Spyware ruined my Internet

[faraz]

the Problem i m facing is of strange nature

[color="#FF0000"]while using internet my desktop appearance  blinks changes to classic window appearance & then reverts backs to its original xp appearance[/color]

but after that my audio stops working & i  m not able to use internet......


in order to rectify audio problem i hav to go to control panel and add hardware......


but lan/internet problem persists there & i have to restart the pc in oder to get connect to internet again

while posting this topic i have to restart my pc at least 4 to 5 times

plz help me out of this trouble

***********************************************************************************



Logfile of Trend Micro HijackThis v2.0.4Scan saved at 9:09:35 PM, on 1/14/2011Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\Internet Download Manager\IDMan.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Documents and Settings\ALI\Desktop\HijackThis.exeR3 - URLSearchHook: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dllO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dllO2 - BHO: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO3 - Toolbar: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dllO3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dllO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htmO8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htmO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exeO23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe--End of file - 6668 bytes

[faraz]

I am facing a strange kind of problem......

i hav installed kasper antvirus and one of spyware remover recommended in one of  your topics

 
[color="#FF0000"]but while using internet suddenly appearance of windows xp blinks & changed to classic appearance [/color]
[color="#FF0000"]
[/color]
[color="#FF0000"]but just after a moment it reverts back to original appearance.......[/color].

after this thing my internet stops working as i got diss connected from internet LAN & also the audio driver stops working

and i have to go to "add hardware from control panel " and after this procedure i m able to listen the sound...... but problem remains with lan & i have to restart the system every time in order to get connected with internet....

i am tired of by restarting my system again and again..............


please help me out from this situation......i hav posted my hikack log file above

[faraz]

the Problem i m facing is of strange nature

[color="#FF0000"]while using internet my desktop appearance  blinks changes to classic window appearance & then reverts backs to its original xp appearance[/color]
[color="#FF0000"]
[/color]
but after that my audio stops working & i  m not able to use internet......


in order to rectify audio problem i hav to go to control panel and add hardware......


but lan/internet problem persists there & i have to restart the pc in oder to get connect to internet again


while posting this topic i have to restart my pc at least 3 to 4 times


plz help me out of this trouble

[guestolo]

Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

• Close all windows and right click on OTL.exe and choose to "Run as Administrator"
• Click Run Scan and let the program run uninterrupted.
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
  

[faraz]

[quote name='guestolo' date='16 January 2011 - 08:48 PM' timestamp='1295192926' post='474911']
Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

• Close all windows and right click on OTL.exe and choose to "Run as Administrator"
• Click Run Scan and let the program run uninterrupted.
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

[/quote]

********************************************************************************************************************
upon right click i didnt found any option to run as administrator...........i simply ran it

and i only got this otl.txt and no extras.txt is saved on desktop....

[color="#FF0000"]after this i m not aslo able to c my hidden files[/color]

*************************************************************************

OTL logfile created on: 1/17/2011 2:08:20 PM - Run 2
OTL by OldTimer - Version 3.2.20.2     Folder = C:\Documents and Settings\ALI\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
894.00 Mb Total Physical Memory | 232.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 10.76 Gb Free Space | 43.02% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 0.72 Gb Free Space | 2.89% Space Free | Partition Type: NTFS
Drive E: | 49.70 Gb Total Space | 0.79 Gb Free Space | 1.59% Space Free | Partition Type: NTFS
Drive F: | 49.34 Gb Total Space | 1.46 Gb Free Space | 2.96% Space Free | Partition Type: NTFS
Drive J: | 298.09 Gb Total Space | 5.53 Gb Free Space | 1.86% Space Free | Partition Type: NTFS
 
Computer Name: MAGMA | User Name: ALI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/01/17 14:04:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALI\Desktop\OTL.exe
PRC - [2010/12/26 01:31:49 | 003,179,952 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2010/08/12 17:15:19 | 001,355,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/08/12 17:15:19 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/10/15 14:51:51 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/10/05 16:18:50 | 000,230,664 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
PRC - [2004/09/01 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/01/17 14:04:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALI\Desktop\OTL.exe
MOD - [2009/03/26 20:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2004/09/01 13:00:00 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (xeoeobt)
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2010/08/12 17:15:19 | 001,355,416 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2007/10/05 16:18:50 | 000,230,664 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe -- (AVP)
SRV - [2007/02/21 17:26:40 | 000,151,552 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe -- (bepldr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/08/12 17:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/12 17:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/05/10 23:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/17 23:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/25 14:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/10/05 14:48:04 | 000,190,736 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2007/07/18 15:39:54 | 000,110,096 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2007/05/30 18:49:06 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2007/03/26 16:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/03 01:03:24 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/13 23:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2011/01/15 12:29:12 | 000,428,637 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 14760 more lines...
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (Kaspersky Lab)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm ()
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\ALI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ALI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/25 23:49:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/01/17 14:05:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ALI\Desktop\OTL.exe
[2011/01/16 15:29:42 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/01/16 15:23:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2011/01/16 15:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/01/16 15:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/01/16 15:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/01/15 19:53:36 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/01/15 19:53:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/01/15 03:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/15 03:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/15 03:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/01/14 21:09:22 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\ALI\Desktop\HijackThis.exe
[2011/01/14 18:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/14 18:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\SUPERAntiSpyware.com
[2011/01/14 18:55:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/01/14 18:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/14 17:09:27 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2011/01/14 17:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011/01/14 17:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Simply Super Software
[2011/01/14 16:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Threat Expert
[2011/01/14 15:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/01/14 15:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/10 22:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2011/01/10 22:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\MYIE2
[2011/01/09 21:09:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2011/01/09 21:08:40 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2011/01/08 17:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\skypePM
[2011/01/08 17:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/01/08 17:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/01/08 17:48:42 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/01/08 17:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Skype
[2011/01/08 15:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Contacts
[2011/01/08 15:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\My Documents\My Received Files
[2011/01/07 21:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\vlc
[2011/01/07 21:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Graboid_Inc
[2011/01/07 21:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Graboid
[2011/01/07 21:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Geckofx
[2011/01/07 21:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Mozilla
[2011/01/07 21:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/01/07 21:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2011/01/07 18:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\My Documents\OneNote Notebooks
[2011/01/07 14:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/01/05 21:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\GetRightToGo
[2011/01/05 21:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/01/05 21:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Conduit
[2011/01/05 21:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Brothersoft
[2011/01/05 21:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\ConduitEngine
[2011/01/05 21:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/01/05 21:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Brothersoft
[2011/01/05 12:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Start Menu\Programs\ImTOO
[2011/01/05 12:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\ImTOO
[2011/01/05 12:33:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/01/04 15:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Nokia
[2011/01/04 15:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\PC Suite
[2011/01/04 15:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/01/04 15:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia PC Suite
[2011/01/04 15:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2011/01/04 15:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2011/01/04 15:44:45 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2011/01/04 15:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2011/01/04 15:44:27 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2011/01/04 15:44:26 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2011/01/04 15:44:25 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll
[2011/01/04 15:44:25 | 000,662,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2011/01/04 15:44:25 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2011/01/04 15:44:23 | 000,092,672 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2011/01/04 15:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2011/01/04 15:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/01/04 15:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/01/03 19:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/01/03 19:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/01/03 19:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/01/03 19:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/01/03 19:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Adobe
[2011/01/03 15:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/01/01 15:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Encarta
[2011/01/01 15:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Encarta
[2010/12/31 15:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Nitro PDF
[2010/12/31 15:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BCL Technologies
[2010/12/31 15:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2010/12/31 15:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/12/31 15:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Downloaded Installations
[2010/12/31 11:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/12/31 11:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\uTorrent
[2010/12/30 15:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BurstCopy
[2010/12/30 15:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BurstCopy Labs
[2010/12/30 15:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\BurstCopy
[2010/12/30 15:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2010/12/30 15:34:27 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2010/12/30 15:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/12/30 15:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/12/30 15:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/12/30 15:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/12/30 15:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/12/30 15:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/12/30 15:28:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/12/30 15:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Microsoft Help
[2010/12/30 15:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/12/30 15:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/12/30 15:27:11 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/12/30 14:53:51 | 000,000,000 | ---D | C] -- C:\new movies
[2010/12/26 14:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\dvdcss
[2010/12/26 13:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Start Menu\Programs\Google Chrome
[2010/12/26 13:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Temp
[2010/12/26 13:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Google
[2010/12/26 13:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Deployment
[2010/12/26 13:16:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\ALI\UserData
[2010/12/26 12:35:00 | 000,000,000 | ---D | C] -- C:\PIX
[2010/12/26 11:07:21 | 000,000,000 | ---D | C] -- C:\D
[2010/12/26 11:07:19 | 000,000,000 | ---D | C] -- C:\COW
[2010/12/26 11:07:16 | 000,000,000 | ---D | C] -- C:\CAM
[2010/12/26 11:07:12 | 000,000,000 | ---D | C] -- C:\Birthday
[2010/12/26 11:00:24 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2010/12/26 09:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/12/26 01:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Media Player Classic
[2010/12/26 01:32:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2010/12/26 01:31:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/12/26 01:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/12/26 01:31:01 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2010/12/26 01:31:01 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2010/12/26 01:31:00 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2010/12/26 01:30:59 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2010/12/26 01:30:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2010/12/26 01:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/12/26 01:30:58 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll
[2010/12/26 01:30:58 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/12/26 01:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/12/26 01:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/12/26 01:30:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2010/12/26 01:30:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2010/12/26 01:30:56 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2010/12/26 01:30:56 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2010/12/26 01:30:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2010/12/26 01:30:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2010/12/26 01:30:56 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2010/12/26 01:30:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2010/12/26 01:30:54 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2010/12/26 01:30:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2010/12/26 01:30:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2010/12/26 01:30:53 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2010/12/26 01:30:53 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2010/12/26 01:30:53 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2010/12/26 01:30:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2010/12/26 01:30:53 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2010/12/26 01:30:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2010/12/26 01:30:52 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2010/12/26 01:30:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2010/12/26 01:30:52 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2010/12/26 01:30:52 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2010/12/26 01:30:52 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2010/12/26 01:30:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2010/12/26 01:30:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2010/12/26 01:30:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2010/12/26 01:30:51 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2010/12/26 01:30:51 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2010/12/26 01:30:51 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2010/12/26 01:30:51 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2010/12/26 01:30:51 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2010/12/26 01:30:51 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2010/12/26 01:30:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2010/12/26 01:30:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2010/12/26 01:30:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2010/12/26 01:30:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2010/12/26 01:30:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2010/12/26 01:30:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2010/12/26 01:30:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2010/12/26 01:30:50 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2010/12/26 01:30:50 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2010/12/26 01:30:50 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2010/12/26 01:30:50 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2010/12/26 01:30:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2010/12/26 01:30:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2010/12/26 01:30:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2010/12/26 01:30:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2010/12/26 01:30:50 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2010/12/26 01:30:50 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2010/12/26 01:30:50 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2010/12/26 01:30:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2010/12/26 01:30:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2010/12/26 01:30:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2010/12/26 01:30:49 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2010/12/26 01:30:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2010/12/26 01:30:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2010/12/26 01:30:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2010/12/26 01:30:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2010/12/26 01:30:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2010/12/26 01:30:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2010/12/26 01:30:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2010/12/26 01:30:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2010/12/26 01:30:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2010/12/26 01:30:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2010/12/26 01:30:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2010/12/26 01:30:47 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2010/12/26 01:30:47 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2010/12/26 01:30:47 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2010/12/26 01:30:47 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2010/12/26 01:30:47 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2010/12/26 01:30:47 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2010/12/26 01:30:47 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/12/26 01:30:47 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/12/26 01:30:47 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2010/12/26 01:30:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/12/26 01:30:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/12/26 01:30:47 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2010/12/26 01:30:47 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2010/12/26 01:30:47 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2010/12/26 01:30:46 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2010/12/26 01:30:46 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2010/12/26 01:30:46 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2010/12/26 01:30:46 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2010/12/26 01:30:46 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2010/12/26 01:30:46 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2010/12/26 01:30:46 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2010/12/26 01:30:46 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2010/12/26 01:30:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2010/12/26 01:30:46 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2010/12/26 01:30:46 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2010/12/26 01:30:46 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2010/12/26 01:30:46 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2010/12/26 01:30:46 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2010/12/26 01:30:45 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2010/12/26 01:30:45 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2010/12/26 01:30:45 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2010/12/26 01:30:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2010/12/26 01:30:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2010/12/26 01:30:45 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys
[2010/12/26 01:30:45 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\batt.dll
[2010/12/26 01:30:45 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2010/12/26 01:30:44 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2010/12/26 01:30:44 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2010/12/26 01:30:41 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2010/12/26 01:30:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2010/12/26 01:30:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/12/26 01:30:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/12/26 01:30:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/12/26 01:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/12/26 01:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/12/26 01:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\IDM
[2010/12/26 01:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\My Documents\Downloads
[2010/12/26 01:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\DMCache
[2010/12/26 01:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager
[2010/12/26 01:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Start Menu\Programs\Internet Download Manager
[2010/12/26 01:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2010/12/26 01:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\Opera
[2010/12/26 01:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Opera
[2010/12/26 01:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/12/26 01:28:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/12/26 01:28:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/12/26 01:28:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/12/26 01:28:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/12/26 01:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2010/12/26 01:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Foxit
[2010/12/26 01:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/12/26 01:28:19 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/12/26 01:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/12/26 01:26:10 | 000,065,536 | ---- | C] (Apple Computer, Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/12/26 01:26:10 | 000,049,152 | ---- | C] (Apple Computer, Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/12/26 01:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2010/12/26 01:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/12/26 01:26:01 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/12/26 01:26:01 | 000,176,167 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/12/26 01:26:01 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/12/26 01:26:01 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/12/26 01:26:00 | 001,650,688 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplva6.dll
[2010/12/26 01:26:00 | 001,581,056 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvw7.dll
[2010/12/26 01:26:00 | 001,552,384 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvm6.dll
[2010/12/26 01:26:00 | 001,122,304 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvpx.dll
[2010/12/26 01:25:59 | 001,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\WINDOWS\System32\vorbis.acm
[2010/12/26 01:25:59 | 000,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/12/26 01:25:58 | 001,415,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMV9VCM.dll
[2010/12/26 01:25:58 | 001,024,000 | ---- | C] (3ivx.com) -- C:\WINDOWS\System32\3ivx.dll
[2010/12/26 01:25:58 | 000,286,720 | ---- | C] (3ivx.com) -- C:\WINDOWS\System32\3ivxVfWCodec.dll
[2010/12/26 01:25:57 | 001,044,480 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libdivx.dll
[2010/12/26 01:25:57 | 000,619,156 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2010/12/26 01:25:57 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssldivx.dll
[2010/12/26 01:25:57 | 000,200,704 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dtu100.dll
[2010/12/26 01:25:57 | 000,090,112 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpl100.dll
[2010/12/26 01:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/12/26 01:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Real
[2010/12/26 01:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/12/26 01:22:40 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/12/26 01:22:40 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/12/26 01:22:40 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/12/26 01:22:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/12/26 01:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010/12/26 01:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/12/26 01:20:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/12/26 01:19:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ASUSInstAll
[2010/12/26 01:19:11 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2010/12/26 01:19:10 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2010/12/26 01:19:09 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2010/12/26 01:19:08 | 000,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2010/12/26 01:19:08 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2010/12/26 01:19:07 | 000,171,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2010/12/26 01:19:06 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2010/12/26 01:19:06 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2010/12/26 01:19:05 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2010/12/26 01:19:04 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2010/12/26 01:19:03 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2010/12/26 01:18:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010/12/26 01:18:54 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2010/12/26 01:18:54 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2010/12/26 01:18:54 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010/12/26 01:18:54 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2010/12/26 01:18:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2010/12/26 01:18:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2010/12/26 01:18:27 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010/12/26 01:18:23 | 000,086,016 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
[2010/12/26 01:18:22 | 001,822,720 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2010/12/26 01:18:22 | 001,191,936 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2010/12/26 01:18:22 | 000,282,624 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.cpl
[2010/12/26 01:18:20 | 009,715,200 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.exe
[2010/12/26 01:18:19 | 004,395,008 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2010/12/26 01:18:17 | 002,157,568 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2010/12/26 01:18:16 | 000,069,632 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2010/12/26 01:18:15 | 002,808,832 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2010/12/26 01:18:15 | 000,299,008 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSndMgr.cpl
[2010/12/26 01:18:12 | 000,520,192 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2010/12/26 01:18:12 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[2010/12/26 01:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Local Settings\Application Data\ATI
[2010/12/26 01:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\ATI
[2010/12/26 01:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/12/26 01:15:30 | 000,036,864 | ---- | C] (Advanced Micro Devices) -- C:\WINDOWS\System32\drivers\AmdK8.sys
[2010/12/26 01:15:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/12/26 01:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2010/12/26 01:11:37 | 000,130,432 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys
[2010/12/26 01:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/12/26 01:10:12 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/12/26 01:09:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/12/26 01:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2010/12/26 01:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Start Menu\Programs\WinRAR
[2010/12/26 01:09:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/12/26 01:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/12/26 01:09:04 | 000,307,200 | R--- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010/12/26 01:09:04 | 000,307,200 | R--- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2010/12/26 01:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/12/26 01:08:48 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/12/26 01:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/12/26 01:06:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/25 23:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI\Application Data\Identities
[2010/12/25 23:56:33 | 000,000,0

[guestolo]

reopen OTL.exe
When it opens, put all selections to NONE
EXCEPT under "Extra Registry" >> Select "Use Safelist"
Then click the Run Scan button

The scan won't take long, post back the contents of Extras.txt minimized in the taskbar or on desktop

[faraz]

OTL Extras logfile created on: 1/18/2011 1:56:06 PM - Run 4
OTL by OldTimer - Version 3.2.20.2     Folder = C:\Documents and Settings\ALI\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
894.00 Mb Total Physical Memory | 419.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 11.05 Gb Free Space | 44.20% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 0.72 Gb Free Space | 2.89% Space Free | Partition Type: NTFS
Drive E: | 49.70 Gb Total Space | 1.47 Gb Free Space | 2.96% Space Free | Partition Type: NTFS
Drive F: | 49.34 Gb Total Space | 1.46 Gb Free Space | 2.96% Space Free | Partition Type: NTFS
Drive J: | 298.09 Gb Total Space | 5.53 Gb Free Space | 1.86% Space Free | Partition Type: NTFS
 
Computer Name: MAGMA | User Name: ALI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3666:TCP" = 3666:TCP:*:Enabled:pqhtmzbg
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{078E59A5-668C-D895-1BFF-68AB834A95F3}" = Catalyst Control Center Graphics Full New
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B6E7EA9-D17E-A9BB-7CE0-A1C737EFB5EE}" = Catalyst Control Center Localization Swedish
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FE9DBCE-AB97-90AC-DC4B-BB6C2EDAFF71}" = CCC Help Hungarian
"{12F9942A-E85D-44A6-B054-0B3BC9009625}" = Opera 10.01
"{155FD632-60F5-A777-538C-3194E889C1D0}" = Catalyst Control Center Localization Greek
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1E44E5A6-4DCE-F13F-E00E-22076CE97FEA}" = CCC Help Turkish
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26C70E22-6E6D-B28F-9039-5E2052C2A3BB}" = CCC Help Danish
"{29138741-C0FD-3812-EA30-3D4790DBF951}" = CCC Help Korean
"{2BFCBEDB-79F3-17C4-67B8-A0098E214F6A}" = Catalyst Control Center Graphics Full Existing
"{324B54DB-8576-73C9-7089-9373FFD85E18}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{38797561-17CD-94D2-F422-D83D5133B427}" = CCC Help Chinese Standard
"{3A6898A1-538B-562F-7339-8C5DA25B7254}" = Catalyst Control Center Localization Polish
"{3D190422-5A11-BB51-18B8-7C404DB0E46A}" = Catalyst Control Center Localization Chinese Standard
"{4063CCFF-AEB3-B34C-7D1A-4B32CE46E368}" = CCC Help German
"{41D38ED0-B916-667A-FDD2-965D04D128D5}" = CCC Help Spanish
"{4FB3FCC4-AAB5-AED5-4412-B21DABE87025}" = Catalyst Control Center Localization Korean
"{4FDF7A38-81F4-55F3-1661-CC211DBC96A2}" = CCC Help English
"{52E1EC3F-B8E4-19B5-7EE6-A728B64A4310}" = CCC Help Swedish
"{55BD9B64-A9A8-44DF-E4AE-BDF60F5D4E90}" = CCC Help Thai
"{5B014615-5EB8-EE17-4256-A7B1640819A3}" = CCC Help Italian
"{5B852893-9997-AE56-ED51-5F332938B543}" = Skins
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E33F77B-952D-0FF5-87C4-7CDB66B0E8A1}" = Catalyst Control Center Localization Czech
"{709A7F8D-E1DA-A26F-2C10-B91CDA616FD9}" = CCC Help Portuguese
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"{79DE041C-BCA2-EFBF-5BC1-B89CCC2893D2}" = CCC Help Polish
"{7BD95C90-3FAA-F55C-E9C2-2951F19474A2}" = Catalyst Control Center Localization Portuguese
"{80B4EB2E-F609-F443-E114-5D935412F085}" = CCC Help Greek
"{80EB1351-E642-33EA-0BF9-C681D616E270}" = CCC Help Czech
"{854B9E99-4007-E575-8E8E-3EDFA5B64CA9}" = CCC Help Dutch
"{8D5C88CA-2B55-C174-5AC3-643A638C91C8}" = Catalyst Control Center Localization Italian
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90502AE6-C689-A70E-D03D-1AFB6C233EA0}" = Catalyst Control Center Localization Norwegian
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96639158-501C-D2C4-D25A-B6A86AA4B906}" = Catalyst Control Center Localization Danish
"{977AB934-E01A-DDEC-CF30-B686D5C0A248}" = Catalyst Control Center Localization French
"{982476DE-F2B9-00B0-36E3-DA06948EC1B4}" = Catalyst Control Center Localization Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4E913EC-8F82-14BB-F31F-0B983F540968}" = Catalyst Control Center Localization Spanish
"{A75BF1D0-C7C3-CB55-EE17-3225387FD154}" = ccc-core-static
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA39701D-F5EA-7EC9-D311-08AB84970CD8}" = Catalyst Control Center Localization German
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AD69F082-B9EE-29BE-14A9-6B453A0B644A}" = CCC Help Japanese
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C122B78E-8ACA-BDF3-D150-78B26C3C4B94}" = Catalyst Control Center Graphics Light
"{C1E28A5C-94A0-DE77-52FC-177C2930FC48}" = Catalyst Control Center Localization Hungarian
"{C7DA7D9E-56A7-1E08-1B47-427AE3B0C254}" = Catalyst Control Center Core Implementation
"{CBE269E6-CB57-7F2E-3A11-3FF3DE4C1B5D}" = CCC Help Norwegian
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CFAF33CA-01A5-5FD7-70F4-0195A0FBFD8E}" = CCC Help French
"{D0CA80F4-880D-8929-A78D-54E2CC46565D}" = Catalyst Control Center Localization Dutch
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB40817E-C5E6-6818-47F2-0359EAE14271}" = Catalyst Control Center Localization Japanese
"{DC49E045-EB3F-9A88-7404-933FF86D9E2F}" = CCC Help Finnish
"{E0DB1A31-F468-8E22-B158-C7756F4DE68E}" = CCC Help Russian
"{E0FF82C1-E2DE-D6D3-A264-F9FBCFFE7D24}" = Catalyst Control Center Localization Russian
"{E33A3E61-E7DA-65FB-75B4-AA68B6F9D83B}" = ccc-utility
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E65906BF-1BB5-0D31-A62C-54A56B687EF5}" = Catalyst Control Center Localization Thai
"{E97C3316-8C49-2267-0976-C6A56C5DC2F8}" = Catalyst Control Center Localization Turkish
"{F0C2AD51-9F09-4B75-82EE-74DA80F708D8}" = Nitro PDF Professional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17CE6DC-028C-C02E-3739-2C2802C08D7C}" = Catalyst Control Center Localization Chinese Traditional
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem  (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BurstCopy_is1" = BurstCopy v2.700
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem  (06/09/2010 7.01.0.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EWED 2000 A" = Microsoft Encarta World English Dictionary
"Foxit Reader" = Foxit Reader
"InstallWIX_{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.53
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Nokia PC Suite" = Nokia PC Suite
"VLC media player" = VLC media player 1.0.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 1/9/2011 10:32:50 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.152, faulting module
 skype.exe, version 5.0.0.152, fault address 0x00114828.
 
Error - 1/10/2011 12:41:26 PM | Computer Name = MAGMA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The server name or address could not be resolved  
 
Error - 1/10/2011 12:41:26 PM | Computer Name = MAGMA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 1/11/2011 8:21:46 AM | Computer Name = MAGMA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The server name or address could not be resolved  
 
Error - 1/11/2011 8:21:46 AM | Computer Name = MAGMA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 1/11/2011 11:57:57 AM | Computer Name = MAGMA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The server name or address could not be resolved  
 
Error - 1/11/2011 11:57:57 AM | Computer Name = MAGMA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 1/12/2011 2:48:44 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application myie.exe, version 0.7.1355.0, faulting module
 ntdll.dll, version 5.1.2600.2180, fault address 0x000106c3.
 
Error - 1/12/2011 6:41:45 AM | Computer Name = MAGMA | Source = Application Error | ID = 1000
Description = Faulting application myie.exe, version 0.7.1355.0, faulting module
 mshtml.dll, version 6.0.2900.2180, fault address 0x001d39c9.
 
Error - 1/14/2011 7:08:38 AM | Computer Name = MAGMA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This operation returned because the timeout period expired.  
 
[ System Events ]
Error - 1/16/2011 6:31:43 AM | Computer Name = MAGMA | Source = Service Control Manager | ID = 7023
Description = The Config Microsoft service terminated with the following error:
  %%126
 
Error - 1/16/2011 8:27:46 AM | Computer Name = MAGMA | Source = Service Control Manager | ID = 7023
Description = The Config Microsoft service terminated with the following error:
  %%126
 
Error - 1/16/2011 10:48:22 AM | Computer Name = MAGMA | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly.  It
 has done this 1 time(s).  The following corrective action will be taken in 5000
 milliseconds: Restart the service.
 
Error - 1/16/2011 4:01:10 PM | Computer Name = MAGMA | Source = Service Control Manager | ID = 7023
Description = The Config Microsoft service terminated with the following error:
  %%126
 
Error - 1/17/2011 5:00:40 AM | Computer Name = MAGMA | Source = Service Control Manager | ID = 7023
Description = The Config Microsoft service terminated with the following error:
  %%126
 
Error - 1/17/2011 5:17:28 AM | Computer Name = MAGMA | Source = Service Control Manager | ID = 7023
Description = The Config Microsoft service terminated with the following error:
  %%126
 
Error - 1/17/2011 5:18:59 AM | Computer Name = MAGMA | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
 the kernel-mode translation module.  This may indicate misconfiguration, insufficient
 resources, or  an internal error.  The data is the error code.
 
Error - 1/17/2011 8:29:50 AM | Computer Name = MAGMA | Source = Service Control Manager | ID = 7023
Description = The Config Microsoft service terminated with the following error:
  %%126
 
Error - 1/18/2011 4:17:21 AM | Computer Name = MAGMA | Source = Service Control Manager | ID = 7023
Description = The Config Microsoft service terminated with the following error:
  %%126
 
Error - 1/18/2011 4:42:04 AM | Computer Name = MAGMA | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
 times on transport \Device\NetBT_Tcpip_{A6D6BACD-B12C-4FEB-82A1-97FBB2521F1F}.  The
 backup browser is stopping.
 
 
< End of report >

[guestolo]

Let's try the following:
Please download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.

Back in Windows
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.    
• If an update is found, it will download and install the latest version.    
• Once the program has loaded, select "Perform Quick Scan", then click Scan.    
  
• The scan may take some time to finish,so please be patient.    
• When the scan is complete, click OK, then Show Results to view the results.    
  
• Make sure that everything is checked, and click Remove Selected.
      * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)    
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.    
• Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

[faraz]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5552

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/19/2011 1:54:40 PM
mbam-log-2011-01-19 (13-54-40).txt

Scan type: Quick scan
Objects scanned: 129254
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\termsrv.dll (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\termsrv.dll (Trojan.Downloader) -> Delete on reboot.


**********************************************************************************************************
i hav performed another quick scan after restart......but this time no malware detected......thanks

one thing is still there that at the start of this malwares action.............

come icons were changed to unknown file extension as shown in caption attached with the post ........[attachment=5262:p2.bmp]

[faraz]

the problem is still persisting ...................


again the same thing is happening i m attaching the caption of that blinking.......here[attachment=5263:untitled.PNG]


after this i got disconnected from internet....7 i hav to restart my pc

[guestolo]

I can't believe I forgot about this topic again, I'm very sorry, can you do the following please
Download ComboFix from the following location

[color="#0000FF"]Link 1[/color]
[color="#FF0000"]Save it ONLY to your Desktop[/color]
      --------------------------------------------------------------------
[color="#2E8B57"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color="#2e8b57"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

[faraz]

i did every thing as per previous post .....

but  after 5-10 mins of scanning started  a message appeared on screen:

[size="4"][color="#FF0000"]"A rootkit virus has found & combofix needs to reboot the system"[/color][/size]


after restart before startup of window again scanning window of combofix appeared but after 50 mints system got hang............and no log of combofix is created in C drive

expect a thing like a caption was created   [attachment=5267:p3.bmp]

[guestolo]

Did you ensure that your AntiVirus software was disabled?
I also see Spybot's TeaTimer running, that could also interfere

Can you do the following, delete your copy of ComboFix from desktop
Then redownload a fresh copy to desktop from the following link, save Only to your desktop

[color="#0000FF"]Link[/color]

To disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot

Reboot your computer, Back in Windows

Definitely ensure that Kaspersky is disabled before running ComboFix

Right click Kaspersky by the clock and select "Pause protection" follow the prompts
If possible, have it paused permanently so it doesn't run on startup

Run ComboFix again with previous instructions, if it does need to reboot the computer to complete it's fix
On startup allow up to only 15 minutes to produce a log

[faraz]

sory for delay

after  a lot of attempts i m able to complete the scanning process


**********************************************************************************************


ComboFix 11-02-06.01 - ALI 02/07/2011  11:21:38.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.894.613 [GMT 5:00]
Running from: c:\documents and settings\ALI\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ALI\Application Data\Local
c:\windows\SW_Win9423X24.DLL
K:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


(((((((((((((((((((((((((   Files Created from 2011-01-07 to 2011-02-07  )))))))))))))))))))))))))))))))
.

2011-02-06 12:18 . 2005-03-18 09:01   626688   ----a-w-   c:\windows\system32\NCTImageFile.dll
2011-02-03 18:45 . 2011-02-04 11:26   --------   d-----w-   c:\program files\Tiff To PDF Component
2011-02-03 09:25 . 2011-02-03 09:25   --------   d-----w-   c:\documents and settings\ALI\IGC
2011-02-03 09:25 . 2011-02-03 09:25   --------   d-----w-   c:\documents and settings\ALI\Application Data\IGC
2011-02-03 09:25 . 2003-05-28 08:19   245408   ------w-   c:\windows\system32\unicows.dll
2011-02-03 09:24 . 2011-02-03 09:24   --------   d-----w-   c:\program files\IGC
2011-02-03 09:10 . 2004-07-15 19:19   266240   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2011-02-03 09:10 . 2004-07-15 19:18   172032   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2011-02-03 09:10 . 2004-07-15 19:20   69715   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2011-02-03 09:10 . 2004-07-15 19:20   733184   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2011-02-03 09:10 . 2004-07-15 19:18   5632   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2011-02-03 09:10 . 2011-02-03 09:10   180356   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2011-02-03 09:10 . 2011-02-03 09:10   303236   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2011-02-03 08:48 . 2011-02-03 08:48   --------   d-----w-   c:\documents and settings\ALI\Local Settings\Application Data\Mozilla
2011-02-03 08:48 . 2011-02-03 08:49   --------   d-----w-   c:\program files\Mozilla Sunbird
2011-02-01 07:05 . 2011-02-01 07:05   --------   d-----w-   c:\documents and settings\ALI\Local Settings\Application Data\ACDSee
2011-02-01 07:05 . 2011-02-01 07:07   --------   d-----w-   c:\documents and settings\ALI\Application Data\ACD Systems
2011-02-01 07:03 . 2011-02-04 11:11   --------   d-----w-   c:\program files\Common Files\ACD Systems
2011-02-01 07:02 . 2011-02-01 07:02   --------   d-----w-   c:\windows\Downloaded Installations
2011-01-29 22:27 . 2004-05-26 16:06   417792   ----a-w-   c:\windows\system32\ac3filter.ax
2011-01-29 22:27 . 2004-01-11 10:02   258048   ----a-w-   c:\windows\system32\gplmpgdec.ax
2011-01-28 18:19 . 2011-01-29 09:41   --------   d-----w-   c:\documents and settings\ALI\Application Data\DivX
2011-01-28 18:16 . 2011-01-28 18:16   --------   d-----w-   c:\program files\Common Files\DivX Shared
2011-01-24 14:40 . 2011-01-24 14:40   --------   d-----w-   c:\program files\RAR Password Cracker
2011-01-24 14:38 . 2011-01-24 14:38   --------   d-----w-   c:\program files\PDF Password Remover v2.2
2011-01-24 10:50 . 2011-01-24 10:50   --------   d-----w-   c:\documents and settings\ALI\Local Settings\Application Data\Identities
2011-01-22 16:30 . 2011-01-22 16:30   --------   d-----w-   c:\program files\MSN Messenger
2011-01-19 09:18 . 2011-01-19 09:18   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-01-19 09:17 . 2011-01-22 10:23   --------   d-----w-   c:\program files\Yahoo!
2011-01-19 09:14 . 2011-01-19 09:15   --------   dc-h--w-   c:\windows\ie8
2011-01-19 09:14 . 2011-01-20 07:44   --------   d--h--w-   c:\windows\msdownld.tmp
2011-01-19 08:46 . 2011-01-19 08:46   --------   d-----w-   c:\documents and settings\ALI\Application Data\Malwarebytes
2011-01-19 08:45 . 2010-12-20 13:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 08:45 . 2011-01-19 08:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-19 08:45 . 2010-12-20 13:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-01-19 08:45 . 2011-01-19 08:46   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-01-18 10:38 . 2011-01-30 12:16   --------   d-----w-   c:\program files\DivX
2011-01-16 10:22 . 2011-01-17 09:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\Lavasoft
2011-01-15 14:53 . 2011-01-15 14:53   --------   d--h--w-   c:\windows\$hf_mig$
2011-01-14 22:53 . 2011-01-15 07:20   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2011-01-14 22:53 . 2011-01-15 07:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-01-14 13:56 . 2011-01-14 13:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-14 12:09 . 2006-06-19 08:01   69632   ----a-w-   c:\windows\system32\ztvcabinet.dll
2011-01-14 12:09 . 2006-05-25 10:52   162304   ----a-w-   c:\windows\system32\ztvunrar36.dll
2011-01-14 12:09 . 2005-08-25 20:50   77312   ----a-w-   c:\windows\system32\ztvunace26.dll
2011-01-14 12:09 . 2002-03-05 20:00   75264   ----a-w-   c:\windows\system32\unacev2.dll
2011-01-14 12:09 . 2003-02-02 15:06   153088   ----a-w-   c:\windows\system32\unrar3.dll
2011-01-14 12:09 . 2011-01-14 12:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\Simply Super Software
2011-01-14 12:09 . 2011-01-14 12:09   --------   d-----w-   c:\documents and settings\ALI\Application Data\Simply Super Software
2011-01-14 11:05 . 2011-01-14 11:05   --------   d-----w-   c:\documents and settings\ALI\Local Settings\Application Data\Threat Expert
2011-01-14 10:59 . 2009-10-08 06:31   767952   ----a-w-   c:\windows\BDTSupport.dll.old
2011-01-14 10:58 . 2011-01-14 14:47   --------   d-----w-   c:\program files\Spyware Doctor
2011-01-14 10:58 . 2011-01-14 13:59   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2011-01-10 17:56 . 2011-01-10 17:56   --------   d-----w-   c:\program files\Siber Systems
2011-01-10 17:55 . 2011-01-15 22:32   --------   d-----w-   c:\program files\MYIE2
2011-01-09 16:09 . 2004-08-03 18:08   25600   -c--a-w-   c:\windows\system32\dllcache\usbser.sys
2011-01-09 16:09 . 2004-08-03 18:08   25600   ----a-w-   c:\windows\system32\drivers\usbser.sys
2011-01-09 16:08 . 2008-11-07 13:55   16928   ------w-   c:\windows\system32\spmsgXP_2k3.dll
2011-01-08 12:52 . 2011-02-06 18:01   --------   d-----w-   c:\documents and settings\ALI\Application Data\skypePM
2011-01-08 12:48 . 2011-01-08 12:48   --------   d-----w-   c:\program files\Common Files\Skype
2011-01-08 12:48 . 2011-02-06 18:57   --------   d-----w-   c:\documents and settings\ALI\Application Data\Skype
2011-01-08 12:48 . 2011-01-17 09:38   --------   d-----r-   c:\program files\Skype
2011-01-08 10:28 . 2011-01-08 10:28   --------   d-----w-   c:\documents and settings\ALI\Contacts

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-25 20:18 . 2010-12-25 20:18   315392   ----a-w-   c:\windows\HideWin.exe
.

------- Sigcheck -------

[-] 2004-09-01 . 7B11118B078B88F87183FE69EDA43137 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys


c:\windows\System32\termsrv.dll ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77245F75-3D8C-40CD-8F64-F9AA1388406F}]
2010-11-12 11:06   2646528   ------w-   c:\program files\TheChatPhone Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-12-01 06:27   2735200   ----a-w-   c:\program files\Zynga\tbZyng.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]
"{01193D00-C7F9-4C26-92A2-1CA91F170068}"= "c:\program files\TheChatPhone Toolbar\tbcore3.dll" [2010-11-12 2646528]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CLASSES_ROOT\clsid\{01193d00-c7f9-4c26-92a2-1ca91f170068}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]
"{01193D00-C7F9-4C26-92A2-1CA91F170068}"= "c:\program files\TheChatPhone Toolbar\tbcore3.dll" [2010-11-12 2646528]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CLASSES_ROOT\clsid\{01193d00-c7f9-4c26-92a2-1ca91f170068}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB02381.TBSB02381]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-12-25 3179952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" [2007-10-05 230664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^ALI^Start Menu^Programs^Startup^Encarta Dictionary Quickshelf.lnk]
path=c:\documents and settings\ALI\Start Menu\Programs\Startup\Encarta Dictionary Quickshelf.lnk
backup=c:\windows\pss\Encarta Dictionary Quickshelf.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ALI^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\ALI\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 22:44   500208   ------w-   c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-21 23:57   406992   ----a-w-   c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
2007-10-05 11:18   230664   ----a-w-   c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15   63360   ----a-w-   c:\program files\DivX\DivX Plus Web Player\DDMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25   1230704   ----a-w-   c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-26 08:17   136176   ----atw-   c:\documents and settings\ALI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 19:47   31016   ----a-w-   c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 20:06   1667584   ------w-   c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 05:32   1479680   ----a-w-   c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 11:49   14940040   ----a-r-   c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 11:07   2260480   --sha-r-   c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-01-01 04:49   39408   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 08:37   517096   ----a-w-   c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3666:TCP"= 3666:TCP:pqhtmzbg

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/30/2007 6:49 PM 24344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2007 9:49 AM 136176]
S2 xeoeobt;Config Microsoft;c:\windows\system32\svchost.exe -k netsvcs [9/1/2004 1:00 PM 14336]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2/21/2007 5:26 PM 151552]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
xeoeobt

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-07 23:32   128512   ----a-w-   c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2011-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2007-01-01 04:49]

2011-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2007-01-01 04:49]

2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1177238915-725345543-1003Core.job
- c:\documents and settings\ALI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-26 08:17]

2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1177238915-725345543-1003UA.job
- c:\documents and settings\ALI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-26 08:17]

2011-02-07 c:\windows\Tasks\User_Feed_Synchronization-{D5E359FE-18D3-4EDA-90CF-4EE7AB928AD4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 23:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.thechatphone.com
uSearchAssistant =
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: QuickDefine - c:\program files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
LSP: c:\windows\system32\idmmbc.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
MSConfigStartUp-Virtual PDF Printer - c:\program files\Virtual PDF Printer\VirtualPDFPrinter.exe
HKLM_ActiveSetup-ccc-core-static - msiexec
AddRemove-Convert Image To PDF_is1 - c:\program files\Softinterface
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-07 11:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uavslubi]
"ServiceDll"="c:\windows\system32\wxjgwkd.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uavslubi]
"ServiceDll"="c:\windows\system32\wxjgwkd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bf,30,54,38,b7,c2,50,fb,0c,2d,86,33,90,5f,38,9c,4b,aa,0d,04,13,
   1b,a7,08,15,1b,18,b4,3e,3e,5f,28,a6,db,9d,3e,4b,a6,99,5a,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{80d28757-c52c-4bc2-b1b9-28e250ffaaf3}]
@Denied: (Full) (Everyone)
"Model"=dword:0000016b
"Therad"=dword:00000016
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,51,c4,5c,06,a5,56,2b,b8,06,52,ef,38,3c,45,e2,58,83,e0,8b,c5,07,bb,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1132)
c:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(3384)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-02-07  11:33:59 - machine was rebooted
ComboFix-quarantined-files.txt  2011-02-07 06:33

Pre-Run: 10,048,827,392 bytes free
Post-Run: 10,915,282,944 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 89917F627FEE09C7A9530E8CCF47FF19

[guestolo]

Can you run the following tools for me please
1.

• Download [color="#0000FF"]TDSSKiller[/color] and save it to your Desktop.
     
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
     
• If an infected file is detected, the default action will be Cure, click on Continue.
     
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
     
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
     
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
     
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

2. download MBRCheck to your desktop.

• Double click MBRCheck.exe to run it
• It will open a black window, please do not fix anything (if it gives you an option).
• When it's done click Enter to Exit that window and it will produce a log (MBRCheck_date_time) on your desktop
• Please post that log when you reply.

3. Download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the contents of the following codebox into the main textfield:
  
  Code: [Select]
  :filefind
tcpip.sys
termsrv.dll

  
• Click the Look button to start the scan. This scan can take a few minutes
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[faraz]

[color="#1C2837"][font="arial, verdana, tahoma, sans-serif"][size="2"][color="#0000FF"]TDSSKiller this link is not working for me ................i m not able to download it [/color][/font][/color]
[color="#1C2837"][font="arial, verdana, tahoma, sans-serif"][size="2"][color="#0000FF"]
[/color][/size][/font][/color]
[color="#1C2837"][font="arial, verdana, tahoma, sans-serif"][size="2"][color="#0000FF"]i have also tried to download it...................but a error message appears of some firewall settings or  broken DNS[/color][/size][/font][/color][/size][color="#1C2837"][font="arial, verdana, tahoma, sans-serif"][size="2"][color="#0000FF"][attachment=5273:error.JPG]
[/color][/font][/color][/size][color="#1C2837"][font="arial, verdana, tahoma, sans-serif"][size="2"][color="#0000FF"]i am receiving this error shown in the caption[/color][/font][/color][/size][color="#1C2837"][font="arial, verdana, tahoma, sans-serif"][size="2"][color="#0000FF"]
[/color][/font][/color][/size]

[faraz]

or some times explorer shows error or invalid address.................i have tried to download it with idm without idm and other locations on the net but im not able to download it

[guestolo]

It looks as if your having problems allowing the program to download thru Kaspersky
You will have to check your settings
or kaspersky's link was temporarily down

In the meantime, try downloading TDSKiller from here
http://support.kaspersky.com/faq/?qid=208283363

Don't stop at just one step, carry on with the others

[faraz]

2011/02/09 13:16:16.0468 3140   TDSS rootkit removing tool 2.4.16.0 Feb  1 2011 10:34:03
2011/02/09 13:16:16.0500 3140   ================================================================================
2011/02/09 13:16:16.0500 3140   SystemInfo:
2011/02/09 13:16:16.0500 3140   
2011/02/09 13:16:16.0500 3140   OS Version: 5.1.2600 ServicePack: 2.0
2011/02/09 13:16:16.0500 3140   Product type: Workstation
2011/02/09 13:16:16.0500 3140   ComputerName: MAGMA
2011/02/09 13:16:16.0500 3140   UserName: ALI
2011/02/09 13:16:16.0500 3140   Windows directory: C:\WINDOWS
2011/02/09 13:16:16.0500 3140   System windows directory: C:\WINDOWS
2011/02/09 13:16:16.0500 3140   Processor architecture: Intel x86
2011/02/09 13:16:16.0500 3140   Number of processors: 2
2011/02/09 13:16:16.0500 3140   Page size: 0x1000
2011/02/09 13:16:16.0500 3140   Boot type: Normal boot
2011/02/09 13:16:16.0500 3140   ================================================================================
2011/02/09 13:16:18.0046 3140   Initialize success
2011/02/09 13:16:26.0765 2808   ================================================================================
2011/02/09 13:16:26.0765 2808   Scan started
2011/02/09 13:16:26.0765 2808   Mode: Manual;
2011/02/09 13:16:26.0765 2808   ================================================================================
2011/02/09 13:16:28.0031 2808   ACPI            (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/09 13:16:28.0109 2808   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/09 13:16:28.0265 2808   aec             (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/02/09 13:16:28.0359 2808   AFD             (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/02/09 13:16:28.0703 2808   AmdK8           (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/02/09 13:16:29.0046 2808   AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/09 13:16:29.0140 2808   atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/09 13:16:29.0328 2808   ati2mtag        (a1789368b4a31d2111af7aeda0c8d3fc) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/02/09 13:16:29.0453 2808   Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/09 13:16:29.0531 2808   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/09 13:16:29.0625 2808   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/09 13:16:29.0718 2808   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/09 13:16:29.0875 2808   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/09 13:16:30.0171 2808   Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/09 13:16:30.0265 2808   Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/09 13:16:30.0656 2808   Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/09 13:16:30.0765 2808   dmboot          (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/09 13:16:30.0875 2808   dmio            (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/09 13:16:30.0968 2808   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/09 13:16:31.0031 2808   DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/09 13:16:31.0171 2808   drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/09 13:16:31.0265 2808   Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/09 13:16:31.0343 2808   Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/09 13:16:31.0437 2808   Fips            (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/09 13:16:31.0515 2808   Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/09 13:16:31.0593 2808   FltMgr          (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/02/09 13:16:31.0703 2808   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/09 13:16:31.0796 2808   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/09 13:16:31.0859 2808   Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/09 13:16:31.0953 2808   HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/09 13:16:32.0375 2808   HTTP            (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/09 13:16:32.0578 2808   i8042prt        (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/09 13:16:32.0671 2808   Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/09 13:16:32.0906 2808   IntcAzAudAddService (cbddab14249b2f05407fc09ab8fffb88) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/02/09 13:16:33.0140 2808   Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/02/09 13:16:33.0218 2808   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/09 13:16:33.0312 2808   IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/09 13:16:33.0390 2808   IpNat           (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/09 13:16:33.0468 2808   IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/09 13:16:33.0562 2808   IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/09 13:16:33.0640 2808   isapnp          (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/09 13:16:33.0750 2808   Kbdclass        (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/09 13:16:33.0812 2808   kl1             (ed7e0b85d891e06ab1a29725cad8e67a) C:\WINDOWS\system32\drivers\kl1.sys
2011/02/09 13:16:33.0906 2808   klif            (015539fe045c9ae146282b2779b23fd2) C:\WINDOWS\system32\drivers\klif.sys
2011/02/09 13:16:34.0000 2808   klim5           (517ac27b4b3c0df5ec5e5212ca1cbd8c) C:\WINDOWS\system32\DRIVERS\klim5.sys
2011/02/09 13:16:34.0093 2808   kmixer          (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/09 13:16:34.0171 2808   KSecDD          (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/09 13:16:34.0375 2808   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/09 13:16:34.0453 2808   Modem           (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/09 13:16:34.0562 2808   Mouclass        (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/09 13:16:34.0640 2808   MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/09 13:16:34.0796 2808   MRxDAV          (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/09 13:16:34.0890 2808   MRxSmb          (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/09 13:16:35.0000 2808   Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/09 13:16:35.0093 2808   MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/09 13:16:35.0187 2808   MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/09 13:16:35.0265 2808   MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/09 13:16:35.0343 2808   mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/09 13:16:35.0421 2808   MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/02/09 13:16:35.0500 2808   Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/09 13:16:35.0593 2808   NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/09 13:16:35.0671 2808   NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/09 13:16:35.0765 2808   Ndisuio         (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/09 13:16:35.0843 2808   NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/09 13:16:35.0921 2808   NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/09 13:16:36.0000 2808   NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/09 13:16:36.0093 2808   NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/09 13:16:36.0203 2808   nmwcd           (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/02/09 13:16:36.0296 2808   nmwcdc          (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/02/09 13:16:36.0375 2808   Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/09 13:16:36.0453 2808   Ntfs            (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/09 13:16:36.0562 2808   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/09 13:16:36.0640 2808   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/09 13:16:36.0734 2808   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/09 13:16:36.0843 2808   Parport         (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/09 13:16:36.0921 2808   PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/09 13:16:37.0000 2808   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/09 13:16:37.0062 2808   pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/02/09 13:16:37.0156 2808   PCI             (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/09 13:16:37.0296 2808   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/09 13:16:37.0375 2808   Pcmcia          (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/09 13:16:37.0859 2808   PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/09 13:16:37.0953 2808   Processor       (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/09 13:16:38.0046 2808   PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/09 13:16:38.0125 2808   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/09 13:16:38.0484 2808   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/09 13:16:38.0578 2808   Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/09 13:16:38.0656 2808   RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/09 13:16:38.0765 2808   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/09 13:16:38.0828 2808   Rdbss           (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/09 13:16:38.0921 2808   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/09 13:16:38.0984 2808   rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/09 13:16:39.0109 2808   RDPWD           (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/09 13:16:39.0218 2808   redbook         (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/09 13:16:39.0328 2808   RTL8023xp       (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/02/09 13:16:39.0421 2808   Secdrv          (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/09 13:16:39.0531 2808   serenum         (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/09 13:16:39.0609 2808   Serial          (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/09 13:16:39.0703 2808   Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/09 13:16:39.0906 2808   splitter        (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/09 13:16:40.0000 2808   sr              (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/09 13:16:40.0093 2808   Srv             (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/09 13:16:40.0187 2808   swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/09 13:16:40.0265 2808   swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/09 13:16:40.0593 2808   sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/09 13:16:40.0718 2808   Tcpip           (7b11118b078b88f87183fe69eda43137) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/09 13:16:40.0828 2808   TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/09 13:16:40.0921 2808   TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/09 13:16:41.0000 2808   TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/09 13:16:41.0109 2808   Suspicious service (NoAccess): uavslubi
2011/02/09 13:16:41.0171 2808   Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/09 13:16:41.0312 2808   Update          (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/09 13:16:41.0406 2808   upperdev        (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/02/09 13:16:41.0484 2808   usbehci         (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/09 13:16:41.0578 2808   usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/09 13:16:41.0656 2808   usbohci         (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/09 13:16:41.0750 2808   usbser          (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/02/09 13:16:41.0828 2808   USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/09 13:16:41.0906 2808   VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/02/09 13:16:42.0062 2808   VolSnap         (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/09 13:16:42.0171 2808   Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/09 13:16:42.0265 2808   Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/02/09 13:16:42.0421 2808   wdmaud          (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/09 13:16:42.0546 2808   WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/09 13:16:43.0359 2808   ================================================================================
2011/02/09 13:16:43.0359 2808   Scan finished
2011/02/09 13:16:43.0359 2808   ================================================================================

[faraz]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows XP Professional
Windows Information:      Service Pack 2 (build 2600)
Logical Drives Mask:      0x000006fc

Kernel Drivers (total 110):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E2000 \WINDOWS\system32\hal.dll
  0xF79D0000 \WINDOWS\system32\KDCOM.DLL
  0xF78E0000 \WINDOWS\system32\BOOTVID.dll
  0xF73A1000 ACPI.sys
  0xF79D2000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF7390000 pci.sys
  0xF74D0000 isapnp.sys
  0xF7A98000 pciide.sys
  0xF7750000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF74E0000 MountMgr.sys
  0xF7371000 ftdisk.sys
  0xF79D4000 dmload.sys
  0xF734B000 dmio.sys
  0xF7758000 PartMgr.sys
  0xF74F0000 VolSnap.sys
  0xF7333000 atapi.sys
  0xF7500000 disk.sys
  0xF7510000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF7314000 fltMgr.sys
  0xF7302000 sr.sys
  0xF72EB000 KSecDD.sys
  0xF725E000 Ntfs.sys
  0xF7231000 NDIS.sys
  0xF7216000 Mup.sys
  0xF71FA000 kl1.sys
  0xF7760000 \WINDOWS\system32\drivers\TDI.SYS
  0xF7630000 \SystemRoot\system32\DRIVERS\AmdK8.sys
  0xF6F9E000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
  0xF6F8A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF77F0000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0xF6F67000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF77F8000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF6F42000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF6F22000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
  0xF7800000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xF7640000 \SystemRoot\system32\DRIVERS\serial.sys
  0xF7988000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xF6F0E000 \SystemRoot\system32\DRIVERS\parport.sys
  0xF7650000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF7808000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF7810000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF79F2000 \SystemRoot\system32\DRIVERS\ASACPI.sys
  0xF7818000 \SystemRoot\system32\DRIVERS\klim5.sys
  0xF7B08000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF7660000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF7990000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF6EF7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF7670000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF7680000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF6EE6000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF7690000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF7820000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF7828000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF6EB5000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xF76A0000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF79F4000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF6E6A000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF6E36000 \SystemRoot\system32\DRIVERS\update.sys
  0xF79AC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF76B0000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF76E0000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF79F6000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xEE532000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xEE510000 \SystemRoot\system32\drivers\portcls.sys
  0xF76F0000 \SystemRoot\system32\drivers\drmk.sys
  0xF79FA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7BE5000 \SystemRoot\System32\Drivers\Null.SYS
  0xF79FC000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF7838000 \SystemRoot\System32\drivers\vga.sys
  0xF79FE000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7A00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF7840000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF7848000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF7984000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xEE415000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xEE395000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xEE36D000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xEE34C000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF6E91000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0xEE32A000 \SystemRoot\System32\drivers\afd.sys
  0xF7720000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xEE2FE000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xEE267000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xEE228000 \??\C:\WINDOWS\system32\drivers\klif.sys
  0xF7560000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF7570000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF7860000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xEE205000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xEE1ED000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF7A02000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF7870000 \SystemRoot\System32\watchdog.sys
  0xEE504000 \SystemRoot\System32\drivers\Dxapi.sys
  0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys
  0xF7B1D000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF9D3000 \SystemRoot\System32\ati2dvag.dll
  0xBFA17000 \SystemRoot\System32\ati2cqag.dll
  0xBFA6C000 \SystemRoot\System32\atikvmag.dll
  0xBFAB8000 \SystemRoot\System32\ati3duag.dll
  0xBFD6B000 \SystemRoot\System32\ativvaxx.dll
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xEBDC5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xEBA88000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xF7A32000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0xEB9E5000 \SystemRoot\system32\DRIVERS\srv.sys
  0xEB868000 \SystemRoot\system32\drivers\wdmaud.sys
  0xEBC25000 \SystemRoot\system32\drivers\sysaudio.sys
  0xEB4E0000 \SystemRoot\System32\Drivers\HTTP.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 30):
       0 System Idle Process
       4 System
     976 C:\WINDOWS\system32\smss.exe
    1044 csrss.exe
    1072 C:\WINDOWS\system32\winlogon.exe
    1116 C:\WINDOWS\system32\services.exe
    1128 C:\WINDOWS\system32\lsass.exe
    1296 C:\WINDOWS\system32\ati2evxx.exe
    1312 C:\WINDOWS\system32\svchost.exe
    1408 svchost.exe
    1592 C:\WINDOWS\system32\svchost.exe
    1692 C:\WINDOWS\system32\ati2evxx.exe
    1704 svchost.exe
    1888 svchost.exe
     212 C:\WINDOWS\system32\spoolsv.exe
     452 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
     768 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    1652 C:\WINDOWS\explorer.exe
    1904 alg.exe
    2992 C:\WINDOWS\RTHDCPL.exe
    3000 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
    3064 C:\Program Files\Internet Download Manager\IDMan.exe
    3076 C:\WINDOWS\system32\ctfmon.exe
    3096 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3348 C:\Program Files\Internet Download Manager\IEMonitor.exe
    3968 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    3392 C:\Documents and Settings\ALI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    3960 C:\Documents and Settings\ALI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    2204 C:\Documents and Settings\ALI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    2240 C:\Documents and Settings\ALI\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000006`4039fe00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000c`80737e00  (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000018`ed4a2e00  (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (FAT32)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000001`966e7800  (FAT32)
\\.\J: --> \\.\PhysicalDrive3 at offset 0x00000000`00100000  (NTFS)
\\.\K: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: MAXTORSTM3160215AS, Rev: 3.AAD  
PhysicalDrive1 Model Number: WDCWD204BA, Rev: 16.13M16
PhysicalDrive3 Model Number: WD3200BEV External, Rev: 1.75
PhysicalDrive2 Model Number: SeagateFreeAgent Go, Rev: 0142

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
     19 GB  \\.\PhysicalDrive1   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    298 GB  \\.\PhysicalDrive3   RE: Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    298 GB  \\.\PhysicalDrive2   RE: Unknown MBR code
            SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice:

Done!