800000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7640000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7988000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6F0E000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7650000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7808000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7810000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF79F2000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xF7818000 \SystemRoot\system32\DRIVERS\klim5.sys
0xF7B08000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7660000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7990000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6EF7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7670000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7680000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF6EE6000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7690000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7820000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7828000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6EB5000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76A0000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79F4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6E6A000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6E36000 \SystemRoot\system32\DRIVERS\update.sys
0xF79AC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76B0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76E0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79F6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xEE532000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xEE510000 \SystemRoot\system32\drivers\portcls.sys
0xF76F0000 \SystemRoot\system32\drivers\drmk.sys
0xF79FA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BE5000 \SystemRoot\System32\Drivers\Null.SYS
0xF79FC000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7838000 \SystemRoot\System32\drivers\vga.sys
0xF79FE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7840000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7848000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7984000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE415000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE395000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE36D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE34C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF6E91000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xEE32A000 \SystemRoot\System32\drivers\afd.sys
0xF7720000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEE2FE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEE267000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xEE228000 \??\C:\WINDOWS\system32\drivers\klif.sys
0xF7560000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7570000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7860000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xEE205000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEE1ED000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A02000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7870000 \SystemRoot\System32\watchdog.sys
0xEE504000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys
0xF7B1D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D3000 \SystemRoot\System32\ati2dvag.dll
0xBFA17000 \SystemRoot\System32\ati2cqag.dll
0xBFA6C000 \SystemRoot\System32\atikvmag.dll
0xBFAB8000 \SystemRoot\System32\ati3duag.dll
0xBFD6B000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEBDC5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEBA88000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A32000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEB9E5000 \SystemRoot\system32\DRIVERS\srv.sys
0xEB868000 \SystemRoot\system32\drivers\wdmaud.sys
0xEBC25000 \SystemRoot\system32\drivers\sysaudio.sys
0xEB4E0000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 30):
0 System Idle Process
4 System
976 C:\WINDOWS\system32\smss.exe
1044 csrss.exe
1072 C:\WINDOWS\system32\winlogon.exe
1116 C:\WINDOWS\system32\services.exe
1128 C:\WINDOWS\system32\lsass.exe
1296 C:\WINDOWS\system32\ati2evxx.exe
1312 C:\WINDOWS\system32\svchost.exe
1408 svchost.exe
1592 C:\WINDOWS\system32\svchost.exe
1692 C:\WINDOWS\system32\ati2evxx.exe
1704 svchost.exe
1888 svchost.exe
212 C:\WINDOWS\system32\spoolsv.exe
452 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
768 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
1652 C:\WINDOWS\explorer.exe
1904 alg.exe
2992 C:\WINDOWS\RTHDCPL.exe
3000 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
3064 C:\Program Files\Internet Download Manager\IDMan.exe
3076 C:\WINDOWS\system32\ctfmon.exe
3096 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3348 C:\Program Files\Internet Download Manager\IEMonitor.exe
3968 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3392 C:\Documents and Settings\ALI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3960 C:\Documents and Settings\ALI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2204 C:\Documents and Settings\ALI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2240 C:\Documents and Settings\ALI\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000006`4039fe00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000c`80737e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000018`ed4a2e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000001`966e7800 (FAT32)
\\.\J: --> \\.\PhysicalDrive3 at offset 0x00000000`00100000 (NTFS)
\\.\K: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: MAXTORSTM3160215AS, Rev: 3.AAD
PhysicalDrive1 Model Number: WDCWD204BA, Rev: 16.13M16
PhysicalDrive3 Model Number: WD3200BEV External, Rev: 1.75
PhysicalDrive2 Model Number: SeagateFreeAgent Go, Rev: 0142
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
19 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
298 GB \\.\PhysicalDrive3 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
298 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Done!
-
SystemLook 04.09.10 by jpshortstuff
Log created at 13:22 on 09/02/2011 by ALI
Administrator - Elevation successful
========== filefind ==========
Searching for "tcpip.sys"
C:\WINDOWS\system32\drivers\tcpip.sys --a---- 359040 bytes [08:00 01/09/2004] [08:00 01/09/2004] 7B11118B078B88F87183FE69EDA43137
Searching for "termsrv.dll"
No files found.
-= EOF =-
-
problem is still persisting...............and same is the case wid icon
-
sorry for the delay
Delete your copy of ComboFix from desktop
I need you to download a fresh copy from the following link
[color="#0000FF"]Link 1[/color] (http://"http://download.bleepingcomputer.com/sUBs/ComboFix.exe")
Save it ONLY to your Desktop[/color]
Afterwards
I've uploaded a file to Mediafire>>termsrv.dll
I need you to save the file to your C: drive, so you now have C:\termsrv.dll
from the following link
http://www.mediafire.com/?k5ym81ykp49ztrd
Note: If you happen to save the file in a different location, I need you to navigate to that location and copy/paste termsrv.dll directly to C: folder
Copy ALL the below in the Code box and paste to an empty notepad file
Don't use anything else than notepad or the script will not work
To open Notepad you can go to Start>Programs>> Accessories, and then clicking Notepad.
Netsvcs::
xeoeobt
File::
c:\windows\system32\wxjgwkd.dll
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3666:TCP"=-
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uavslubi]
"ServiceDll"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uavslubi]
FCopy::
C:\termsrv.dll | c:\windows\System32\termsrv.dll
Save this as txtfile on your desktop, with the exact name of
CFScript
Temporarily disable your AntiVirus/AntiSpyware software so it won't interfere with this next step
Again, temporarily disable Avast protections so they don't interfere
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
When finished, it shall produce a log for you with the same name C:\ComboFix.txt..
I'll need to see that log again
-
ComboFix 11-02-19.02 - ALI 02/20/2011 15:47:29.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.598 [GMT 5:00]
Running from: c:\documents and settings\ALI\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ALI\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FILE ::
"c:\windows\system32\wxjgwkd.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\termsrv.dll
c:\windows\system32\wxjgwkd.dll
.
--------------- FCopy ---------------
c:\termsrv.dll --> c:\windows\System32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_keifb
-------\Legacy_uavslubi
-------\Service_keifb
-------\Service_uavslubi
((((((((((((((((((((((((( Files Created from 2011-01-20 to 2011-02-20 )))))))))))))))))))))))))))))))
.
2011-02-20 10:25 . 2011-02-20 08:33 295424 ----a-w- c:\windows\system32\termsrv.dll
2011-02-17 19:42 . 2004-04-30 04:33 5248 ----a-w- c:\windows\system32\drivers\vax347s.sys
2011-02-17 19:42 . 2005-07-08 09:44 159616 ----a-w- c:\windows\system32\drivers\vax347b.sys
2011-02-17 19:42 . 2011-02-17 19:42 -------- d-----w- c:\program files\Alcohol Soft
2011-02-17 08:13 . 2011-02-17 08:15 -------- d-----w- c:\program files\BomberMan Collection
2011-02-15 08:27 . 2011-02-15 08:27 -------- d-----w- c:\windows\A5W_DATA
2011-02-07 06:33 . 2011-02-07 06:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-02-03 18:45 . 2011-02-04 11:26 -------- d-----w- c:\program files\Tiff To PDF Component
2011-02-03 09:25 . 2011-02-03 09:25 -------- d-----w- c:\documents and settings\ALI\Application Data\IGC
2011-02-03 09:25 . 2003-05-28 08:19 245408 ------w- c:\windows\system32\unicows.dll
2011-02-03 09:24 . 2011-02-03 09:24 -------- d-----w- c:\program files\IGC
2011-02-03 09:10 . 2004-07-15 19:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2011-02-03 09:10 . 2004-07-15 19:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2011-02-03 09:10 . 2004-07-15 19:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2011-02-03 09:10 . 2004-07-15 19:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2011-02-03 09:10 . 2004-07-15 19:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2011-02-03 09:10 . 2011-02-03 09:10 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2011-02-03 09:10 . 2011-02-03 09:10 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2011-02-03 08:48 . 2011-02-03 08:48 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\Mozilla
2011-02-03 08:48 . 2011-02-03 08:49 -------- d-----w- c:\program files\Mozilla Sunbird
2011-02-01 07:05 . 2011-02-01 07:05 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\ACDSee
2011-02-01 07:05 . 2011-02-01 07:07 -------- d-----w- c:\documents and settings\ALI\Application Data\ACD Systems
2011-02-01 07:03 . 2011-02-04 11:11 -------- d-----w- c:\program files\Common Files\ACD Systems
2011-02-01 07:02 . 2011-02-01 07:02 -------- d-----w- c:\windows\Downloaded Installations
2011-01-29 22:27 . 2004-05-26 16:06 417792 ----a-w- c:\windows\system32\ac3filter.ax
2011-01-29 22:27 . 2004-01-11 10:02 258048 ----a-w- c:\windows\system32\gplmpgdec.ax
2011-01-28 18:19 . 2011-01-29 09:41 -------- d-----w- c:\documents and settings\ALI\Application Data\DivX
2011-01-28 18:16 . 2011-01-28 18:16 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-01-24 14:40 . 2011-01-24 14:40 -------- d-----w- c:\program files\RAR Password Cracker
2011-01-24 14:38 . 2011-01-24 14:38 -------- d-----w- c:\program files\PDF Password Remover v2.2
2011-01-24 10:50 . 2011-01-24 10:50 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\Identities
2011-01-22 16:30 . 2011-01-22 16:30 -------- d-----w- c:\program files\MSN Messenger
2011-01-22 10:24 . 2011-01-22 10:24 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\Yahoo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-25 20:18 . 2010-12-25 20:18 315392 ----a-w- c:\windows\HideWin.exe
2010-12-20 13:09 . 2011-01-19 08:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 13:08 . 2011-01-19 08:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
------- Sigcheck -------
[-] 2004-09-01 . 7B11118B078B88F87183FE69EDA43137 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2011-02-20 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-02-07_06.29.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-17 19:42 . 2011-02-17 19:42 49152 c:\windows\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814236.exe
+ 2011-02-17 19:42 . 2011-02-17 19:42 5120 c:\windows\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814234.exe
+ 2007-01-04 09:26 . 2011-02-20 10:53 453920 c:\windows\system32\drivers\fidbox2.dat
+ 2011-02-17 19:42 . 2011-02-17 19:42 959488 c:\windows\Installer\55e74ab.msi
+ 2007-01-04 09:26 . 2011-02-20 10:53 27322656 c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77245F75-3D8C-40CD-8F64-F9AA1388406F}]
2010-11-12 11:06 2646528 ------w- c:\program files\TheChatPhone Toolbar\tbcore3.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-12-01 06:27 2735200 ----a-w- c:\program files\Zynga\tbZyng.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]
"{01193D00-C7F9-4C26-92A2-1CA91F170068}"= "c:\program files\TheChatPhone Toolbar\tbcore3.dll" [2010-11-12 2646528]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CLASSES_ROOT\clsid\{01193d00-c7f9-4c26-92a2-1ca91f170068}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]
"{01193D00-C7F9-4C26-92A2-1CA91F170068}"= "c:\program files\TheChatPhone Toolbar\tbcore3.dll" [2010-11-12 2646528]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CLASSES_ROOT\clsid\{01193d00-c7f9-4c26-92a2-1ca91f170068}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-12-25 3179952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" [2007-10-05 230664]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^ALI^Start Menu^Programs^Startup^Encarta Dictionary Quickshelf.lnk]
path=c:\documents and settings\ALI\Start Menu\Programs\Startup\Encarta Dictionary Quickshelf.lnk
backup=c:\windows\pss\Encarta Dictionary Quickshelf.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ALI^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\ALI\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 22:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-21 23:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
2007-10-05 11:18 230664 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-26 08:17 136176 ----atw- c:\documents and settings\ALI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 19:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 20:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 05:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 11:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 11:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-01-01 04:49 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 08:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 vax347b;vax347b;c:\windows\system32\drivers\vax347b.sys [2/18/2011 12:42 AM 159616]
R0 vax347s;vax347s;c:\windows\system32\drivers\vax347s.sys [2/18/2011 12:42 AM 5248]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/30/2007 6:49 PM 24344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2007 9:49 AM 136176]
S2 keifb;Installer Universal;c:\windows\system32\svchost.exe -k netsvcs [9/1/2004 1:00 PM 14336]
S2 uavslubi;Network Image;c:\windows\system32\svchost.exe -k netsvcs [9/1/2004 1:00 PM 14336]
S2 xeoeobt;Config Microsoft;c:\windows\system32\svchost.exe -k netsvcs [9/1/2004 1:00 PM 14336]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2/21/2007 5:26 PM 151552]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xeoeobt
uavslubi
keifb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-07 23:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2007-01-01 04:49]
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2007-01-01 04:49]
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1177238915-725345543-1003Core.job
- c:\documents and settings\ALI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-26 08:17]
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1177238915-725345543-1003UA.job
- c:\documents and settings\ALI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-26 08:17]
2011-02-20 c:\windows\Tasks\User_Feed_Synchronization-{D5E359FE-18D3-4EDA-90CF-4EE7AB928AD4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 23:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.thechatphone.com
uSearchAssistant =
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: QuickDefine - c:\program files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
LSP: c:\windows\system32\idmmbc.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 15:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\keifb]
"ServiceDll"="c:\windows\system32\wxjgwkd.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uavslubi]
"ServiceDll"="c:\windows\system32\wxjgwkd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bf,30,54,38,b7,c2,50,fb,0c,2d,86,33,90,5f,38,9c,4b,aa,0d,04,13,
1b,a7,08,15,1b,18,b4,3e,3e,5f,28,a6,db,9d,3e,4b,a6,99,5a,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{80d28757-c52c-4bc2-b1b9-28e250ffaaf3}]
@Denied: (Full) (Everyone)
"Model"=dword:0000016b
"Therad"=dword:00000016
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,51,c4,5c,06,a5,56,2b,b8,06,52,ef,38,3c,45,e2,58,83,e0,8b,c5,07,bb,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1100)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1156)
c:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(3696)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-02-20 16:00:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-20 11:00
ComboFix2.txt 2011-02-09 09:49
ComboFix3.txt 2011-02-07 06:33
Pre-Run: 7,518,257,152 bytes free
Post-Run: 7,574,437,888 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 65976F3A927095766E65583A042477B4
-
Can you delete CFScript.txt, we're going to redo that step
Copy ALL the below in the Code box and paste to an empty notepad file
Don't use anything else than notepad or the script will not work
To open Notepad you can go to Start>Programs>> Accessories, and then clicking Notepad.
NetSvc::
xeoeobt
uavslubi
keifb
Driver::
xeoeobt
uavslubi
keifb
File::
c:\windows\system32\wxjgwkd.dll
Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\keifb]
"ServiceDll"=-
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uavslubi]
"ServiceDll"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\keifb]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uavslubi]
Save this as txtfile on your desktop, with the exact name of
CFScript
Temporarily disable your AntiVirus/AntiSpyware software so it won't interfere with this next step
Again, temporarily disable Avast protections so they don't interfere
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
When finished, it shall produce a log for you with the same name C:\ComboFix.txt..
I'll need to see that log again
keep me informed how things are now running please
-
[size="5"][color="#FF0000"]sorry 4 late reply ,i was away from city.................[/color][/size]
**************************************************************************
ComboFix 11-03-14.06 - ALI 03/18/2011 11:20:36.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.533 [GMT 5:00]
Running from: c:\documents and settings\ALI\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ALI\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
FILE ::
"c:\windows\system32\wxjgwkd.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KEIFB
-------\Legacy_UAVSLUBI
-------\Legacy_XEOEOBT
-------\Service_keifb
-------\Service_uavslubi
-------\Service_xeoeobt
.
.
((((((((((((((((((((((((( Files Created from 2011-02-18 to 2011-03-18 )))))))))))))))))))))))))))))))
.
.
2011-03-01 12:10 . 2003-05-14 16:07 389120 ----a-w- c:\windows\system32\actskn43.ocx
2011-03-01 12:10 . 2011-03-01 12:10 -------- d-----w- c:\program files\Audio File Cutter
2011-03-01 12:10 . 2000-05-21 19:00 608448 ----a-w- c:\windows\system32\Comctl32.ocx
2011-02-28 17:23 . 2011-02-28 17:23 -------- d-----w- C:\training
2011-02-28 17:23 . 2011-02-28 17:23 -------- d-----w- C:\Photoshop
2011-02-24 06:43 . 2011-02-24 06:43 -------- d--h--w- c:\windows\PIF
2011-02-21 07:11 . 2011-02-21 07:11 286720 ----a-w- c:\windows\iun503.exe
2011-02-21 07:11 . 2011-02-21 07:11 -------- d-----w- c:\program files\TEKKEN 3
2011-02-20 10:25 . 2011-02-20 08:33 295424 ----a-w- c:\windows\system32\termsrv.dll
2011-02-17 19:42 . 2004-04-30 04:33 5248 ----a-w- c:\windows\system32\drivers\vax347s.sys
2011-02-17 19:42 . 2005-07-08 09:44 159616 ----a-w- c:\windows\system32\drivers\vax347b.sys
2011-02-17 19:42 . 2011-02-17 19:42 -------- d-----w- c:\program files\Alcohol Soft
2011-02-17 08:13 . 2011-02-17 08:15 -------- d-----w- c:\program files\BomberMan Collection
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-25 20:18 . 2010-12-25 20:18 315392 ----a-w- c:\windows\HideWin.exe
2010-12-20 13:09 . 2011-01-19 08:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 13:08 . 2011-01-19 08:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-02-07_06.29.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-17 19:42 . 2011-02-17 19:42 49152 c:\windows\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814236.exe
+ 2011-02-17 19:42 . 2011-02-17 19:42 5120 c:\windows\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814234.exe
+ 2007-01-04 09:26 . 2011-03-18 06:25 918304 c:\windows\system32\drivers\fidbox2.dat
+ 2011-02-17 19:42 . 2011-02-17 19:42 959488 c:\windows\Installer\55e74ab.msi
+ 2007-01-04 09:26 . 2011-03-18 06:25 34746912 c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77245F75-3D8C-40CD-8F64-F9AA1388406F}]
2010-11-12 11:06 2646528 ------w- c:\program files\TheChatPhone Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-12-01 06:27 2735200 ----a-w- c:\program files\Zynga\tbZyng.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]
"{01193D00-C7F9-4C26-92A2-1CA91F170068}"= "c:\program files\TheChatPhone Toolbar\tbcore3.dll" [2010-11-12 2646528]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{01193d00-c7f9-4c26-92a2-1ca91f170068}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]
"{01193D00-C7F9-4C26-92A2-1CA91F170068}"= "c:\program files\TheChatPhone Toolbar\tbcore3.dll" [2010-11-12 2646528]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{01193d00-c7f9-4c26-92a2-1ca91f170068}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-12-25 3179952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" [2007-10-05 230664]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^ALI^Start Menu^Programs^Startup^Encarta Dictionary Quickshelf.lnk]
path=c:\documents and settings\ALI\Start Menu\Programs\Startup\Encarta Dictionary Quickshelf.lnk
backup=c:\windows\pss\Encarta Dictionary Quickshelf.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^ALI^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\ALI\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 22:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-21 23:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
2007-10-05 11:18 230664 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-26 08:17 136176 ----atw- c:\documents and settings\ALI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 19:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 20:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 05:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 11:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 11:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-01-01 04:49 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 08:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3666:TCP"= 3666:TCP:pqhtmzbg
.
R0 vax347b;vax347b;c:\windows\system32\drivers\vax347b.sys [2/18/2011 12:42 AM 159616]
R0 vax347s;vax347s;c:\windows\system32\drivers\vax347s.sys [2/18/2011 12:42 AM 5248]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/30/2007 6:49 PM 24344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2007 9:49 AM 136176]
S2 qxyozne;Support Task;c:\windows\system32\svchost.exe -k netsvcs [9/1/2004 1:00 PM 14336]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2/21/2007 5:26 PM 151552]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qxyozne
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-07 23:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-12 c:\windows\Tasks\AdobeAAMUpdater-1.0-MAGMA-ALI.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-01-03 22:44]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2007-01-01 04:49]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2007-01-01 04:49]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1177238915-725345543-1003Core.job
- c:\documents and settings\ALI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-26 08:17]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1177238915-725345543-1003UA.job
- c:\documents and settings\ALI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-26 08:17]
.
2011-03-18 c:\windows\Tasks\User_Feed_Synchronization-{D5E359FE-18D3-4EDA-90CF-4EE7AB928AD4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 23:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.thechatphone.com
uSearchAssistant =
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: QuickDefine - c:\program files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
LSP: c:\windows\system32\idmmbc.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 11:28
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qxyozne]
"ServiceDll"="c:\windows\system32\wxjgwkd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bf,30,54,38,b7,c2,50,fb,0c,2d,86,33,90,5f,38,9c,4b,aa,0d,04,13,
1b,a7,08,15,1b,18,b4,3e,3e,5f,28,a6,db,9d,3e,4b,a6,99,5a,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{80d28757-c52c-4bc2-b1b9-28e250ffaaf3}]
@Denied: (Full) (Everyone)
"Model"=dword:0000016b
"Therad"=dword:00000016
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,eb,6d,27,42,80,c2,b8,87,b7,e9,22,b2,b5,0c,95,0d,83,e0,8b,c5,07,bb,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1100)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
.
- - - - - - - > 'lsass.exe'(1156)
c:\windows\system32\idmmbc.dll
.
- - - - - - - > 'explorer.exe'(3968)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2011-03-18 11:32:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-18 06:32
ComboFix2.txt 2011-02-20 11:00
ComboFix3.txt 2011-02-09 09:49
ComboFix4.txt 2011-02-07 06:33
.
Pre-Run: 2,288,766,976 bytes free
Post-Run: 2,616,303,616 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 54D88BD7E205BE2B33CE1777E499197A
-
Delete your copy of ComboFix and delete CFScript.txt from desktop, we're again going to redo that step
Redownload a fresh copy of ComboFix from the following link
[color="#0000FF"]Link 1[/color] (http://"http://download.bleepingcomputer.com/sUBs/ComboFix.exe")
Save it ONLY to your Desktop
Copy ALL the below in the Code box and paste to an empty notepad file
Don't use anything else than notepad or the script will not work
To open Notepad you can go to Start>Programs>> Accessories, and then clicking Notepad.
Netsvcs::
qxyozne
Driver::
qxyozne
File::
c:\windows\system32\wxjgwkd.dll
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3666:TCP"=-
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qxyozne]
"ServiceDll"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qxyozne]
FCopy::
C:\termsrv.dll | c:\windows\System32\termsrv.dll
Save this as txtfile on your desktop, with the exact name of
CFScript
Temporarily disable your AntiVirus/AntiSpyware software so it won't interfere with this next step
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
When finished, it shall produce a log for you with the same name C:\ComboFix.txt..
I'll need to see that log again
-
ComboFix 11-04-11.04 - ALI 04/12/2011 21:34:44.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.482 [GMT 5:00]
Running from: c:\documents and settings\ALI\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ALI\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
.
FILE ::
"c:\windows\system32\wxjgwkd.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ALI\Application Data\facemoods.com
c:\documents and settings\ALI\WINDOWS
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.5\uninstall.exe
c:\program files\facemoods.com\sqlite3.dll
C:\termsrv.dll
.
.
--------------- FCopy ---------------
.
c:\termsrv.dll --> c:\windows\System32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_QXYOZNE
-------\Service_qxyozne
.
.
((((((((((((((((((((((((( Files Created from 2011-03-12 to 2011-04-12 )))))))))))))))))))))))))))))))
.
.
2011-04-10 22:03 . 2011-04-10 22:03 -------- d-----w- c:\program files\FreeGamePick.com
2011-04-05 08:11 . 2011-04-05 08:11 -------- d-----w- C:\control
2011-04-04 07:50 . 2011-04-10 22:48 -------- d-----w- c:\program files\Pocket Tanks Deluxe
2011-04-02 10:43 . 2011-04-02 10:43 -------- d-----w- c:\program files\All Video Joiner
2011-03-29 11:43 . 2011-03-29 11:43 -------- d-----w- c:\program files\uTorrent
2011-03-24 15:33 . 2011-03-24 15:33 -------- d-----w- c:\documents and settings\ALI\Application Data\GRETECH
2011-03-24 15:28 . 2011-03-24 15:28 -------- d-----w- c:\program files\GRETECH
2011-03-22 17:42 . 2011-03-22 17:42 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\ALLConverter
2011-03-22 17:42 . 2011-03-22 17:42 -------- d-----w- c:\program files\ALLConverter PRO
2011-03-22 17:42 . 2011-03-22 17:48 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\ALLPlayer
2011-03-22 17:41 . 2007-10-07 09:36 258048 ----a-w- c:\windows\system32\libFLAC.dll
2011-03-22 17:41 . 2011-03-22 17:42 -------- d-----w- c:\program files\OpenSubtitlesPlayer
2011-03-22 05:45 . 2011-03-22 05:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-21 06:08 . 1998-07-30 07:51 305152 ----a-w- c:\windows\IsUninst.exe
2011-03-18 10:29 . 2011-03-18 10:29 -------- d-----w- c:\documents and settings\ALI\IGC
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-21 07:11 . 2011-02-21 07:11 286720 ----a-w- c:\windows\iun503.exe
2011-02-20 08:33 . 2011-02-20 10:25 295424 ----a-w- c:\windows\system32\termsrv.dll
.
.
------- Sigcheck -------
.
[-] 2004-09-01 . 7B11118B078B88F87183FE69EDA43137 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2011-02-20 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-02-07_06.29.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-22 05:43 . 2011-03-22 05:47 25852 c:\windows\system32\Restore\rstrlog.dat
+ 2011-03-26 06:21 . 2011-03-26 06:21 6820 c:\windows\system32\d3d9caps.dat
+ 2010-12-25 20:25 . 2010-12-07 14:22 810496 c:\windows\system32\xvidcore.dll
+ 2011-04-01 07:10 . 2011-04-01 07:10 235168 c:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
+ 2011-04-01 07:10 . 2011-04-01 07:10 311456 c:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.dll
+ 2007-01-04 09:26 . 2011-04-12 16:40 992288 c:\windows\system32\drivers\fidbox2.dat
+ 2011-03-21 17:02 . 2011-03-21 17:02 4792320 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2007-01-04 09:26 . 2011-04-12 16:40 39153440 c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77245F75-3D8C-40CD-8F64-F9AA1388406F}]
2010-11-12 11:06 2646528 ------w- c:\program files\TheChatPhone Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-12-01 06:27 2735200 ----a-w- c:\program files\Zynga\tbZyng.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]
"{01193D00-C7F9-4C26-92A2-1CA91F170068}"= "c:\program files\TheChatPhone Toolbar\tbcore3.dll" [2010-11-12 2646528]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{01193d00-c7f9-4c26-92a2-1ca91f170068}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]
"{01193D00-C7F9-4C26-92A2-1CA91F170068}"= "c:\program files\TheChatPhone Toolbar\tbcore3.dll" [2010-11-12 2646528]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{01193d00-c7f9-4c26-92a2-1ca91f170068}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-12-25 3179952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" [2007-10-05 230664]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^ALI^Start Menu^Programs^Startup^Encarta Dictionary Quickshelf.lnk]
path=c:\documents and settings\ALI\Start Menu\Programs\Startup\Encarta Dictionary Quickshelf.lnk
backup=c:\windows\pss\Encarta Dictionary Quickshelf.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^ALI^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\ALI\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 22:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-21 23:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2011-02-26 18:11 1022464 ----a-w- c:\program files\OpenSubtitlesPlayer\ALLUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-26 08:17 136176 ----atw- c:\documents and settings\ALI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 19:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 20:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 05:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 11:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 11:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-01-01 04:49 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 08:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/30/2007 6:49 PM 24344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2007 9:49 AM 136176]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2/21/2007 5:26 PM 151552]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-07 23:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-MAGMA-ALI.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-01-03 22:44]
.
2011-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2007-01-01 04:49]
.
2011-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2007-01-01 04:49]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1177238915-725345543-1003Core.job
- c:\documents and settings\ALI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-26 08:17]
.
2011-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1177238915-725345543-1003UA.job
- c:\documents and settings\ALI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-26 08:17]
.
2011-04-12 c:\windows\Tasks\User_Feed_Synchronization-{D5E359FE-18D3-4EDA-90CF-4EE7AB928AD4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 23:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.thechatphone.com
uSearchAssistant =
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: QuickDefine - c:\program files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
LSP: c:\windows\system32\idmmbc.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.5\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-12 21:42
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bf,30,54,38,b7,c2,50,fb,0c,2d,86,33,90,5f,38,9c,4b,aa,0d,04,13,
1b,a7,08,15,1b,18,b4,3e,3e,5f,28,a6,db,9d,3e,4b,a6,99,5a,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{80d28757-c52c-4bc2-b1b9-28e250ffaaf3}]
@Denied: (Full) (Everyone)
"Model"=dword:0000016b
"Therad"=dword:00000016
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,eb,6d,27,42,80,c2,b8,87,b7,e9,22,b2,b5,0c,95,0d,83,e0,8b,c5,07,bb,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
.
- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\idmmbc.dll
.
- - - - - - - > 'explorer.exe'(588)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-04-12 21:48:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-12 16:48
ComboFix2.txt 2011-03-18 06:32
ComboFix3.txt 2011-02-20 11:00
ComboFix4.txt 2011-02-09 09:49
ComboFix5.txt 2011-04-12 16:33
.
Pre-Run: 2,630,664,192 bytes free
Post-Run: 2,706,141,184 bytes free
.
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - E6EBF0D6365DC6D47C6D5FA21DC436DD
-
How are things running now?
You are waiting too long between replies, I'll lock this topic in a few days if you don't return
Since it's been so long, can you delete your copy of OTL.exe
REDownload [color="#FF0000"]OTL.exe[/color] (http://"http://oldtimer.geekstogo.com/OTL.exe")[/url] by OldTimer to your Desktop.
- Close all windows and double click on OTL.exe to run it
- Select "Use Safelist" under 'Extra Registry'
- Click Run Scan and let the program run uninterrupted.
- It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
-
[size="4"][color="#0000FF"]Sory i was checking whether system works normaly or not..................[/color][/size]
[size="4"][color="#0000FF"]
[/color][/size]
[size="4"][color="#0000FF"]But after the last run of combofix with script you have mentioned.............Problem arises again[/color][/size]
here the logs
******************************************************************************************************************
OTL logfile created on: 4/13/2011 6:35:11 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\ALI\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
894.00 Mb Total Physical Memory | 631.00 Mb Available Physical Memory | 71.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 1.25 Gb Free Space | 4.99% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 2.53 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
Drive E: | 49.70 Gb Total Space | 1.61 Gb Free Space | 3.23% Space Free | Partition Type: NTFS
Drive F: | 49.34 Gb Total Space | 1.65 Gb Free Space | 3.34% Space Free | Partition Type: NTFS
Drive G: | 6.34 Gb Total Space | 0.59 Gb Free Space | 9.36% Space Free | Partition Type: FAT32
Drive H: | 12.64 Gb Total Space | 6.53 Gb Free Space | 51.67% Space Free | Partition Type: FAT32
Drive J: | 298.09 Gb Total Space | 12.97 Gb Free Space | 4.35% Space Free | Partition Type: NTFS
Computer Name: MAGMA | User Name: ALI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/04/13 15:24:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALI\Desktop\OTL.exe
PRC - [2010/12/26 01:31:49 | 003,179,952 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2010/11/12 16:06:50 | 000,197,632 | ---- | M] () -- C:\Program Files\TheChatPhone Toolbar\TbHelper2.exe
PRC - [2009/10/15 14:51:51 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2008/11/10 01:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/10/05 16:18:50 | 000,230,664 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
PRC - [2004/09/01 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2011/04/13 15:24:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALI\Desktop\OTL.exe
MOD - [2009/03/26 20:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2004/09/01 13:00:00 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/11/10 01:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/10/05 16:18:50 | 000,230,664 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe -- (AVP)
SRV - [2007/02/21 17:26:40 | 000,151,552 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe -- (bepldr)
========== Driver Services (SafeList) ==========
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/03/25 14:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/10/05 14:48:04 | 000,190,736 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2007/07/18 15:39:54 | 000,110,096 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2007/05/30 18:49:06 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2007/03/26 16:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/03 01:03:24 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/13 23:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.thechatphone.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: [email protected]:1.2009p
FF - prefs.js..extensions.enabledItems: {e2fda1a4-762b-4020-b5ad-a41df1933103}:1.0b1
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/28 23:19:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/28 23:19:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/02/03 13:48:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
[2011/02/03 13:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ALI\Application Data\Mozilla\Extensions
[2011/02/03 13:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ALI\Application Data\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2011/02/03 13:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ALI\Application Data\Mozilla\Sunbird\Profiles\02738zse.default\extensions
[2011/02/03 13:48:42 | 000,000,000 | ---D | M] (Lightning stub extension for Sunbird) -- C:\PROGRAM FILES\MOZILLA SUNBIRD\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
[2011/02/03 13:48:42 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\MOZILLA SUNBIRD\EXTENSIONS\[email protected]
[2011/03/22 22:45:06 | 000,002,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchostpl.xml
O1 HOSTS File: ([2011/04/12 21:41:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (TBSB02381 Class) - {77245F75-3D8C-40CD-8F64-F9AA1388406F} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\OpenSubtitlesPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (TheChatPhone Toolbar) - {01193D00-C7F9-4C26-92A2-1CA91F170068} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (TheChatPhone Toolbar) - {01193D00-C7F9-4C26-92A2-1CA91F170068} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm ()
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\ALI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ALI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/25 23:49:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/13 15:24:02 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ALI\Desktop\OTL.exe
[2011/04/12 22:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2011/04/12 22:03:33 | 000,000,000 | ---D | C] -- C:\extensions
[2011/04/12 21:50:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/12 21:48:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/11 03:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeGamePick.com
[2011/04/11 03:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\FreeGamePick.com
[2011/04/09 11:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Start Menu\Programs\MYIE2
[2011/04/08 12:47:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ALI\Recent
[2011/04/05 13:11:50 | 000,000,000 | ---D | C] -- C:\control
[2011/04/04 12:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Pocket Tanks Deluxe
[2011/04/04 12:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\Pocket Tanks Deluxe
[2011/04/02 15:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\All Video Joiner
[2011/04/02 15:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\All Video Joiner
[2011/04/01 12:08:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/03/30 12:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Desktop\2011 Muzik
[2011/03/29 16:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/03/27 16:50:58 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/03/24 20:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\My Documents\GomPlayer
[2011/03/24 20:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\GRETECH
[2011/03/24 20:29:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GOM Player
[2011/03/24 20:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2011/03/23 22:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Desktop\Den
[2011/03/22 22:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/22 22:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ALLConverter PRO
[2011/03/22 22:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\ALLConverter
[2011/03/22 22:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\ALLConverter PRO
[2011/03/22 22:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenSubtitlesPlayer
[2011/03/22 22:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\ALLPlayer
[2011/03/22 22:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSubtitlesPlayer
[2011/03/21 11:08:30 | 000,305,152 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2011/03/18 15:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\IGC
[2011/03/18 11:19:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/13 18:31:54 | 039,447,328 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/04/13 18:23:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1177238915-725345543-1003UA.job
[2011/04/13 18:02:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/13 15:35:50 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D5E359FE-18D3-4EDA-90CF-4EE7AB928AD4}.job
[2011/04/13 15:28:09 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/13 15:24:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALI\Desktop\OTL.exe
[2011/04/13 15:18:11 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/13 15:18:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/13 15:18:05 | 937,938,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/13 15:13:16 | 000,992,288 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2011/04/13 15:13:16 | 000,556,028 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/04/13 15:13:16 | 000,109,940 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2011/04/13 02:00:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MAGMA-ALI.job
[2011/04/12 23:38:44 | 000,014,590 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\Don_t_be_afraid_of_the_dark_Eng_2011_DVDrip_XvID-[Fenopy.eu].torrent
[2011/04/12 22:05:01 | 000,016,773 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\The.Girl.With.The.Dragon.Tattoo[2009]DvDrip-aXXo.5670645.TPB.torrent
[2011/04/12 22:01:51 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/04/12 22:00:49 | 000,033,770 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\26A4D05CA746E2A4DA00180181965311ABCF04C6.torrent
[2011/04/12 21:58:01 | 000,028,534 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\Don__039_t_Be_Afraid_of_The_Dark_DVD_rip_avi.torrent
[2011/04/12 21:41:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/12 16:09:41 | 000,035,295 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\Fraz Ali _CV latest.pdf
[2011/04/12 15:44:04 | 001,428,174 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\165621710161870_32760.mp4
[2011/04/12 02:44:25 | 010,488,748 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\137651706308368_25484.mp4
[2011/04/12 01:50:18 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\ALI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/11 13:23:02 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1177238915-725345543-1003Core.job
[2011/04/11 03:03:02 | 000,001,783 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\Chess Mafia.lnk
[2011/04/10 15:54:36 | 000,470,601 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\IELTS Preparation Tips.mht
[2011/04/09 15:23:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/09 11:43:36 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\MYIE2.lnk
[2011/04/07 11:13:42 | 000,032,721 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\DP_AnnualAccounts_2009.pdf
[2011/04/06 13:57:03 | 000,447,676 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\232.pdf
[2011/04/05 13:14:12 | 000,000,926 | ---- | M] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to edict.lnk
[2011/04/05 02:27:42 | 000,156,547 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\assessment-levels.pdf
[2011/04/04 12:50:58 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\Pocket Tanks Deluxe.lnk
[2011/04/02 15:43:37 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\All Video Joiner.lnk
[2011/04/02 00:57:47 | 000,966,016 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\IELTSApplicationFormNovember2010.pdf
[2011/04/01 14:15:27 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/03/27 20:39:16 | 000,065,649 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\scan0114.jpg
[2011/03/26 19:55:49 | 000,865,555 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\AEO Newsletter 1-2011.pdf
[2011/03/26 11:21:37 | 000,006,820 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/24 20:29:24 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/03/23 21:41:40 | 000,094,639 | ---- | M] () -- C:\Documents and Settings\ALI\My Documents\Technical-Jobs-in-Islamabad-Based-Construction-Company.jpg
[2011/03/22 22:42:49 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\ALLConverter PRO.lnk
[2011/03/22 22:42:49 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ALLConverter PRO.lnk
[2011/03/22 22:42:22 | 000,001,671 | ---- | M] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenSubtitlesPlayer V4.6.lnk
[2011/03/22 22:42:22 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\OpenSubtitlesPlayer V4.6.lnk
[2011/03/18 11:15:30 | 000,000,339 | ---- | M] () -- C:\Boot.bak
[2011/03/17 11:34:37 | 000,334,731 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\Techlogix-Pakistan-Jobs.JPG
[2011/03/17 11:34:07 | 000,495,072 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\Pizza-Hut-Pakistan-Jobs.JPG
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/12 23:38:43 | 000,014,590 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\Don_t_be_afraid_of_the_dark_Eng_2011_DVDrip_XvID-[Fenopy.eu].torrent
[2011/04/12 22:05:01 | 000,016,773 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\The.Girl.With.The.Dragon.Tattoo[2009]DvDrip-aXXo.5670645.TPB.torrent
[2011/04/12 22:00:49 | 000,033,770 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\26A4D05CA746E2A4DA00180181965311ABCF04C6.torrent
[2011/04/12 21:58:00 | 000,028,534 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\Don__039_t_Be_Afraid_of_The_Dark_DVD_rip_avi.torrent
[2011/04/12 16:10:39 | 000,035,295 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\Fraz Ali _CV latest.pdf
[2011/04/12 15:43:31 | 001,428,174 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\165621710161870_32760.mp4
[2011/04/12 02:41:29 | 010,488,748 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\137651706308368_25484.mp4
[2011/04/11 03:03:02 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\Chess Mafia.lnk
[2011/04/10 15:54:27 | 000,470,601 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\IELTS Preparation Tips.mht
[2011/04/09 11:43:36 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\MYIE2.lnk
[2011/04/07 11:13:42 | 000,032,721 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\DP_AnnualAccounts_2009.pdf
[2011/04/06 13:56:53 | 000,447,676 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\232.pdf
[2011/04/05 13:14:12 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to edict.lnk
[2011/04/05 02:27:20 | 000,156,547 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\assessment-levels.pdf
[2011/04/04 12:50:58 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\Pocket Tanks Deluxe.lnk
[2011/04/02 15:43:37 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\All Video Joiner.lnk
[2011/04/02 00:56:08 | 000,966,016 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\IELTSApplicationFormNovember2010.pdf
[2011/03/29 16:43:16 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/03/27 20:39:25 | 000,065,649 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\scan0114.jpg
[2011/03/26 19:55:29 | 000,865,555 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\AEO Newsletter 1-2011.pdf
[2011/03/26 11:21:37 | 000,006,820 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/24 20:29:24 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/03/23 21:39:08 | 000,094,639 | ---- | C] () -- C:\Documents and Settings\ALI\My Documents\Technical-Jobs-in-Islamabad-Based-Construction-Company.jpg
[2011/03/22 22:42:49 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\ALLConverter PRO.lnk
[2011/03/22 22:42:49 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ALLConverter PRO.lnk
[2011/03/22 22:42:22 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenSubtitlesPlayer V4.6.lnk
[2011/03/22 22:42:22 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\OpenSubtitlesPlayer V4.6.lnk
[2011/03/22 22:41:56 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2011/03/22 10:53:22 | 937,938,944 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/17 11:34:37 | 000,334,731 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\Techlogix-Pakistan-Jobs.JPG
[2011/03/17 11:34:07 | 000,495,072 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\Pizza-Hut-Pakistan-Jobs.JPG
[2011/02/22 15:49:08 | 000,042,379 | ---- | C] () -- C:\WINDOWS\convfac.ini
[2011/02/22 15:49:08 | 000,014,775 | ---- | C] () -- C:\WINDOWS\convit.ini
[2011/02/15 13:27:23 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2011/02/07 11:12:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/07 11:12:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/07 11:12:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/07 11:12:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/07 11:12:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/06 17:18:44 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage3.dll
[2011/02/06 17:18:44 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2011/02/06 17:18:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2011/02/06 17:18:43 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe
[2011/01/24 19:39:08 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pwdremover.dat
[2011/01/24 19:39:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\verypdf.ini
[2011/01/21 16:11:39 | 000,000,070 | ---- | C] () -- C:\WINDOWS\GECKOS.INI
[2011/01/14 17:09:27 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011/01/14 17:09:27 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011/01/14 17:09:27 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011/01/14 17:09:26 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2011/01/14 15:59:21 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2011/01/08 17:52:27 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/26 01:35:27 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\ALI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/26 01:31:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/26 01:28:18 | 003,568,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/26 01:26:00 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/12/26 01:25:58 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/12/26 01:25:58 | 000,568,850 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010/12/26 01:25:58 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/12/26 01:25:57 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/12/26 01:25:56 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/26 01:25:55 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2010/12/26 01:19:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/12/26 01:17:48 | 000,021,896 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/12/26 01:11:37 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/12/26 01:09:03 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/12/26 01:09:03 | 000,128,813 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/12/26 01:08:01 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/12/26 01:07:56 | 000,021,582 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/12/26 01:07:44 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/12/25 23:51:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/12/25 23:46:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/10/05 16:18:24 | 000,013,924 | ---- | C] () -- C:\WINDOWS\System32\drivers\klop.dat
[2007/01/04 14:26:24 | 000,082,061 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2007/01/04 14:26:24 | 000,081,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2007/01/04 14:26:04 | 039,447,328 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2007/01/04 14:26:04 | 000,992,288 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2004/09/01 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/01 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/01 13:00:00 | 000,395,530 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/09/01 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/01 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/01 13:00:00 | 000,059,644 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/09/01 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/01 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/01 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/09/01 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/01 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/01 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/09/01 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== Alternate Data Streams ==========
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
[color="#FF0000"]*****************************************************************************************************[/color]
[color="#FF0000"]
[/color]
OTL Extras logfile created on: 4/13/2011 6:35:11 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\ALI\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
894.00 Mb Total Physical Memory | 631.00 Mb Available Physical Memory | 71.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 1.25 Gb Free Space | 4.99% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 2.53 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
Drive E: | 49.70 Gb Total Space | 1.61 Gb Free Space | 3.23% Space Free | Partition Type: NTFS
Drive F: | 49.34 Gb Total Space | 1.65 Gb Free Space | 3.34% Space Free | Partition Type: NTFS
Drive G: | 6.34 Gb Total Space | 0.59 Gb Free Space | 9.36% Space Free | Partition Type: FAT32
Drive H: | 12.64 Gb Total Space | 6.53 Gb Free Space | 51.67% Space Free | Partition Type: FAT32
Drive J: | 298.09 Gb Total Space | 12.97 Gb Free Space | 4.35% Space Free | Partition Type: NTFS
Computer Name: MAGMA | User Name: ALI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{078E59A5-668C-D895-1BFF-68AB834A95F3}" = Catalyst Control Center Graphics Full New
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B6E7EA9-D17E-A9BB-7CE0-A1C737EFB5EE}" = Catalyst Control Center Localization Swedish
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FE9DBCE-AB97-90AC-DC4B-BB6C2EDAFF71}" = CCC Help Hungarian
"{12F9942A-E85D-44A6-B054-0B3BC9009625}" = Opera 10.01
"{155FD632-60F5-A777-538C-3194E889C1D0}" = Catalyst Control Center Localization Greek
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{181EAEE6-AAE5-485B-8BAC-0FB564626781}" = Brava! Reader 7.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1E44E5A6-4DCE-F13F-E00E-22076CE97FEA}" = CCC Help Turkish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26C70E22-6E6D-B28F-9039-5E2052C2A3BB}" = CCC Help Danish
"{29138741-C0FD-3812-EA30-3D4790DBF951}" = CCC Help Korean
"{2BFCBEDB-79F3-17C4-67B8-A0098E214F6A}" = Catalyst Control Center Graphics Full Existing
"{324B54DB-8576-73C9-7089-9373FFD85E18}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{38797561-17CD-94D2-F422-D83D5133B427}" = CCC Help Chinese Standard
"{3A6898A1-538B-562F-7339-8C5DA25B7254}" = Catalyst Control Center Localization Polish
"{3D190422-5A11-BB51-18B8-7C404DB0E46A}" = Catalyst Control Center Localization Chinese Standard
"{4063CCFF-AEB3-B34C-7D1A-4B32CE46E368}" = CCC Help German
"{41D38ED0-B916-667A-FDD2-965D04D128D5}" = CCC Help Spanish
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4FB3FCC4-AAB5-AED5-4412-B21DABE87025}" = Catalyst Control Center Localization Korean
"{4FDF7A38-81F4-55F3-1661-CC211DBC96A2}" = CCC Help English
"{52E1EC3F-B8E4-19B5-7EE6-A728B64A4310}" = CCC Help Swedish
"{55BD9B64-A9A8-44DF-E4AE-BDF60F5D4E90}" = CCC Help Thai
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5B014615-5EB8-EE17-4256-A7B1640819A3}" = CCC Help Italian
"{5B852893-9997-AE56-ED51-5F332938B543}" = Skins
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64417030-62FB-42EE-99AD-02231A56E862}" = BomberMan Collection
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E33F77B-952D-0FF5-87C4-7CDB66B0E8A1}" = Catalyst Control Center Localization Czech
"{709A7F8D-E1DA-A26F-2C10-B91CDA616FD9}" = CCC Help Portuguese
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"{79DE041C-BCA2-EFBF-5BC1-B89CCC2893D2}" = CCC Help Polish
"{7BD95C90-3FAA-F55C-E9C2-2951F19474A2}" = Catalyst Control Center Localization Portuguese
"{80B4EB2E-F609-F443-E114-5D935412F085}" = CCC Help Greek
"{80EB1351-E642-33EA-0BF9-C681D616E270}" = CCC Help Czech
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{854B9E99-4007-E575-8E8E-3EDFA5B64CA9}" = CCC Help Dutch
"{8D5C88CA-2B55-C174-5AC3-643A638C91C8}" = Catalyst Control Center Localization Italian
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90502AE6-C689-A70E-D03D-1AFB6C233EA0}" = Catalyst Control Center Localization Norwegian
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.1
"{96639158-501C-D2C4-D25A-B6A86AA4B906}" = Catalyst Control Center Localization Danish
"{977AB934-E01A-DDEC-CF30-B686D5C0A248}" = Catalyst Control Center Localization French
"{982476DE-F2B9-00B0-36E3-DA06948EC1B4}" = Catalyst Control Center Localization Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4E913EC-8F82-14BB-F31F-0B983F540968}" = Catalyst Control Center Localization Spanish
"{A75BF1D0-C7C3-CB55-EE17-3225387FD154}" = ccc-core-static
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA39701D-F5EA-7EC9-D311-08AB84970CD8}" = Catalyst Control Center Localization German
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AD69F082-B9EE-29BE-14A9-6B453A0B644A}" = CCC Help Japanese
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C122B78E-8ACA-BDF3-D150-78B26C3C4B94}" = Catalyst Control Center Graphics Light
"{C1E28A5C-94A0-DE77-52FC-177C2930FC48}" = Catalyst Control Center Localization Hungarian
"{C7DA7D9E-56A7-1E08-1B47-427AE3B0C254}" = Catalyst Control Center Core Implementation
"{CBE269E6-CB57-7F2E-3A11-3FF3DE4C1B5D}" = CCC Help Norwegian
"{CFAF33CA-01A5-5FD7-70F4-0195A0FBFD8E}" = CCC Help French
"{D0CA80F4-880D-8929-A78D-54E2CC46565D}" = Catalyst Control Center Localization Dutch
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB40817E-C5E6-6818-47F2-0359EAE14271}" = Catalyst Control Center Localization Japanese
"{DC49E045-EB3F-9A88-7404-933FF86D9E2F}" = CCC Help Finnish
"{E0DB1A31-F468-8E22-B158-C7756F4DE68E}" = CCC Help Russian
"{E0FF82C1-E2DE-D6D3-A264-F9FBCFFE7D24}" = Catalyst Control Center Localization Russian
"{E33A3E61-E7DA-65FB-75B4-AA68B6F9D83B}" = ccc-utility
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E65906BF-1BB5-0D31-A62C-54A56B687EF5}" = Catalyst Control Center Localization Thai
"{E97C3316-8C49-2267-0976-C6A56C5DC2F8}" = Catalyst Control Center Localization Turkish
"{F0C2AD51-9F09-4B75-82EE-74DA80F708D8}" = Nitro PDF Professional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17CE6DC-028C-C02E-3739-2C2802C08D7C}" = Catalyst Control Center Localization Chinese Traditional
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"All Video Joiner_is1" = All Video Joiner 3.6
"Ambush Pack for Pocket Tanks Deluxe_is1" = Ambush Pack 1.00 for Pocket Tanks Deluxe
"ATI Display Driver" = ATI Display Driver
"Audio File Cutter_is1" = Audio File Cutter 3.40
"BurstCopy_is1" = BurstCopy v2.700
"Chaos Pack for Pocket Tanks Deluxe_is1" = Chaos Pack 1.00 for Pocket Tanks Deluxe
"Chess Mafia_is1" = Chess Mafia
"DivX Setup.divx.com" = DivX Setup
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EWED 2000 A" = Microsoft Encarta World English Dictionary
"Flamethrower Pack for Pocket Tanks Deluxe_is1" = Flamethrower Pack 1.00 for Pocket Tanks Deluxe
"Foxit Reader" = Foxit Reader
"Fuzz Pack for Pocket Tanks Deluxe_is1" = Fuzz Pack v1.0 for Pocket Tanks Deluxe
"GOM Player" = GOM Player
"Gravity Pack for Pocket Tanks Deluxe_is1" = Gravity Pack v1.1 for Pocket Tanks Deluxe
"ie8" = Windows Internet Explorer 8
"InstallWIX_{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.53
"Magic Pack for Pocket Tanks Deluxe_is1" = Magic Pack v1.0 for Pocket Tanks Deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MYIE2" = MYIE2 Browser (remove only)
"Nano Pack for Pocket Tanks Deluxe_is1" = Nano Pack v1.0 for Pocket Tanks Deluxe
"Nokia PC Suite" = Nokia PC Suite
"Nuke Pack for Pocket Tanks Deluxe_is1" = Nuke Pack 1.00 for Pocket Tanks Deluxe
"OpenSubtitlesPlayer_is1" = OpenSubtitlesPlayer V4.X
"Party Pack for Pocket Tanks Deluxe_is1" = Party Pack for Pocket Tanks Deluxe
"PDF Password Remover v2.2_is1" = PDF Password Remover v2.2
"Pocket Tanks Deluxe_is1" = Pocket Tanks Deluxe 1.00b
"Product_Name" = TEKKEN 3
"RAR Password Cracker" = RAR Password Cracker 4.12
"Snowball Pack for Pocket Tanks Deluxe_is1" = Snowball Pack v1.1 for Pocket Tanks Deluxe
"Super Pack for Pocket Tanks Deluxe_is1" = Super Pack v1.11 for Pocket Tanks Deluxe
"TheChatPhone Toolbar" = TheChatPhone Toolbar
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 1.0.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zynga Toolbar" = Zynga Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2/2/2011 11:41:28 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0ecdadb2.
Error - 2/3/2011 6:13:49 AM | Computer Name = MAGMA | Source = Application Hang | ID = 1002
Description = Hanging application mplayerc.exe, version 6.4.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 2/3/2011 6:45:51 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0xee2386ab.
Error - 2/3/2011 1:28:43 PM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x175d15ca.
Error - 2/4/2011 12:22:18 PM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x003475d1.
Error - 2/5/2011 5:04:52 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.
Error - 2/5/2011 6:45:04 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x189da8a2.
Error - 2/6/2011 7:50:34 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0xee2386ab.
Error - 2/6/2011 8:33:11 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0e22f892.
Error - 2/6/2011 8:37:22 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x100cfcb2.
[ Application Events ]
Error - 2/2/2011 11:41:28 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0ecdadb2.
Error - 2/3/2011 6:13:49 AM | Computer Name = MAGMA | Source = Application Hang | ID = 1002
Description = Hanging application mplayerc.exe, version 6.4.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 2/3/2011 6:45:51 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0xee2386ab.
Error - 2/3/2011 1:28:43 PM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x175d15ca.
Error - 2/4/2011 12:22:18 PM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x003475d1.
Error - 2/5/2011 5:04:52 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.
Error - 2/5/2011 6:45:04 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x189da8a2.
Error - 2/6/2011 7:50:34 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.21
-
[size="4"][color="#0000FF"]Sory i was checking whether system works normaly or not..................[/color][/size]
[size="4"] [/size]
[size="4"][color="#0000FF"]But after the last run of combofix with script you have mentioned.............Problem arises again[/color][/size]
here the logs
******************************************************************************************************************
OTL logfile created on: 4/13/2011 6:35:11 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\ALI\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
894.00 Mb Total Physical Memory | 631.00 Mb Available Physical Memory | 71.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 1.25 Gb Free Space | 4.99% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 2.53 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
Drive E: | 49.70 Gb Total Space | 1.61 Gb Free Space | 3.23% Space Free | Partition Type: NTFS
Drive F: | 49.34 Gb Total Space | 1.65 Gb Free Space | 3.34% Space Free | Partition Type: NTFS
Drive G: | 6.34 Gb Total Space | 0.59 Gb Free Space | 9.36% Space Free | Partition Type: FAT32
Drive H: | 12.64 Gb Total Space | 6.53 Gb Free Space | 51.67% Space Free | Partition Type: FAT32
Drive J: | 298.09 Gb Total Space | 12.97 Gb Free Space | 4.35% Space Free | Partition Type: NTFS
Computer Name: MAGMA | User Name: ALI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color="#E56717"]========== Processes (SafeList) ==========[/color]
PRC - [2011/04/13 15:24:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALI\Desktop\OTL.exe
PRC - [2010/12/26 01:31:49 | 003,179,952 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2010/11/12 16:06:50 | 000,197,632 | ---- | M] () -- C:\Program Files\TheChatPhone Toolbar\TbHelper2.exe
PRC - [2009/10/15 14:51:51 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2008/11/10 01:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/10/05 16:18:50 | 000,230,664 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
PRC - [2004/09/01 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[color="#E56717"]========== Modules (SafeList) ==========[/color]
MOD - [2011/04/13 15:24:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALI\Desktop\OTL.exe
MOD - [2009/03/26 20:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2004/09/01 13:00:00 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[color="#E56717"]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/11/10 01:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/10/05 16:18:50 | 000,230,664 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe -- (AVP)
SRV - [2007/02/21 17:26:40 | 000,151,552 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe -- (bepldr)
[color="#E56717"]========== Driver Services (SafeList) ==========[/color]
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/03/25 14:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/10/05 14:48:04 | 000,190,736 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2007/07/18 15:39:54 | 000,110,096 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2007/05/30 18:49:06 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2007/03/26 16:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/03 01:03:24 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/13 23:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
[color="#E56717"]========== Standard Registry (SafeList) ==========[/color]
[color="#E56717"]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.thechatphone.com (http://"http://search.thechatphone.com")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ (http://"http://www.google.com/")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color="#E56717"]========== FireFox ==========[/color]
FF - prefs.js..extensions.enabledItems: [email protected]:1.2009p
FF - prefs.js..extensions.enabledItems: {e2fda1a4-762b-4020-b5ad-a41df1933103}:1.0b1
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/28 23:19:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/28 23:19:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/02/03 13:48:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
[2011/02/03 13:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ALI\Application Data\Mozilla\Extensions
[2011/02/03 13:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ALI\Application Data\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2011/02/03 13:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ALI\Application Data\Mozilla\Sunbird\Profiles\02738zse.default\extensions
[2011/02/03 13:48:42 | 000,000,000 | ---D | M] (Lightning stub extension for Sunbird) -- C:\PROGRAM FILES\MOZILLA SUNBIRD\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
[2011/02/03 13:48:42 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\MOZILLA SUNBIRD\EXTENSIONS\[email protected]
[2011/03/22 22:45:06 | 000,002,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchostpl.xml
O1 HOSTS File: ([2011/04/12 21:41:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (TBSB02381 Class) - {77245F75-3D8C-40CD-8F64-F9AA1388406F} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\OpenSubtitlesPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (TheChatPhone Toolbar) - {01193D00-C7F9-4C26-92A2-1CA91F170068} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (TheChatPhone Toolbar) - {01193D00-C7F9-4C26-92A2-1CA91F170068} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm ()
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (http://"http://office.microsoft.com/sites/production/ieawsdc32.cab") (Microsoft Office Template and Media Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (http://"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab") (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (http://"http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab") (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\ALI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ALI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/25 23:49:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color="#E56717"]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011/04/13 15:24:02 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ALI\Desktop\OTL.exe
[2011/04/12 22:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2011/04/12 22:03:33 | 000,000,000 | ---D | C] -- C:\extensions
[2011/04/12 21:50:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/12 21:48:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/11 03:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeGamePick.com
[2011/04/11 03:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\FreeGamePick.com
[2011/04/09 11:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Start Menu\Programs\MYIE2
[2011/04/08 12:47:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ALI\Recent
[2011/04/05 13:11:50 | 000,000,000 | ---D | C] -- C:\control
[2011/04/04 12:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Pocket Tanks Deluxe
[2011/04/04 12:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\Pocket Tanks Deluxe
[2011/04/02 15:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\All Video Joiner
[2011/04/02 15:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\All Video Joiner
[2011/04/01 12:08:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/03/30 12:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Desktop\2011 Muzik
[2011/03/29 16:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/03/27 16:50:58 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/03/24 20:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\My Documents\GomPlayer
[2011/03/24 20:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\GRETECH
[2011/03/24 20:29:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GOM Player
[2011/03/24 20:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2011/03/23 22:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Desktop\Den
[2011/03/22 22:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/22 22:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ALLConverter PRO
[2011/03/22 22:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\ALLConverter
[2011/03/22 22:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\ALLConverter PRO
[2011/03/22 22:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenSubtitlesPlayer
[2011/03/22 22:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\ALLPlayer
[2011/03/22 22:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSubtitlesPlayer
[2011/03/21 11:08:30 | 000,305,152 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2011/03/18 15:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\IGC
[2011/03/18 11:19:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color="#E56717"]========== Files - Modified Within 30 Days ==========[/color]
[2011/04/13 18:31:54 | 039,447,328 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/04/13 18:23:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1177238915-725345543-1003UA.job
[2011/04/13 18:02:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/13 15:35:50 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D5E359FE-18D3-4EDA-90CF-4EE7AB928AD4}.job
[2011/04/13 15:28:09 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/13 15:24:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALI\Desktop\OTL.exe
[2011/04/13 15:18:11 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/13 15:18:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/13 15:18:05 | 937,938,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/13 15:13:16 | 000,992,288 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2011/04/13 15:13:16 | 000,556,028 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/04/13 15:13:16 | 000,109,940 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2011/04/13 02:00:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MAGMA-ALI.job
[2011/04/12 23:38:44 | 000,014,590 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\Don_t_be_afraid_of_the_dark_Eng_2011_DVDrip_XvID-[Fenopy.eu].torrent
[2011/04/12 22:05:01 | 000,016,773 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\The.Girl.With.The.Dragon.Tattoo[2009]DvDrip-aXXo.5670645.TPB.torrent
[2011/04/12 22:01:51 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/04/12 22:00:49 | 000,033,770 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\26A4D05CA746E2A4DA00180181965311ABCF04C6.torrent
[2011/04/12 21:58:01 | 000,028,534 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\Don__039_t_Be_Afraid_of_The_Dark_DVD_rip_avi.torrent
[2011/04/12 21:41:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/12 16:09:41 | 000,035,295 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\Fraz Ali _CV latest.pdf
[2011/04/12 15:44:04 | 001,428,174 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\165621710161870_32760.mp4
[2011/04/12 02:44:25 | 010,488,748 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\137651706308368_25484.mp4
[2011/04/12 01:50:18 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\ALI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/11 13:23:02 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1177238915-725345543-1003Core.job
[2011/04/11 03:03:02 | 000,001,783 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\Chess Mafia.lnk
[2011/04/10 15:54:36 | 000,470,601 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\IELTS Preparation Tips.mht
[2011/04/09 15:23:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/09 11:43:36 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\MYIE2.lnk
[2011/04/07 11:13:42 | 000,032,721 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\DP_AnnualAccounts_2009.pdf
[2011/04/06 13:57:03 | 000,447,676 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\232.pdf
[2011/04/05 13:14:12 | 000,000,926 | ---- | M] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to edict.lnk
[2011/04/05 02:27:42 | 000,156,547 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\assessment-levels.pdf
[2011/04/04 12:50:58 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\Pocket Tanks Deluxe.lnk
[2011/04/02 15:43:37 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\All Video Joiner.lnk
[2011/04/02 00:57:47 | 000,966,016 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\IELTSApplicationFormNovember2010.pdf
[2011/04/01 14:15:27 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/03/27 20:39:16 | 000,065,649 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\scan0114.jpg
[2011/03/26 19:55:49 | 000,865,555 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\AEO Newsletter 1-2011.pdf
[2011/03/26 11:21:37 | 000,006,820 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/24 20:29:24 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/03/23 21:41:40 | 000,094,639 | ---- | M] () -- C:\Documents and Settings\ALI\My Documents\Technical-Jobs-in-Islamabad-Based-Construction-Company.jpg
[2011/03/22 22:42:49 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\ALLConverter PRO.lnk
[2011/03/22 22:42:49 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ALLConverter PRO.lnk
[2011/03/22 22:42:22 | 000,001,671 | ---- | M] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenSubtitlesPlayer V4.6.lnk
[2011/03/22 22:42:22 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\OpenSubtitlesPlayer V4.6.lnk
[2011/03/18 11:15:30 | 000,000,339 | ---- | M] () -- C:\Boot.bak
[2011/03/17 11:34:37 | 000,334,731 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\Techlogix-Pakistan-Jobs.JPG
[2011/03/17 11:34:07 | 000,495,072 | ---- | M] () -- C:\Documents and Settings\ALI\Desktop\Pizza-Hut-Pakistan-Jobs.JPG
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color="#E56717"]========== Files Created - No Company Name ==========[/color]
[2011/04/12 23:38:43 | 000,014,590 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\Don_t_be_afraid_of_the_dark_Eng_2011_DVDrip_XvID-[Fenopy.eu].torrent
[2011/04/12 22:05:01 | 000,016,773 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\The.Girl.With.The.Dragon.Tattoo[2009]DvDrip-aXXo.5670645.TPB.torrent
[2011/04/12 22:00:49 | 000,033,770 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\26A4D05CA746E2A4DA00180181965311ABCF04C6.torrent
[2011/04/12 21:58:00 | 000,028,534 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\Don__039_t_Be_Afraid_of_The_Dark_DVD_rip_avi.torrent
[2011/04/12 16:10:39 | 000,035,295 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\Fraz Ali _CV latest.pdf
[2011/04/12 15:43:31 | 001,428,174 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\165621710161870_32760.mp4
[2011/04/12 02:41:29 | 010,488,748 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\137651706308368_25484.mp4
[2011/04/11 03:03:02 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\Chess Mafia.lnk
[2011/04/10 15:54:27 | 000,470,601 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\IELTS Preparation Tips.mht
[2011/04/09 11:43:36 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\MYIE2.lnk
[2011/04/07 11:13:42 | 000,032,721 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\DP_AnnualAccounts_2009.pdf
[2011/04/06 13:56:53 | 000,447,676 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\232.pdf
[2011/04/05 13:14:12 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to edict.lnk
[2011/04/05 02:27:20 | 000,156,547 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\assessment-levels.pdf
[2011/04/04 12:50:58 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\Pocket Tanks Deluxe.lnk
[2011/04/02 15:43:37 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\All Video Joiner.lnk
[2011/04/02 00:56:08 | 000,966,016 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\IELTSApplicationFormNovember2010.pdf
[2011/03/29 16:43:16 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/03/27 20:39:25 | 000,065,649 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\scan0114.jpg
[2011/03/26 19:55:29 | 000,865,555 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\AEO Newsletter 1-2011.pdf
[2011/03/26 11:21:37 | 000,006,820 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/24 20:29:24 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/03/23 21:39:08 | 000,094,639 | ---- | C] () -- C:\Documents and Settings\ALI\My Documents\Technical-Jobs-in-Islamabad-Based-Construction-Company.jpg
[2011/03/22 22:42:49 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\ALLConverter PRO.lnk
[2011/03/22 22:42:49 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ALLConverter PRO.lnk
[2011/03/22 22:42:22 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\ALI\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenSubtitlesPlayer V4.6.lnk
[2011/03/22 22:42:22 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\OpenSubtitlesPlayer V4.6.lnk
[2011/03/22 22:41:56 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2011/03/22 10:53:22 | 937,938,944 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/17 11:34:37 | 000,334,731 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\Techlogix-Pakistan-Jobs.JPG
[2011/03/17 11:34:07 | 000,495,072 | ---- | C] () -- C:\Documents and Settings\ALI\Desktop\Pizza-Hut-Pakistan-Jobs.JPG
[2011/02/22 15:49:08 | 000,042,379 | ---- | C] () -- C:\WINDOWS\convfac.ini
[2011/02/22 15:49:08 | 000,014,775 | ---- | C] () -- C:\WINDOWS\convit.ini
[2011/02/15 13:27:23 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2011/02/07 11:12:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/07 11:12:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/07 11:12:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/07 11:12:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/07 11:12:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/06 17:18:44 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage3.dll
[2011/02/06 17:18:44 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2011/02/06 17:18:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2011/02/06 17:18:43 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe
[2011/01/24 19:39:08 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pwdremover.dat
[2011/01/24 19:39:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\verypdf.ini
[2011/01/21 16:11:39 | 000,000,070 | ---- | C] () -- C:\WINDOWS\GECKOS.INI
[2011/01/14 17:09:27 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011/01/14 17:09:27 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011/01/14 17:09:27 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011/01/14 17:09:26 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2011/01/14 15:59:21 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2011/01/08 17:52:27 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/26 01:35:27 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\ALI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/26 01:31:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/26 01:28:18 | 003,568,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/26 01:26:00 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/12/26 01:25:58 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/12/26 01:25:58 | 000,568,850 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010/12/26 01:25:58 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/12/26 01:25:57 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/12/26 01:25:56 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/26 01:25:55 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2010/12/26 01:19:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/12/26 01:17:48 | 000,021,896 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/12/26 01:11:37 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/12/26 01:09:03 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/12/26 01:09:03 | 000,128,813 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/12/26 01:08:01 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/12/26 01:07:56 | 000,021,582 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/12/26 01:07:44 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/12/25 23:51:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/12/25 23:46:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/10/05 16:18:24 | 000,013,924 | ---- | C] () -- C:\WINDOWS\System32\drivers\klop.dat
[2007/01/04 14:26:24 | 000,082,061 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2007/01/04 14:26:24 | 000,081,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2007/01/04 14:26:04 | 039,447,328 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2007/01/04 14:26:04 | 000,992,288 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2004/09/01 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/01 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/01 13:00:00 | 000,395,530 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/09/01 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/01 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/01 13:00:00 | 000,059,644 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/09/01 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/01 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/01 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/09/01 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/01 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/01 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/09/01 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[color="#E56717"]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
[color="#FF0000"]*****************************************************************************************************[/color]
OTL Extras logfile created on: 4/13/2011 6:35:11 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\ALI\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
894.00 Mb Total Physical Memory | 631.00 Mb Available Physical Memory | 71.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 1.25 Gb Free Space | 4.99% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 2.53 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
Drive E: | 49.70 Gb Total Space | 1.61 Gb Free Space | 3.23% Space Free | Partition Type: NTFS
Drive F: | 49.34 Gb Total Space | 1.65 Gb Free Space | 3.34% Space Free | Partition Type: NTFS
Drive G: | 6.34 Gb Total Space | 0.59 Gb Free Space | 9.36% Space Free | Partition Type: FAT32
Drive H: | 12.64 Gb Total Space | 6.53 Gb Free Space | 51.67% Space Free | Partition Type: FAT32
Drive J: | 298.09 Gb Total Space | 12.97 Gb Free Space | 4.35% Space Free | Partition Type: NTFS
Computer Name: MAGMA | User Name: ALI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color="#E56717"]========== Extra Registry (SafeList) ==========[/color]
[color="#E56717"]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[color="#E56717"]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color="#E56717"]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color="#E56717"]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
[color="#E56717"]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[color="#E56717"]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
[color="#E56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{078E59A5-668C-D895-1BFF-68AB834A95F3}" = Catalyst Control Center Graphics Full New
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B6E7EA9-D17E-A9BB-7CE0-A1C737EFB5EE}" = Catalyst Control Center Localization Swedish
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FE9DBCE-AB97-90AC-DC4B-BB6C2EDAFF71}" = CCC Help Hungarian
"{12F9942A-E85D-44A6-B054-0B3BC9009625}" = Opera 10.01
"{155FD632-60F5-A777-538C-3194E889C1D0}" = Catalyst Control Center Localization Greek
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{181EAEE6-AAE5-485B-8BAC-0FB564626781}" = Brava! Reader 7.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1E44E5A6-4DCE-F13F-E00E-22076CE97FEA}" = CCC Help Turkish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26C70E22-6E6D-B28F-9039-5E2052C2A3BB}" = CCC Help Danish
"{29138741-C0FD-3812-EA30-3D4790DBF951}" = CCC Help Korean
"{2BFCBEDB-79F3-17C4-67B8-A0098E214F6A}" = Catalyst Control Center Graphics Full Existing
"{324B54DB-8576-73C9-7089-9373FFD85E18}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{38797561-17CD-94D2-F422-D83D5133B427}" = CCC Help Chinese Standard
"{3A6898A1-538B-562F-7339-8C5DA25B7254}" = Catalyst Control Center Localization Polish
"{3D190422-5A11-BB51-18B8-7C404DB0E46A}" = Catalyst Control Center Localization Chinese Standard
"{4063CCFF-AEB3-B34C-7D1A-4B32CE46E368}" = CCC Help German
"{41D38ED0-B916-667A-FDD2-965D04D128D5}" = CCC Help Spanish
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4FB3FCC4-AAB5-AED5-4412-B21DABE87025}" = Catalyst Control Center Localization Korean
"{4FDF7A38-81F4-55F3-1661-CC211DBC96A2}" = CCC Help English
"{52E1EC3F-B8E4-19B5-7EE6-A728B64A4310}" = CCC Help Swedish
"{55BD9B64-A9A8-44DF-E4AE-BDF60F5D4E90}" = CCC Help Thai
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5B014615-5EB8-EE17-4256-A7B1640819A3}" = CCC Help Italian
"{5B852893-9997-AE56-ED51-5F332938B543}" = Skins
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64417030-62FB-42EE-99AD-02231A56E862}" = BomberMan Collection
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E33F77B-952D-0FF5-87C4-7CDB66B0E8A1}" = Catalyst Control Center Localization Czech
"{709A7F8D-E1DA-A26F-2C10-B91CDA616FD9}" = CCC Help Portuguese
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"{79DE041C-BCA2-EFBF-5BC1-B89CCC2893D2}" = CCC Help Polish
"{7BD95C90-3FAA-F55C-E9C2-2951F19474A2}" = Catalyst Control Center Localization Portuguese
"{80B4EB2E-F609-F443-E114-5D935412F085}" = CCC Help Greek
"{80EB1351-E642-33EA-0BF9-C681D616E270}" = CCC Help Czech
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{854B9E99-4007-E575-8E8E-3EDFA5B64CA9}" = CCC Help Dutch
"{8D5C88CA-2B55-C174-5AC3-643A638C91C8}" = Catalyst Control Center Localization Italian
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90502AE6-C689-A70E-D03D-1AFB6C233EA0}" = Catalyst Control Center Localization Norwegian
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.1
"{96639158-501C-D2C4-D25A-B6A86AA4B906}" = Catalyst Control Center Localization Danish
"{977AB934-E01A-DDEC-CF30-B686D5C0A248}" = Catalyst Control Center Localization French
"{982476DE-F2B9-00B0-36E3-DA06948EC1B4}" = Catalyst Control Center Localization Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4E913EC-8F82-14BB-F31F-0B983F540968}" = Catalyst Control Center Localization Spanish
"{A75BF1D0-C7C3-CB55-EE17-3225387FD154}" = ccc-core-static
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA39701D-F5EA-7EC9-D311-08AB84970CD8}" = Catalyst Control Center Localization German
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AD69F082-B9EE-29BE-14A9-6B453A0B644A}" = CCC Help Japanese
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C122B78E-8ACA-BDF3-D150-78B26C3C4B94}" = Catalyst Control Center Graphics Light
"{C1E28A5C-94A0-DE77-52FC-177C2930FC48}" = Catalyst Control Center Localization Hungarian
"{C7DA7D9E-56A7-1E08-1B47-427AE3B0C254}" = Catalyst Control Center Core Implementation
"{CBE269E6-CB57-7F2E-3A11-3FF3DE4C1B5D}" = CCC Help Norwegian
"{CFAF33CA-01A5-5FD7-70F4-0195A0FBFD8E}" = CCC Help French
"{D0CA80F4-880D-8929-A78D-54E2CC46565D}" = Catalyst Control Center Localization Dutch
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB40817E-C5E6-6818-47F2-0359EAE14271}" = Catalyst Control Center Localization Japanese
"{DC49E045-EB3F-9A88-7404-933FF86D9E2F}" = CCC Help Finnish
"{E0DB1A31-F468-8E22-B158-C7756F4DE68E}" = CCC Help Russian
"{E0FF82C1-E2DE-D6D3-A264-F9FBCFFE7D24}" = Catalyst Control Center Localization Russian
"{E33A3E61-E7DA-65FB-75B4-AA68B6F9D83B}" = ccc-utility
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E65906BF-1BB5-0D31-A62C-54A56B687EF5}" = Catalyst Control Center Localization Thai
"{E97C3316-8C49-2267-0976-C6A56C5DC2F8}" = Catalyst Control Center Localization Turkish
"{F0C2AD51-9F09-4B75-82EE-74DA80F708D8}" = Nitro PDF Professional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17CE6DC-028C-C02E-3739-2C2802C08D7C}" = Catalyst Control Center Localization Chinese Traditional
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"All Video Joiner_is1" = All Video Joiner 3.6
"Ambush Pack for Pocket Tanks Deluxe_is1" = Ambush Pack 1.00 for Pocket Tanks Deluxe
"ATI Display Driver" = ATI Display Driver
"Audio File Cutter_is1" = Audio File Cutter 3.40
"BurstCopy_is1" = BurstCopy v2.700
"Chaos Pack for Pocket Tanks Deluxe_is1" = Chaos Pack 1.00 for Pocket Tanks Deluxe
"Chess Mafia_is1" = Chess Mafia
"DivX Setup.divx.com" = DivX Setup
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EWED 2000 A" = Microsoft Encarta World English Dictionary
"Flamethrower Pack for Pocket Tanks Deluxe_is1" = Flamethrower Pack 1.00 for Pocket Tanks Deluxe
"Foxit Reader" = Foxit Reader
"Fuzz Pack for Pocket Tanks Deluxe_is1" = Fuzz Pack v1.0 for Pocket Tanks Deluxe
"GOM Player" = GOM Player
"Gravity Pack for Pocket Tanks Deluxe_is1" = Gravity Pack v1.1 for Pocket Tanks Deluxe
"ie8" = Windows Internet Explorer 8
"InstallWIX_{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.53
"Magic Pack for Pocket Tanks Deluxe_is1" = Magic Pack v1.0 for Pocket Tanks Deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MYIE2" = MYIE2 Browser (remove only)
"Nano Pack for Pocket Tanks Deluxe_is1" = Nano Pack v1.0 for Pocket Tanks Deluxe
"Nokia PC Suite" = Nokia PC Suite
"Nuke Pack for Pocket Tanks Deluxe_is1" = Nuke Pack 1.00 for Pocket Tanks Deluxe
"OpenSubtitlesPlayer_is1" = OpenSubtitlesPlayer V4.X
"Party Pack for Pocket Tanks Deluxe_is1" = Party Pack for Pocket Tanks Deluxe
"PDF Password Remover v2.2_is1" = PDF Password Remover v2.2
"Pocket Tanks Deluxe_is1" = Pocket Tanks Deluxe 1.00b
"Product_Name" = TEKKEN 3
"RAR Password Cracker" = RAR Password Cracker 4.12
"Snowball Pack for Pocket Tanks Deluxe_is1" = Snowball Pack v1.1 for Pocket Tanks Deluxe
"Super Pack for Pocket Tanks Deluxe_is1" = Super Pack v1.11 for Pocket Tanks Deluxe
"TheChatPhone Toolbar" = TheChatPhone Toolbar
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 1.0.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zynga Toolbar" = Zynga Toolbar
[color="#E56717"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
[color="#E56717"]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2/2/2011 11:41:28 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0ecdadb2.
Error - 2/3/2011 6:13:49 AM | Computer Name = MAGMA | Source = Application Hang | ID = 1002
Description = Hanging application mplayerc.exe, version 6.4.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 2/3/2011 6:45:51 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0xee2386ab.
Error - 2/3/2011 1:28:43 PM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x175d15ca.
Error - 2/4/2011 12:22:18 PM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x003475d1.
Error - 2/5/2011 5:04:52 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.
Error - 2/5/2011 6:45:04 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x189da8a2.
Error - 2/6/2011 7:50:34 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0xee2386ab.
Error - 2/6/2011 8:33:11 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0e22f892.
Error - 2/6/2011 8:37:22 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x100cfcb2.
[ Application Events ]
Error - 2/2/2011 11:41:28 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0ecdadb2.
Error - 2/3/2011 6:13:49 AM | Computer Name = MAGMA | Source = Application Hang | ID = 1002
Description = Hanging application mplayerc.exe, version 6.4.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 2/3/2011 6:45:51 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0xee2386ab.
Error - 2/3/2011 1:28:43 PM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x175d15ca.
Error - 2/4/2011 12:22:18 PM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x003475d1.
Error - 2/5/2011 5:04:52 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting mod
-
Can you give a little detail of exactly what kind of problems your having please
-
[quote name='guestolo' date='13 April 2011 - 06:53 PM' timestamp='1302702782' post='477963']
Can you give a little detail of exactly what kind of problems your having please
[/quote]
First a message of "Win32 generic host problem" appears & afterwards my desktop appearance blinks changes to classic window appearance & then reverts backs to its original xp appearance
but after that my audio stops working & i m not able to use internet......
in order to rectify audio problem i hav to go to control panel and add hardware......
but lan/internet problem persists there & i have to restart the pc in oder to get connect to internet again