Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Changes my theme


  • This topic is locked This topic is locked
10 replies to this topic

#1 NuclearApe

NuclearApe

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 20 April 2011 - 06:09 AM

Hi,

I recently got a virus after I downloaded something. It took affect after my laptop restarted under strange circumstances. When I put my laptop to sleep it instead restarted and this continues to happen. As previously mentioned a symptom is that the virus changes my theme, from the standard Vista to the Windows classic. As well as this whenever I do a shut down, I get the BSoD. It also deleted my restore points and another problem is that my normal browser (Google chrome) has stopped working, it opens but does not load a thing while my other browsers do. Also my host processes have started to crash.
EDIT: A new symptom I have noticed is that I can't shut down anymore and if I have to I have to use the the power button on my laptop. If I do a normal shut down, the laptop gets the BSoD and then restarts.

After all of this a ran a few scans with some antiviruses, it picked some things up and dealt with them but the problems still remain.

In this post I enclose my DDS logs, however, my GMER logs went wrong multiple times and after I finish the scan, my laptop freezes and when I try to save the log, it will not and as well as this after the scans, no programs will open and the only way to fix this is to restart my laptop.

Here is my DDS log:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Mohammed at 15:44:38.50 on 19/04/2011
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.932 [GMT 1:00]
.
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mohammed\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [Google Update] "c:\users\mohammed\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [Megakey] c:\users\mohammed\appdata\local\megamedia\megakey\Megakey.exe /Tray
uRun: [MegakeyUpdater] c:\users\mohammed\appdata\local\megamedia\megakey\MegakeyUpdater.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mohammed\appdata\roaming\mozilla\firefox\profiles\6z3qjm4n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/search?ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\mohammed\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\mohammed\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2011-4-19 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2011-4-19 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110415.001\BHDrvx86.sys [2011-4-15 802936]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2011-4-19 501888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-20 218688]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110419.001\IDSvix86.sys [2011-4-19 353912]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2011-4-19 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys [2011-4-19 339504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-9 21504]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2011-4-19 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-4-17 102448]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2010-2-24 494368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\system32\drivers\MRVW23B.sys [2007-12-21 231040]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-04-19 10:30:24 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys
2011-04-19 10:30:24 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys
2011-04-19 10:30:24 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys
2011-04-19 10:30:24 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys
2011-04-19 10:30:23 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys
2011-04-19 10:30:23 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys
2011-04-19 10:30:23 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys
2011-04-19 10:29:19 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005
2011-04-19 00:47:40 -------- d-----w- c:\users\mohammed\appdata\local\CrashDumps
2011-04-18 19:58:29 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-04-18 19:58:28 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-18 19:58:20 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-18 19:57:32 -------- d-----w- c:\windows\system32\drivers\N360
2011-04-18 19:57:28 -------- d-----w- c:\program files\Norton 360
2011-04-18 19:57:26 -------- d-----w- c:\progra~2\Norton
2011-04-18 19:56:24 -------- d-----w- c:\program files\NortonInstaller
2011-04-18 19:42:03 -------- d-----w- c:\progra~2\NortonInstaller
2011-04-18 18:26:43 -------- d-----w- c:\users\mohammed\appdata\roaming\Malwarebytes
2011-04-18 18:26:33 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-18 18:26:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-18 14:52:38 -------- d-----w- c:\users\mohammed\appdata\roaming\AVG10
2011-04-18 14:50:06 -------- d--h--w- c:\progra~2\Common Files
2011-04-18 14:47:21 -------- d-----w- c:\progra~2\AVG10
2011-04-18 14:45:54 -------- d-----w- c:\program files\AVG
2011-04-18 14:38:22 -------- d-----w- c:\progra~2\MFAData
2011-04-18 14:25:17 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-04-18 13:40:09 364024 ----a-w- c:\users\mohammed\paonh.exe
2011-04-18 13:39:46 0 ----a-w- c:\users\mohammed\qeucas.exe
2011-04-18 13:38:54 364024 ----a-w- c:\users\mohammed\xaoyus.exe
2011-04-17 19:51:46 -------- d-----w- c:\users\mohammed\David Guetta
2011-04-17 19:51:34 -------- d-----w- c:\users\mohammed\Kings of Leon
2011-04-16 12:13:31 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{353e320b-0cfc-46de-8b71-0d4f18971e6a}\mpengine.dll
2011-04-14 08:15:57 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 08:15:54 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 08:15:54 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 08:15:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-14 08:15:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-12 10:56:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-12 10:56:08 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-12 10:56:08 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-04-12 10:56:08 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-12 10:56:08 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-12 10:56:08 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-04-12 10:56:08 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-12 10:56:08 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-04-09 20:35:37 -------- d-----w- c:\program files\Xenocode
2011-04-09 20:35:36 -------- d-----w- c:\windows\XSxS
2011-04-07 17:03:50 -------- d-----w- c:\program files\Sony
2011-04-02 13:07:42 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-04-02 13:07:42 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-04-02 13:07:42 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-04-02 13:07:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-04-02 13:07:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-04-02 13:07:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-04-02 13:07:40 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-04-02 13:07:40 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-04-02 13:07:32 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-04-02 13:07:32 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-04-02 13:07:31 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-04-02 13:07:30 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-04-02 13:05:51 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-04-02 13:01:19 -------- d--h--w- c:\windows\msdownld.tmp
2011-04-02 13:01:09 -------- d-----w- c:\windows\system32\directx
2011-03-30 15:51:56 -------- d-----w- c:\program files\SMPlayer
2011-03-27 19:56:42 -------- d-----w- c:\program files\Solveig Multimedia
2011-03-27 19:56:42 -------- d-----w- c:\program files\common files\Solveig Multimedia
2011-03-27 15:26:34 -------- d-----w- c:\users\mohammed\dwhelper
2011-03-27 08:18:33 -------- d-----w- c:\users\mohammed\appdata\roaming\mkvtoolnix
2011-03-27 08:18:07 -------- d-----w- c:\program files\MKVtoolnix
2011-03-26 19:50:07 719872 ----a-w- c:\windows\system32\devil.dll
2011-03-26 19:50:07 369152 ----a-w- c:\windows\system32\avisynth.dll
2011-03-26 19:50:06 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2011-03-26 19:50:06 70656 ----a-w- c:\windows\system32\i420vfw.dll
2011-03-26 19:50:06 27648 ----a-w- c:\windows\system32\AVSredirect.dll
2011-03-26 19:50:05 -------- d-----w- c:\program files\AviSynth 2.5
2011-03-26 19:48:13 714526 ----a-w- c:\windows\unins000.exe
2011-03-26 19:48:13 122368 ----a-w- c:\windows\system32\lagarith.dll
2011-03-26 19:39:27 -------- d-----w- c:\program files\eRightSoft
2011-03-26 17:37:49 -------- d-----w- c:\users\mohammed\appdata\local\Sony
2011-03-23 15:34:06 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 15:34:06 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 15:34:06 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-21 17:09:13 -------- d-----w- c:\progra~2\SpeedBit
2011-03-21 17:09:06 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2011-03-21 17:09:03 -------- d-----w- c:\program files\DAP
2011-03-20 22:06:01 -------- d-----w- C:\Update
2011-03-20 18:24:12 -------- d-----w- c:\users\mohammed\fontconfig
2011-03-20 18:22:18 -------- d-----w- c:\users\mohammed\.smplayer
.
==================== Find3M ====================
.
2011-04-18 17:46:55 141009 ----a-w- c:\windows\DUMPf20b.tmp
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-18 16:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-29 13:28:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
.
============= FINISH: 15:50:06.32 ===============

Attached Files


Edited by NuclearApe, 21 April 2011 - 05:31 AM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:20 AM

Posted 30 April 2011 - 02:48 PM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 NuclearApe

NuclearApe
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 30 April 2011 - 03:12 PM

Hi, and thank you for the reply.

I did my DDS Log successfully but my GMER scan didn't work and I've tried it many times but to no avail, it tends to freeze and then when it returns nothing works and the only way to make my laptop respond is by restarting it again.

Once again, thanks!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Mohammed at 20:57:56.74 on 30/04/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.832 [GMT 1:00]
.
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\igfxpers.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Users\Mohammed\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [AdobeBridge]
uRun: [Megakey] c:\users\mohammed\appdata\local\megamedia\megakey\Megakey.exe /Tray
uRun: [MegakeyUpdater] c:\users\mohammed\appdata\local\megamedia\megakey\MegakeyUpdater.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mohammed\appdata\roaming\mozilla\firefox\profiles\6z3qjm4n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/search?ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\mohammed\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2011-4-19 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2011-4-19 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110419.001\BHDrvx86.sys [2011-4-20 802936]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2011-4-19 501888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-20 218688]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110429.002\IDSvix86.sys [2011-4-30 353912]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2011-4-19 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys [2011-4-19 339504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-9 21504]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2011-4-19 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-4-30 102448]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2010-2-24 494368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\system32\drivers\MRVW23B.sys [2007-12-21 231040]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-04-30 15:33:34 -------- d-----w- c:\program files\iPod
2011-04-30 15:33:31 -------- d-----w- c:\program files\iTunes
2011-04-30 15:23:34 -------- d-----w- c:\program files\Bonjour
2011-04-19 20:07:46 -------- d-----w- c:\users\mohammed\appdata\roaming\Tific
2011-04-19 10:30:24 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys
2011-04-19 10:30:24 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys
2011-04-19 10:30:24 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys
2011-04-19 10:30:24 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys
2011-04-19 10:30:23 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys
2011-04-19 10:30:23 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys
2011-04-19 10:30:23 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys
2011-04-19 10:29:19 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005
2011-04-19 00:47:40 -------- d-----w- c:\users\mohammed\appdata\local\CrashDumps
2011-04-18 19:58:29 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-04-18 19:58:28 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-18 19:58:20 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-18 19:57:32 -------- d-----w- c:\windows\system32\drivers\N360
2011-04-18 19:57:28 -------- d-----w- c:\program files\Norton 360
2011-04-18 19:57:26 -------- d-----w- c:\progra~2\Norton
2011-04-18 19:56:24 -------- d-----w- c:\program files\NortonInstaller
2011-04-18 19:42:03 -------- d-----w- c:\progra~2\NortonInstaller
2011-04-18 18:26:43 -------- d-----w- c:\users\mohammed\appdata\roaming\Malwarebytes
2011-04-18 18:26:33 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-18 18:26:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-18 14:52:38 -------- d-----w- c:\users\mohammed\appdata\roaming\AVG10
2011-04-18 14:50:06 -------- d--h--w- c:\progra~2\Common Files
2011-04-18 14:47:21 -------- d-----w- c:\progra~2\AVG10
2011-04-18 14:45:54 -------- d-----w- c:\program files\AVG
2011-04-18 14:38:22 -------- d-----w- c:\progra~2\MFAData
2011-04-18 14:25:17 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-04-18 13:39:46 0 ----a-w- c:\users\mohammed\qeucas.exe
2011-04-17 19:51:46 -------- d-----w- c:\users\mohammed\David Guetta
2011-04-17 19:51:34 -------- d-----w- c:\users\mohammed\Kings of Leon
2011-04-16 12:13:31 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{353e320b-0cfc-46de-8b71-0d4f18971e6a}\mpengine.dll
2011-04-14 08:16:40 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 08:16:39 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 08:16:35 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 08:16:34 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 08:16:31 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 08:16:30 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 08:16:30 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-14 08:16:30 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 08:16:04 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 08:16:04 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 08:16:04 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 08:16:00 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 08:15:57 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 08:15:54 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 08:15:54 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 08:15:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-12 10:56:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-12 10:56:08 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-04-12 10:56:08 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-12 10:56:08 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-04-12 10:56:08 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-12 10:56:08 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-12 10:56:08 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-04-12 10:56:08 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-09 20:35:37 -------- d-----w- c:\program files\Xenocode
2011-04-09 20:35:36 -------- d-----w- c:\windows\XSxS
2011-04-07 17:03:50 -------- d-----w- c:\program files\Sony
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-02 13:07:42 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-04-02 13:07:42 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-04-02 13:07:42 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-04-02 13:07:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-04-02 13:07:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-04-02 13:07:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-04-02 13:07:40 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-04-02 13:07:40 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-04-02 13:07:32 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-04-02 13:07:32 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-04-02 13:07:31 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-04-02 13:07:30 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-04-02 13:05:51 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-04-02 13:01:19 -------- d--h--w- c:\windows\msdownld.tmp
2011-04-02 13:01:09 -------- d-----w- c:\windows\system32\directx
.
==================== Find3M ====================
.
2011-04-30 12:13:12 140961 ----a-w- c:\windows\DUMP57a0.tmp
2011-04-24 09:53:15 140961 ----a-w- c:\windows\DUMP4a0a.tmp
2011-04-20 09:32:47 140961 ----a-w- c:\windows\DUMP7b37.tmp
2011-04-18 17:46:55 141009 ----a-w- c:\windows\DUMPf20b.tmp
2011-03-21 17:09:06 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-18 16:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:02:39.52 ===============

.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Common File Installer
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Media Player
Adobe Reader 8.2.6
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
Bonjour
D3DX10
DAEMON Tools Lite
DivX Setup
Download Accelerator Plus (DAP)
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
EPSON Stylus SX200_SX400_TX200_TX400 Manual
EPSON Stylus SX400 Series Printer Uninstall
Express Burn
FormatFactory 2.60
Free Easy Burner V 4.1
Google Update Helper
Hit'n'Mix Play
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java™ 6 Update 24
Java™ SE Runtime Environment 6 Update 1
LiveUpdate 3.3 (Symantec Corporation)
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MKVtoolnix 4.6.0
Mobile Mouse Server
Motorola SM56 Speakerphone Modem
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nokia Connectivity Cable Driver
Norton 360
Norton Security Scan
OGA Notifier 2.0.0048.0
P2PFilter 3.0.5
Power2Go 5.0
PunkBuster Services
QuickStores-Toolbar 1.0.0
QuickTime
Ralink Wireless LAN Card
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RealUpgrade 1.1
Rhapsody Player Engine
RPS CRT
RTC Client API v1.2
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
SMPlayer 0.6.9
SopCast 3.3.2
Spotify
Sun Java ™ Wireless Toolkit 2.5.2_01 for CLDC
System Requirements Lab
System Requirements Lab CYRI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Update Manager
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
Visual C++ 9.0 CRT (x86) WinSXS MSM
VLC media player 1.0.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip Self-Extractor
Yahoo! BrowserPlus 2.9.8
.
==== End Of File ===========================

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:20 AM

Posted 07 May 2011 - 01:53 PM

Hi NuclearApe,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. :welcome:
My name is sundavis, I will be helping you to deal with your Malware problems today.


Step1

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.


Step2

  • Please download OTL and save it to your desktop.
  • Double click on the icon on your desktop.
  • Under the Standard Registry box change it to All
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste the following bolded text:



    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    /md5stop
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    C:\program files\common files\data\* /s
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  • Copy and paste both logs back here in your next reply.


In your next reply, please post back:

1.TDSSKiller log
2.OTListIt.txt and Extra.txt Thanks

#5 NuclearApe

NuclearApe
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 07 May 2011 - 02:56 PM

Thank you for helping me!

Both scans went fine, here are the logs:

2011/05/07 20:13:11.0029 4592 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/07 20:13:13.0032 4592 ================================================================================
2011/05/07 20:13:13.0032 4592 SystemInfo:
2011/05/07 20:13:13.0032 4592
2011/05/07 20:13:13.0032 4592 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/07 20:13:13.0032 4592 Product type: Workstation
2011/05/07 20:13:13.0033 4592 ComputerName: MOHAMMED-PC
2011/05/07 20:13:13.0033 4592 UserName: Mohammed
2011/05/07 20:13:13.0033 4592 Windows directory: C:\Windows
2011/05/07 20:13:13.0033 4592 System windows directory: C:\Windows
2011/05/07 20:13:13.0033 4592 Processor architecture: Intel x86
2011/05/07 20:13:13.0033 4592 Number of processors: 1
2011/05/07 20:13:13.0033 4592 Page size: 0x1000
2011/05/07 20:13:13.0033 4592 Boot type: Normal boot
2011/05/07 20:13:13.0033 4592 ================================================================================
2011/05/07 20:13:16.0910 4592 Initialize success
2011/05/07 20:13:21.0175 4556 ================================================================================
2011/05/07 20:13:21.0175 4556 Scan started
2011/05/07 20:13:21.0175 4556 Mode: Manual;
2011/05/07 20:13:21.0175 4556 ================================================================================
2011/05/07 20:13:24.0492 4556 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/07 20:13:24.0659 4556 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/07 20:13:24.0836 4556 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/07 20:13:24.0964 4556 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/07 20:13:25.0089 4556 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/07 20:13:25.0287 4556 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/07 20:13:25.0452 4556 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/07 20:13:25.0640 4556 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/07 20:13:25.0757 4556 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/07 20:13:25.0843 4556 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/07 20:13:25.0917 4556 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/07 20:13:25.0985 4556 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/07 20:13:26.0082 4556 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/07 20:13:26.0172 4556 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/07 20:13:26.0339 4556 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/07 20:13:26.0426 4556 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/07 20:13:26.0585 4556 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/07 20:13:26.0709 4556 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/07 20:13:26.0833 4556 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/07 20:13:27.0360 4556 BHDrvx86 (925a191c8c06124426c63ceb2ea93085) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110430.001\BHDrvx86.sys
2011/05/07 20:13:27.0755 4556 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/07 20:13:27.0910 4556 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/07 20:13:28.0071 4556 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/07 20:13:28.0154 4556 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/07 20:13:28.0201 4556 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/07 20:13:28.0293 4556 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/07 20:13:28.0463 4556 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/07 20:13:28.0615 4556 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/07 20:13:28.0753 4556 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
2011/05/07 20:13:29.0044 4556 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys
2011/05/07 20:13:29.0244 4556 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/07 20:13:29.0522 4556 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/07 20:13:29.0768 4556 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/07 20:13:29.0901 4556 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/07 20:13:30.0100 4556 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/07 20:13:30.0385 4556 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/07 20:13:30.0631 4556 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/07 20:13:30.0806 4556 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/07 20:13:30.0940 4556 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/07 20:13:31.0102 4556 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/07 20:13:31.0267 4556 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/07 20:13:31.0695 4556 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/07 20:13:31.0841 4556 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/05/07 20:13:32.0069 4556 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/07 20:13:32.0249 4556 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/07 20:13:32.0576 4556 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/07 20:13:32.0810 4556 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/07 20:13:33.0082 4556 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/07 20:13:33.0402 4556 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/07 20:13:33.0788 4556 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/07 20:13:33.0929 4556 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/07 20:13:34.0304 4556 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/07 20:13:34.0383 4556 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/07 20:13:34.0467 4556 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/07 20:13:34.0555 4556 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/07 20:13:34.0885 4556 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/07 20:13:34.0987 4556 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/07 20:13:35.0323 4556 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/07 20:13:35.0434 4556 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/05/07 20:13:35.0785 4556 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/07 20:13:35.0898 4556 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/07 20:13:35.0960 4556 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/07 20:13:35.0995 4556 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/07 20:13:36.0133 4556 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/07 20:13:36.0467 4556 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/07 20:13:36.0694 4556 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/07 20:13:36.0810 4556 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/07 20:13:36.0995 4556 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/07 20:13:37.0533 4556 ialm (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/07 20:13:37.0899 4556 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/07 20:13:38.0314 4556 IDSVix86 (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110506.001\IDSvix86.sys
2011/05/07 20:13:38.0940 4556 igfx (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/07 20:13:39.0068 4556 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/07 20:13:39.0461 4556 IntcAzAudAddService (67e40fa2e4f2b70e8b3c8597a38f3a49) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/07 20:13:39.0831 4556 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/07 20:13:39.0994 4556 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/07 20:13:40.0124 4556 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/07 20:13:40.0328 4556 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/07 20:13:40.0829 4556 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/07 20:13:41.0101 4556 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/07 20:13:41.0164 4556 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/07 20:13:41.0266 4556 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/07 20:13:41.0327 4556 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/07 20:13:41.0647 4556 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/07 20:13:41.0737 4556 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\Windows\system32\DRIVERS\k750bus.sys
2011/05/07 20:13:41.0818 4556 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/07 20:13:42.0040 4556 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/07 20:13:42.0213 4556 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/07 20:13:42.0465 4556 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/07 20:13:42.0884 4556 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/07 20:13:42.0920 4556 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/07 20:13:43.0010 4556 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/07 20:13:43.0112 4556 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/07 20:13:43.0726 4556 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/07 20:13:43.0963 4556 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/07 20:13:44.0154 4556 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
2011/05/07 20:13:44.0343 4556 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/07 20:13:44.0838 4556 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/07 20:13:45.0138 4556 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/07 20:13:45.0473 4556 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/07 20:13:45.0635 4556 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/07 20:13:45.0737 4556 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/07 20:13:45.0840 4556 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/07 20:13:45.0949 4556 MRV6X32U (b50b607b3a5cf4b069c6c4ab81c8b9de) C:\Windows\system32\DRIVERS\MRVW23B.sys
2011/05/07 20:13:46.0146 4556 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/07 20:13:46.0228 4556 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/07 20:13:46.0332 4556 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/07 20:13:46.0418 4556 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/07 20:13:46.0601 4556 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/07 20:13:46.0681 4556 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/07 20:13:46.0801 4556 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/07 20:13:46.0886 4556 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/07 20:13:47.0081 4556 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/07 20:13:47.0225 4556 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/07 20:13:47.0316 4556 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/07 20:13:47.0371 4556 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/07 20:13:47.0416 4556 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/07 20:13:47.0475 4556 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/07 20:13:47.0547 4556 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/07 20:13:47.0748 4556 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/07 20:13:48.0010 4556 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110507.002\NAVENG.SYS
2011/05/07 20:13:48.0140 4556 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110507.002\NAVEX15.SYS
2011/05/07 20:13:48.0419 4556 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/07 20:13:48.0593 4556 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/07 20:13:48.0694 4556 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/07 20:13:48.0784 4556 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/07 20:13:48.0944 4556 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/07 20:13:49.0073 4556 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/07 20:13:49.0249 4556 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/07 20:13:49.0682 4556 netr73 (7df0c8cb171e8d6e3f36421055ff5639) C:\Windows\system32\DRIVERS\netr73.sys
2011/05/07 20:13:50.0058 4556 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/05/07 20:13:50.0475 4556 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/07 20:13:50.0589 4556 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\Windows\system32\drivers\nmwcdc.sys
2011/05/07 20:13:50.0738 4556 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\Windows\system32\drivers\nmwcdcm.sys
2011/05/07 20:13:50.0963 4556 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\Windows\system32\drivers\nmwcd.sys
2011/05/07 20:13:51.0140 4556 Nokia USB Port (353c16d21eec1f11306270040b3713c1) C:\Windows\system32\drivers\nmwcdcj.sys
2011/05/07 20:13:51.0366 4556 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/07 20:13:51.0580 4556 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/07 20:13:51.0917 4556 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/07 20:13:52.0200 4556 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/07 20:13:52.0339 4556 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/07 20:13:52.0399 4556 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/07 20:13:52.0444 4556 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/07 20:13:52.0716 4556 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/07 20:13:52.0903 4556 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/07 20:13:53.0196 4556 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/07 20:13:53.0402 4556 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/07 20:13:53.0631 4556 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/07 20:13:53.0918 4556 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/07 20:13:54.0052 4556 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/05/07 20:13:54.0252 4556 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/07 20:13:54.0504 4556 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/07 20:13:54.0991 4556 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/07 20:13:55.0252 4556 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/07 20:13:55.0513 4556 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/07 20:13:55.0782 4556 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/07 20:13:55.0974 4556 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/07 20:13:56.0123 4556 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/07 20:13:56.0592 4556 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/07 20:13:56.0865 4556 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/07 20:13:57.0075 4556 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/07 20:13:57.0196 4556 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/07 20:13:57.0337 4556 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/07 20:13:57.0562 4556 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/07 20:13:57.0655 4556 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/07 20:13:57.0865 4556 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/07 20:13:57.0979 4556 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/07 20:13:58.0066 4556 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/07 20:13:58.0258 4556 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys
2011/05/07 20:13:58.0499 4556 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/07 20:13:58.0801 4556 RTL8023xp (5e01ab8ab1acf8850b2d64a6fd068e46) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/05/07 20:13:59.0230 4556 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/07 20:13:59.0413 4556 s115mdfl (e24113fc13b8737c94cf4e3415488c76) C:\Windows\system32\DRIVERS\s115mdfl.sys
2011/05/07 20:13:59.0541 4556 s115mdm (4029e49e7c673aa0670bd206b0af1b5b) C:\Windows\system32\DRIVERS\s115mdm.sys
2011/05/07 20:13:59.0797 4556 s115mgmt (eb02ab4ca8bccecfde236cad8fc6e135) C:\Windows\system32\DRIVERS\s115mgmt.sys
2011/05/07 20:14:00.0022 4556 s115obex (089869db9ffd2ac807fa87fe82ac7761) C:\Windows\system32\DRIVERS\s115obex.sys
2011/05/07 20:14:00.0341 4556 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/07 20:14:00.0628 4556 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/07 20:14:00.0807 4556 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/07 20:14:00.0873 4556 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/07 20:14:01.0056 4556 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/07 20:14:01.0471 4556 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/07 20:14:01.0611 4556 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/07 20:14:01.0718 4556 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/07 20:14:01.0826 4556 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/07 20:14:02.0034 4556 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/07 20:14:02.0338 4556 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/07 20:14:02.0569 4556 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/07 20:14:02.0883 4556 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
2011/05/07 20:14:03.0074 4556 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/07 20:14:03.0504 4556 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/05/07 20:14:04.0048 4556 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS
2011/05/07 20:14:04.0464 4556 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS
2011/05/07 20:14:05.0030 4556 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/07 20:14:05.0075 4556 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/07 20:14:05.0630 4556 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/07 20:14:05.0754 4556 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/07 20:14:05.0818 4556 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/07 20:14:06.0089 4556 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS
2011/05/07 20:14:06.0695 4556 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS
2011/05/07 20:14:07.0044 4556 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/05/07 20:14:08.0093 4556 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS
2011/05/07 20:14:09.0163 4556 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS
2011/05/07 20:14:10.0140 4556 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/07 20:14:10.0759 4556 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/07 20:14:11.0087 4556 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/07 20:14:11.0364 4556 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/07 20:14:11.0682 4556 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/07 20:14:11.0843 4556 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/07 20:14:11.0980 4556 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/07 20:14:12.0119 4556 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/07 20:14:12.0234 4556 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/07 20:14:12.0733 4556 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/07 20:14:12.0797 4556 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/07 20:14:12.0864 4556 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/07 20:14:13.0034 4556 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/07 20:14:13.0420 4556 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/07 20:14:13.0694 4556 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/07 20:14:13.0828 4556 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/07 20:14:13.0918 4556 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/07 20:14:13.0978 4556 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/07 20:14:14.0071 4556 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/07 20:14:14.0405 4556 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/07 20:14:14.0805 4556 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/07 20:14:15.0026 4556 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/07 20:14:19.0666 4556 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/07 20:14:19.0787 4556 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/07 20:14:20.0001 4556 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/07 20:14:20.0204 4556 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/07 20:14:20.0334 4556 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/07 20:14:20.0484 4556 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/07 20:14:20.0624 4556 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/07 20:14:20.0990 4556 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/07 20:14:21.0086 4556 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/07 20:14:21.0233 4556 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/07 20:14:21.0301 4556 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/07 20:14:21.0623 4556 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/07 20:14:21.0693 4556 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/07 20:14:21.0843 4556 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/07 20:14:22.0095 4556 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/07 20:14:22.0214 4556 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/07 20:14:22.0393 4556 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/07 20:14:22.0818 4556 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/07 20:14:22.0931 4556 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/07 20:14:23.0027 4556 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
2011/05/07 20:14:23.0465 4556 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/07 20:14:23.0612 4556 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/07 20:14:24.0069 4556 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/07 20:14:24.0250 4556 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/07 20:14:24.0429 4556 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/07 20:14:24.0947 4556 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/07 20:14:25.0153 4556 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/07 20:14:25.0160 4556 ================================================================================
2011/05/07 20:14:25.0160 4556 Scan finished
2011/05/07 20:14:25.0160 4556 ================================================================================
2011/05/07 20:14:25.0182 4604 Detected object count: 1
2011/05/07 20:14:50.0280 4604 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/07 20:14:50.0280 4604 \HardDisk0 - ok
2011/05/07 20:14:50.0282 4604 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/07 20:14:57.0228 5252 Deinitialize success








OTL logfile created on: 07/05/2011 20:26:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mohammed\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): c:\pagefile.sys 256 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.16 Gb Total Space | 15.38 Gb Free Space | 22.24% Space Free | Partition Type: NTFS

Computer Name: MOHAMMED-PC | User Name: Mohammed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/07 20:24:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mohammed\Desktop\OTL.exe
PRC - [2011/04/29 20:06:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/21 18:09:06 | 002,844,848 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2011/01/29 14:28:19 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/12/27 16:04:22 | 001,044,648 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2010/10/25 16:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/10/26 15:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/12/05 11:52:03 | 003,772,416 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
PRC - [2006/10/23 13:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe


========== Modules (SafeList) ==========

MOD - [2011/05/07 20:24:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mohammed\Desktop\OTL.exe
MOD - [2010/09/20 20:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/07/27 08:39:56 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010/07/27 08:39:56 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/03/20 14:37:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/23 13:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/04/20 10:13:24 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110507.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/20 10:13:24 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/20 10:13:24 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110507.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/04/18 20:58:17 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/15 21:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/30 02:34:54 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110506.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/03/20 15:29:04 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/05/27 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/06 05:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 06:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 04:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 03:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 03:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 01:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/24 08:13:40 | 000,494,368 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/12/06 12:44:40 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/10/15 04:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/06/12 00:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/04/11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008/10/29 09:29:54 | 000,043,520 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/04/23 13:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 13:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 13:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 13:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2006/12/22 08:13:06 | 000,231,040 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW23B.sys -- (MRV6X32U)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/01 21:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/05/29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006/05/29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006/05/29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006/05/29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2005/02/11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-656780939-1293708457-850800029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-656780939-1293708457-850800029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df
IE - HKU\S-1-5-21-656780939-1293708457-850800029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-656780939-1293708457-850800029-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-656780939-1293708457-850800029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-656780939-1293708457-850800029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.0.4
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.google.co.uk/search?ie=UTF-8&oe=UTF-8&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/07/01 11:23:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/29 14:30:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/06 20:06:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/06 20:06:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/03/12 20:21:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/04/19 11:29:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2011/04/18 20:59:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 20:06:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 13:08:27 | 000,000,000 | ---D | M]

[2011/01/27 17:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mohammed\AppData\Roaming\Mozilla\Extensions
[2009/02/06 01:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mohammed\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/05 15:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\6z3qjm4n.default\extensions
[2011/01/27 17:42:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\6z3qjm4n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/18 15:33:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\6z3qjm4n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/12 11:57:27 | 000,001,583 | ---- | M] () -- C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\6z3qjm4n.default\searchplugins\web-search.xml
[2011/04/12 11:56:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/08 01:34:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/04 18:18:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/21 18:09:08 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX
[2011/04/19 11:29:15 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2011/01/29 14:30:04 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\MOHAMMED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6Z3QJM4N.DEFAULT\EXTENSIONS\NEWTABURL@SOGAME.CAT.XPI
() (No name found) -- C:\USERS\MOHAMMED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6Z3QJM4N.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2011/04/29 20:06:40 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/01/23 07:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-656780939-1293708457-850800029-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-656780939-1293708457-850800029-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-656780939-1293708457-850800029-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-656780939-1293708457-850800029-1000..\Run: [Megakey] File not found
O4 - HKU\S-1-5-21-656780939-1293708457-850800029-1000..\Run: [MegakeyUpdater] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-656780939-1293708457-850800029-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-656780939-1293708457-850800029-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-656780939-1293708457-850800029-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-656780939-1293708457-850800029-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1909a9d8-1a80-11dd-b845-00038a000015}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{1909a9d8-1a80-11dd-b845-00038a000015}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
O33 - MountPoints2\{6152600e-5e20-11dc-ae8d-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{6152600e-5e20-11dc-ae8d-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{8837bc92-75b9-11dc-a1dd-00038a000015}\Shell\autoplay\Command - "" = D:\yrpww.pif
O33 - MountPoints2\{8837bc92-75b9-11dc-a1dd-00038a000015}\Shell\AutoRun\command - "" = D:\yrpww.pif
O33 - MountPoints2\{8837bc92-75b9-11dc-a1dd-00038a000015}\Shell\eXPloRe\CommAnd - "" = D:\yrpww.pif
O33 - MountPoints2\{8837bc92-75b9-11dc-a1dd-00038a000015}\Shell\OPen\comMaNd - "" = D:\yrpww.pif
O33 - MountPoints2\{bb7ee600-c0d3-11df-97bd-00038a000015}\Shell\AutoRun\command - "" = G:\ji83j.exe
O33 - MountPoints2\{bb7ee600-c0d3-11df-97bd-00038a000015}\Shell\open\Command - "" = ji83j.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 20:24:33 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Mohammed\Desktop\OTL.exe
[2011/05/07 20:10:35 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mohammed\Desktop\TDSSKiller.exe
[2011/04/30 16:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/30 16:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/30 16:33:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/30 16:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/30 16:22:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/19 21:07:46 | 000,000,000 | ---D | C] -- C:\Users\Mohammed\AppData\Roaming\Tific
[2011/04/19 11:30:24 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symtdiv.sys
[2011/04/19 11:30:24 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symds.sys
[2011/04/19 11:30:24 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symefa.sys
[2011/04/19 11:30:24 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.sys
[2011/04/19 11:30:23 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.sys
[2011/04/19 11:30:23 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.sys
[2011/04/19 11:30:23 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\ironx86.sys
[2011/04/19 11:29:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0403000.005
[2011/04/19 01:47:40 | 000,000,000 | ---D | C] -- C:\Users\Mohammed\AppData\Local\CrashDumps
[2011/04/18 21:00:04 | 000,000,000 | ---D | C] -- C:\Users\Mohammed\Documents\Symantec
[2011/04/18 20:58:20 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/18 20:57:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011/04/18 20:57:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/04/18 20:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/04/18 20:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/04/18 20:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/04/18 20:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/04/18 19:26:43 | 000,000,000 | ---D | C] -- C:\Users\Mohammed\AppData\Roaming\Malwarebytes
[2011/04/18 19:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/18 19:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/18 15:52:38 | 000,000,000 | ---D | C] -- C:\Users\Mohammed\AppData\Roaming\AVG10
[2011/04/18 15:50:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/04/18 15:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/04/18 15:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/18 15:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/17 20:51:46 | 000,000,000 | ---D | C] -- C:\Users\Mohammed\David Guetta
[2011/04/17 20:51:34 | 000,000,000 | ---D | C] -- C:\Users\Mohammed\Kings of Leon
[2011/04/09 21:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2011/04/09 21:35:36 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/07 20:24:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mohammed\Desktop\OTL.exe
[2011/05/07 20:18:15 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/07 20:18:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 20:18:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 20:17:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/07 20:09:41 | 001,280,815 | ---- | M] () -- C:\Users\Mohammed\Desktop\tdsskiller.zip
[2011/05/07 20:08:53 | 000,065,160 | ---- | M] () -- C:\Users\Mohammed\Desktop\MMNS.veg
[2011/05/07 19:35:23 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/06 21:16:39 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-656780939-1293708457-850800029-1000.job
[2011/05/06 19:59:09 | 002,394,008 | ---- | M] () -- C:\Windows\System32\drivers\N360\0403000.005\Cat.DB
[2011/05/04 19:45:29 | 000,300,544 | ---- | M] () -- C:\Users\Mohammed\Desktop\Video_Story_Board.pub
[2011/05/04 19:11:55 | 000,002,555 | ---- | M] () -- C:\Users\Mohammed\Desktop\Microsoft Office Publisher 2007.lnk
[2011/05/02 13:18:20 | 000,620,428 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/02 13:18:20 | 000,113,206 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mohammed\Desktop\TDSSKiller.exe
[2011/04/30 16:34:51 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/30 16:13:15 | 000,075,528 | ---- | M] () -- C:\Users\Mohammed\Desktop\MMNS.veg.bak
[2011/04/30 10:27:05 | 000,311,360 | ---- | M] () -- C:\Users\Mohammed\Desktop\Magnetic Man - Getting Nowhere ft. John Legend.mp3.sfk
[2011/04/30 09:56:29 | 003,614,125 | ---- | M] () -- C:\Users\Mohammed\Desktop\Magnetic Man - Getting Nowhere ft. John Legend.mp3
[2011/04/30 09:32:47 | 000,000,258 | ---- | M] () -- C:\Users\Mohammed\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/04/22 22:09:48 | 000,004,830 | ---- | M] () -- C:\Users\Mohammed\Desktop\Afro.gif
[2011/04/20 10:19:16 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/20 10:19:16 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/20 10:18:46 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/19 21:20:58 | 000,126,976 | ---- | M] () -- C:\Users\Mohammed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/19 15:52:18 | 000,293,019 | ---- | M] () -- C:\Users\Mohammed\Desktop\gmer.zip
[2011/04/19 15:41:20 | 000,625,664 | ---- | M] () -- C:\Users\Mohammed\Desktop\dds.scr
[2011/04/19 15:16:10 | 000,000,176 | ---- | M] () -- C:\Users\Mohammed\defogger_reenable
[2011/04/19 15:14:25 | 000,050,477 | ---- | M] () -- C:\Users\Mohammed\Desktop\Defogger.exe
[2011/04/19 11:52:47 | 000,002,134 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/04/18 20:58:17 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/18 20:58:17 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/18 20:58:17 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/18 20:48:38 | 000,003,046 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/04/18 15:25:18 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2011/04/18 14:39:46 | 000,000,000 | ---- | M] () -- C:\Users\Mohammed\qeucas.exe
[2011/04/17 11:38:28 | 000,018,480 | ---- | M] () -- C:\Users\Mohammed\Documents\[HorribleSubs] One Piece - 494 [360p].mkv.torrent
[2011/04/16 11:14:46 | 003,786,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/14 20:08:22 | 000,057,125 | ---- | M] () -- C:\Users\Mohammed\Documents\Four_Lions_2010_DVDRip_XviD-PRESTiGE.6233489.TPB.torrent
[2011/04/13 22:04:18 | 000,000,680 | ---- | M] () -- C:\Users\Mohammed\AppData\Local\d3d9caps.dat
[2011/04/12 11:56:16 | 000,000,875 | ---- | M] () -- C:\Users\Mohammed\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/12 11:56:16 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/11 10:26:21 | 000,000,186 | ---- | M] () -- C:\Users\Mohammed\Desktop\SAMSUNG (F) - Shortcut.lnk
[2011/04/10 15:58:51 | 000,132,323 | ---- | M] () -- C:\Users\Mohammed\Desktop\Bubbles.png
[2011/04/09 14:55:13 | 106,017,697 | ---- | M] () -- C:\Users\Mohammed\Desktop\Sony Vegas Pro 10.0a Build 387 Portable.exe
[2011/04/08 17:59:02 | 000,001,806 | -H-- | M] () -- C:\Users\Mohammed\Documents\Default.rdp
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/07 20:09:37 | 001,280,815 | ---- | C] () -- C:\Users\Mohammed\Desktop\tdsskiller.zip
[2011/05/04 19:11:34 | 000,300,544 | ---- | C] () -- C:\Users\Mohammed\Desktop\Video_Story_Board.pub
[2011/04/30 16:34:51 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/30 10:03:26 | 000,311,360 | ---- | C] () -- C:\Users\Mohammed\Desktop\Magnetic Man - Getting Nowhere ft. John Legend.mp3.sfk
[2011/04/30 09:55:29 | 003,614,125 | ---- | C] () -- C:\Users\Mohammed\Desktop\Magnetic Man - Getting Nowhere ft. John Legend.mp3
[2011/04/30 09:32:47 | 000,000,258 | ---- | C] () -- C:\Users\Mohammed\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/04/22 22:09:42 | 000,004,830 | ---- | C] () -- C:\Users\Mohammed\Desktop\Afro.gif
[2011/04/20 10:18:46 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/19 15:52:53 | 000,301,568 | ---- | C] () -- C:\Users\Mohammed\Desktop\gmer.exe
[2011/04/19 15:52:20 | 000,293,019 | ---- | C] () -- C:\Users\Mohammed\Desktop\gmer.zip
[2011/04/19 15:41:17 | 000,625,664 | ---- | C] () -- C:\Users\Mohammed\Desktop\dds.scr
[2011/04/19 15:15:01 | 000,000,176 | ---- | C] () -- C:\Users\Mohammed\defogger_reenable
[2011/04/19 15:14:29 | 000,050,477 | ---- | C] () -- C:\Users\Mohammed\Desktop\Defogger.exe
[2011/04/19 11:51:14 | 002,394,008 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\Cat.DB
[2011/04/19 11:30:24 | 000,007,873 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symefa.cat
[2011/04/19 11:30:24 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnetv.cat
[2011/04/19 11:30:24 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.cat
[2011/04/19 11:30:24 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symds.cat
[2011/04/19 11:30:24 | 000,007,368 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnet.cat
[2011/04/19 11:30:24 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symefa.inf
[2011/04/19 11:30:24 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symds.inf
[2011/04/19 11:30:24 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnetv.inf
[2011/04/19 11:30:24 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnet.inf
[2011/04/19 11:30:24 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.inf
[2011/04/19 11:30:23 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.cat
[2011/04/19 11:30:23 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\iron.cat
[2011/04/19 11:30:23 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.cat
[2011/04/19 11:30:23 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.inf
[2011/04/19 11:30:23 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.inf
[2011/04/19 11:30:23 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\iron.inf
[2011/04/19 11:29:19 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\isolate.ini
[2011/04/18 22:33:09 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-656780939-1293708457-850800029-1000.job
[2011/04/18 20:58:20 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/18 20:58:20 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/18 20:58:03 | 000,002,134 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/04/18 20:48:37 | 000,003,046 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/04/18 15:25:17 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/04/18 14:39:46 | 000,000,000 | ---- | C] () -- C:\Users\Mohammed\qeucas.exe
[2011/04/17 11:38:56 | 000,018,480 | ---- | C] () -- C:\Users\Mohammed\Documents\[HorribleSubs] One Piece - 494 [360p].mkv.torrent
[2011/04/14 20:09:03 | 000,057,125 | ---- | C] () -- C:\Users\Mohammed\Documents\Four_Lions_2010_DVDRip_XviD-PRESTiGE.6233489.TPB.torrent
[2011/04/12 11:56:16 | 000,000,875 | ---- | C] () -- C:\Users\Mohammed\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/12 11:56:16 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/11 10:26:21 | 000,000,186 | ---- | C] () -- C:\Users\Mohammed\Desktop\SAMSUNG (F) - Shortcut.lnk
[2011/04/10 15:58:56 | 000,132,323 | ---- | C] () -- C:\Users\Mohammed\Desktop\Bubbles.png
[2011/04/09 19:08:18 | 000,075,528 | ---- | C] () -- C:\Users\Mohammed\Desktop\MMNS.veg.bak
[2011/04/09 19:08:18 | 000,065,160 | ---- | C] () -- C:\Users\Mohammed\Desktop\MMNS.veg
[2011/04/09 14:51:06 | 106,017,697 | ---- | C] () -- C:\Users\Mohammed\Desktop\Sony Vegas Pro 10.0a Build 387 Portable.exe
[2011/03/27 19:18:27 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
[2011/03/27 19:18:25 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011/03/26 20:50:39 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini
[2011/03/26 20:50:39 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini
[2011/03/26 20:50:06 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011/03/16 21:57:35 | 000,000,132 | ---- | C] () -- C:\Users\Mohammed\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/03/16 21:18:27 | 000,000,132 | ---- | C] () -- C:\Users\Mohammed\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/07/27 15:28:33 | 002,392,064 | ---- | C] () -- C:\Windows\System32\videotrans.dll
[2010/07/27 15:28:32 | 000,215,040 | ---- | C] () -- C:\Windows\System32\videoformat.dll
[2010/07/27 15:28:32 | 000,017,920 | ---- | C] () -- C:\Windows\System32\videocore.dll
[2010/07/27 15:28:30 | 000,061,440 | ---- | C] () -- C:\Windows\System32\imgscaler.dll
[2010/07/27 15:28:30 | 000,022,016 | ---- | C] () -- C:\Windows\System32\img_utils.dll
[2010/05/03 21:38:09 | 002,100,970 | ---- | C] () -- C:\Users\Mohammed\AppData\Roaming\speech.wav
[2009/12/06 12:52:01 | 000,000,680 | ---- | C] () -- C:\Users\Mohammed\AppData\Local\d3d9caps.dat
[2009/11/30 17:21:58 | 000,000,326 | ---- | C] () -- C:\Users\Mohammed\AppData\Roaming\NMM-MetaData.db
[2009/11/25 20:58:29 | 000,138,504 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/25 20:24:07 | 000,214,488 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/11/25 20:23:59 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/11/25 20:23:56 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/10/20 08:07:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 08:07:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/15 12:27:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/25 17:12:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/01/25 17:12:21 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/01/25 17:12:20 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/01/25 17:12:20 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/01/25 17:12:20 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/01/25 17:12:20 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/01/25 17:12:20 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/01/25 17:12:19 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/01/25 17:12:19 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/01/25 17:12:19 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/01/25 17:12:19 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/01/25 17:12:18 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/01/25 17:12:18 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/01/25 17:12:18 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/01/25 17:12:18 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/01/25 17:12:17 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/01/25 17:12:16 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/01/25 17:12:16 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/01/25 17:12:16 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/01/25 16:45:08 | 000,000,025 | ---- | C] () -- C:\Windows\CDE SX400DEFGIPS.ini
[2008/06/18 14:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008/04/12 12:37:32 | 000,003,082 | ---- | C] () -- C:\Windows\System32\affv208325p1now.sys
[2008/04/12 12:13:24 | 000,004,977 | ---- | C] () -- C:\ProgramData\ywasvxup.hvs
[2008/03/16 15:32:33 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2007/11/16 00:42:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2007/09/11 21:05:57 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\8F66E75896.sys
[2007/09/11 21:05:56 | 000,002,932 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/09/08 18:34:09 | 000,000,860 | ---- | C] () -- C:\Windows\aolback.exe.lnk
[2007/09/08 18:26:14 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/08/16 14:01:07 | 000,024,206 | ---- | C] () -- C:\Users\Mohammed\AppData\Roaming\UserTile.png
[2007/08/10 09:29:42 | 000,212,992 | ---- | C] () -- C:\Windows\UnVt.exe
[2007/07/25 15:24:30 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/06/29 23:35:38 | 000,126,976 | ---- | C] () -- C:\Users\Mohammed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/24 20:04:27 | 000,018,598 | ---- | C] () -- C:\Users\Mohammed\AppData\Roaming\wklnhst.dat
[2006/12/08 14:01:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/12/07 10:36:59 | 000,049,152 | R--- | C] () -- C:\Windows\System32\ChCfg.exe
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 003,786,936 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,620,428 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,113,206 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/02/26 16:08:28 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2003/09/09 05:30:32 | 000,011,376 | R--- | C] () -- C:\Windows\System32\drivers\SECDRV.SYS

========== LOP Check ==========

[2010/07/25 22:13:09 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\AnvSoft
[2011/04/18 15:52:38 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\AVG10
[2010/09/08 17:58:55 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\cacaoweb
[2009/12/06 12:54:40 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\DAEMON Tools Lite
[2011/02/05 21:18:13 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\Dev-Cpp
[2010/07/26 21:39:39 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\DVDVideoSoftIEHelpers
[2008/04/26 15:04:40 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\FlashGet
[2011/03/27 19:38:27 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\FreeBurner
[2008/12/09 15:08:10 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\GetRightToGo
[2011/02/20 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\Hit'n'Mix
[2011/03/27 09:18:33 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\mkvtoolnix
[2010/07/08 17:12:17 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\NCH Swift Sound
[2009/07/05 12:50:20 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\Nokia
[2009/07/05 12:50:07 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\Nokia Multimedia Player
[2008/01/12 11:50:48 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\Opera
[2009/07/05 12:42:32 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\PC Suite
[2007/08/16 14:01:01 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\PeerNetworking
[2011/03/26 18:42:48 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\Publish Providers
[2010/07/03 14:23:18 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\QuickStoresToolbar
[2011/03/27 21:24:24 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\Sony
[2008/03/25 14:28:47 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\Sports Interactive
[2011/04/30 09:32:43 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\Spotify
[2011/04/28 22:12:14 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\SystemRequirementsLab
[2007/06/24 20:04:30 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\Template
[2011/04/19 21:07:46 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\Tific
[2011/05/05 16:34:17 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\uTorrent
[2010/07/11 18:04:43 | 000,000,000 | ---D | M] -- C:\Users\Mohammed\AppData\Roaming\Virgin Media
[2011/05/07 19:55:44 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/17 08:08:55 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{02BAF5B3-8ADD-4FCC-9062-DFFEB6CA5774}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 23:30:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 23:30:25 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %SYSTEMDRIVE%\*.exe >
[2009/07/15 17:30:46 | 000,028,672 | R--- | M] (Microsoft Corporation) -- C:\setupSNK.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< C:\program files\common files\data\* /s >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2011/02/22 14:23:55 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys
[2011/03/20 15:29:04 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/02/22 14:23:59 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2011/02/22 14:24:10 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2011/02/22 14:24:02 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2011/02/18 15:03:32 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2011/02/18 15:03:10 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2011/02/18 15:03:06 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2011/04/18 20:58:17 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/02/18 17:36:58 | 000,041,984 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:89EAFAFC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >




OTL Extras logfile created on: 07/05/2011 20:26:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mohammed\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): c:\pagefile.sys 256 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.16 Gb Total Space | 15.38 Gb Free Space | 22.24% Space Free | Partition Type: NTFS

Computer Name: MOHAMMED-PC | User Name: Mohammed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-656780939-1293708457-850800029-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [compress] -- C:\Program Files\KGB Archiver\kgb_arch_compress.exe "%1\"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068B5AE5-7FC3-4C17-BDE3-9C761BF9F023}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0F2F8778-2F82-4470-9E61-F7109592D42F}" = lport=10915 | protocol=17 | dir=in | name=bitcomet 10915 udp |
"{540CDF76-6676-48D4-B3A3-E69766D3C173}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8D898309-4466-4C70-B78D-85457FC2B8B6}" = lport=10915 | protocol=6 | dir=in | name=bitcomet 10915 tcp |
"{A603899F-9C89-4A48-9757-6A5CFADFF7A8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042900FC-3DA9-461A-B1D0-F8F86D827A52}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{1597E74D-91C7-4111-AB90-D4D1C14D6E7C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{19E95E81-06E5-414B-8463-A2839ED0D48C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1189272467\ee\aolsoftware.exe |
"{268C0E2C-1241-4C15-A982-E71E06ADB1B4}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{2A780BED-8146-4092-AC18-C0C39BD8A59E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{2B8C6E30-5E6D-4718-B6D4-4A4AB0E2565F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{39925F57-0F64-49A2-985E-239875FA5587}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{41646351-7DBA-4A61-B699-B87E1520CFE0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{481866CC-F34B-492C-9FFD-91ADCD948F35}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{55A531CF-0988-4607-B681-25E04E30CFC4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{65A4EB4C-127A-462D-86E7-A53DDBB072F9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6A3E3962-F143-43AA-8553-2C646057E2ED}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6BC930B6-8B76-4FC9-A214-32EDB50FDF29}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{6C138FB8-5EC3-4622-BA5A-B59E93E789CD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7ABFE694-F5C1-4D2D-9D5D-2EFF84C344E5}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{7BA8B9E0-70D7-4533-B0AD-6D4DDE5420CD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7F83042D-6441-4ADB-B235-33A497C50A7F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{83725CE9-A6FB-4671-9025-BBF9C6FFE155}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{856F4B99-9D04-40D2-B0FA-F04BB405C7E3}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{87D7CCBF-831A-41B8-9820-29ADAD57D63D}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{930C4BDE-C7A3-4D78-915E-9711885DB953}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1189272467\ee\aolsoftware.exe |
"{931F80AF-F203-4C0C-B113-15A03E4CF2AF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{9855A105-092D-4C79-97E3-A130839217C2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{9E47BD32-7826-4A29-9295-09CA3E31BD8A}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{AA2A52CF-5BD6-487C-8F56-188C54F305E7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{AF3AF52A-D01F-4C35-8E02-0C05CB510C95}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{B4D9F096-755C-4062-9CD2-FB48BA3C53F6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B60EE181-EE13-4C6E-BB3C-0CC90AEBF89F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C1F64AA4-5BF1-40D0-BEB1-797B7647F8BC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C4AB42E0-051F-44B2-B704-07D904CA3A5B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{D418F1AF-A1BD-4CD1-83BB-43082D88A229}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{D8513869-039E-44B6-8B38-3E39DF834629}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{DC437FED-903C-4C9B-BA7B-EEB8222C9665}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DCD33D77-E257-4363-90C4-15AC877503FB}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E9173556-AD04-46C5-A66E-389F4E52C247}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{EA0F509A-D8A5-4B8F-B9A2-9B760FB5A477}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{EAB61A65-FF00-4279-BC5C-37431A1A0A60}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{EBF893B6-FB69-4B94-AA5F-C224658B4961}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{EDBC76BC-9D18-414B-B011-BC3613121A3A}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{F74C22A2-8ACD-4D0C-9A90-A78510BE6D85}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{F9CE2996-C7C8-4693-9384-AD2A7AC74CEB}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FF701100-E57D-4637-9244-117263A612C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{002C5845-8718-46FE-9CA6-CE42FE141549}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"TCP Query User{0B360DA7-F1D0-4BF5-8282-0DDE9BF032A8}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{104960EC-5F7A-4E62-B0C9-595CBF3039EE}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{179E3A8E-3613-4629-BA5F-EDF46FB0BFF9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{22010B43-8DB5-4DD9-A923-82623E3F3908}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{394B0788-8A4A-437E-97DC-7B22FC931A83}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{43682917-3162-4B73-B1B4-00F0AF0ACEA7}C:\users\mohammed\desktop\routerclient.exe" = protocol=6 | dir=in | app=c:\users\mohammed\desktop\routerclient.exe |
"TCP Query User{4379668D-DCE7-4485-87ED-B403A4BB764A}C:\program files\mozilla firefox 3.6 beta 5\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 3.6 beta 5\firefox.exe |
"TCP Query User{4EE1E646-2232-486C-AA9D-CAC8A75FDFEB}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{508C27CD-C5E5-4BF6-8D0E-E65F0783E1F9}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{59EE76F0-D36B-44FF-9E3D-1CA7DD3B81D6}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"TCP Query User{5ECC4F16-2DCE-4695-BE47-07E5D0965F06}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{69C8712C-8395-4AED-8D27-70BA4808968A}C:\program files\microsoft games\halo trial\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
"TCP Query User{6AB5BF9D-F4A1-4805-BEC2-C6572DFE9062}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{828B019D-5E65-4C7C-9E43-8D7B98103729}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{82D0E422-FBD2-4489-84FA-D37FE2987ED1}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{88A4DD3D-18FB-403F-8DAF-AA384930923C}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{99405121-EDC8-4282-8E48-AD1A68AFFA6F}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{9B8367E7-66A0-4D3D-9BCB-5DA15F0D0D2C}C:\users\mohammed\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\mohammed\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{9CB378B7-EBBF-4340-9524-97B83BFE7F1D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{9D688CFF-C133-45DD-BC04-55C3B7F00B96}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |
"TCP Query User{AB5FDC92-9C0F-4C58-ABD4-239CE7CB61CB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{AC106675-CF8A-42E0-9AB0-57264BB2576A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B266541F-23B6-413F-97D4-B01D5E6EEEBD}C:\program files\microsoft games\halo server\haloded.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo server\haloded.exe |
"TCP Query User{B821C621-43B7-4391-B000-DA59A2E56887}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{C55D093E-77F2-4ACC-91F8-6E569AC7C162}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{C6DAA733-B65C-4726-9BF4-62DC043C93A9}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{EF33BA9E-3E8E-4FA8-B99A-C396FECA69A4}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{F3F738B8-0781-464D-B5A0-C070DED2BC6C}C:\users\mohammed\downloads\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\mohammed\downloads\age of empires ii\empires2.exe |
"UDP Query User{04750311-D12C-4F67-A4A5-1EF42E1ECAEF}C:\users\mohammed\downloads\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\mohammed\downloads\age of empires ii\empires2.exe |
"UDP Query User{070A7E63-6AC0-47CA-930B-905D060B1A24}C:\users\mohammed\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\mohammed\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{09EC80E9-159C-4962-9C68-9E8B7B30D64C}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{128F8357-5D38-4409-8FC1-7B23325F698F}C:\program files\microsoft games\halo server\haloded.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo server\haloded.exe |
"UDP Query User{16F11CB8-8D7D-40BE-98EB-DDFC8F8D152D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{1F7535BC-1A41-49E1-8952-265B22DB8823}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{29619DC3-F651-4396-9AA7-E1E9DD146443}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{3DD0DFE2-2BF9-434C-8054-B272CB562AFF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{3F5745A1-78F2-46EF-9F67-7EA345AC9C23}C:\program files\microsoft games\halo trial\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
"UDP Query User{497C3CE1-AF30-4C8A-AF2D-3AC2BFD1F3E6}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{4DD7287F-0F02-48B7-983F-039D5B53CC0C}C:\program files\mozilla firefox 3.6 beta 5\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 3.6 beta 5\firefox.exe |
"UDP Query User{5573AB0E-659A-4A2E-A8AD-B25E22B4C207}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{67FB811D-71D0-4B06-A13F-E4AB93EE47C7}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{70A4B125-ECBB-49D8-ACA3-3AE8A6E6CEDB}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{71191198-41D7-4226-AED6-E00D4B5998E6}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{7DC29F05-8FAD-4A35-871D-EB037CCCEC46}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{874CF1DA-1CE3-45DB-9A50-9CD72CA28013}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |
"UDP Query User{8F3AC7FE-6566-4111-85D1-C6D0F928453C}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{94C9315D-CBCE-4477-BD4C-F74B87F06BC1}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{A7114884-E3F0-4004-BCA9-E2A915E699EC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B53E6EBC-6F3C-4C8C-A215-212BC37C96AD}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"UDP Query User{B5F1EE3F-602D-4466-9EB4-0D8CAA298C24}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"UDP Query User{C33AB890-31BC-41D8-95EC-26F8D224BF49}C:\users\mohammed\desktop\routerclient.exe" = protocol=17 | dir=in | app=c:\users\mohammed\desktop\routerclient.exe |
"UDP Query User{DA43085B-4FE2-4529-BC69-407400E0CCE2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E00AAA9F-F261-4846-9920-A771933CC777}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{E1C35EED-4917-4716-88A2-596EB39401F0}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{E732420B-85C1-42F3-84D9-99FE27A8FEAE}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{F6557589-1EC3-4450-BED8-8504516140AE}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{FE5904CF-77F7-4BED-8FC5-6FC3A9420C7F}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AB36A6C-27A8-4CB1-89A1-9D05F3F16625}" = Mobile Mouse Server
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5013C8-51D9-491A-8269-8540B90DB6B6}" = Sun Java ™ Wireless Toolkit 2.5.2_01 for CLDC
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BD3BC83-C14A-4C54-A5FB-F43D93D5E4EF}" = Nokia Connectivity Cable Driver
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA2EBBCC-4E3B-3442-865E-7BB3E9F45F0C}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton Security Scan
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB5BA578-FF7F-3863-8E53-7A003222B7FC}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX Setup
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide" = EPSON Stylus SX200_SX400_TX200_TX400 Manual
"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall
"ExpressBurn" = Express Burn
"FormatFactory" = FormatFactory 2.60
"Free Easy Burner_is1" = Free Easy Burner V 4.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"Hit'n'Mix Play" = Hit'n'Mix Play
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MKVtoolnix" = MKVtoolnix 4.6.0
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"N360" = Norton 360
"P2PFilter" = P2PFilter 3.0.5
"PROR" = Microsoft Office Professional 2007 Trial
"PunkBusterSvc" = PunkBuster Services
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"RealPlayer 12.0" = RealPlayer
"SMPlayer" = SMPlayer 0.6.9
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.3.2
"Spotify" = Spotify
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip Self-Extractor" = WinZip Self-Extractor

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-656780939-1293708457-850800029-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/05/2011 13:38:48 | Computer Name = Mohammed-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x00046e66, process id 0x430, application
start time 0x01cc0cda18e8ab05.

Error - 07/05/2011 13:44:20 | Computer Name = Mohammed-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 07/05/2011 13:57:53 | Computer Name = Mohammed-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 07/05/2011 14:17:33 | Computer Name = Mohammed-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc000071b, fault offset 0x00088d15, process id 0x438, application
start time 0x01cc0ce02d9d164a.

Error - 07/05/2011 14:27:47 | Computer Name = Mohammed-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 07/05/2011 14:35:57 | Computer Name = Mohammed-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x00046e66, process id 0x678, application
start time 0x01cc0ce39e48e65a.

Error - 07/05/2011 14:54:01 | Computer Name = Mohammed-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x00046e66, process id 0x1194, application
start time 0x01cc0ce5fab6c95a.

Error - 07/05/2011 14:57:47 | Computer Name = Mohammed-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 07/05/2011 15:10:24 | Computer Name = Mohammed-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x00046e66, process id 0x994, application
start time 0x01cc0ce89af2c43a.

Error - 07/05/2011 15:27:48 | Computer Name = Mohammed-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 22/09/2007 16:06:05 | Computer Name = Mohammed-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 17/04/2008 19:00:38 | Computer Name = Mohammed-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 26/05/2008 10:30:03 | Computer Name = Mohammed-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 22/01/2009 05:45:24 | Computer Name = Mohammed-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 11/02/2009 12:11:52 | Computer Name = Mohammed-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ System Events ]
Error - 07/05/2011 14:43:31 | Computer Name = Mohammed-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 07/05/2011 15:12:28 | Computer Name = Mohammed-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 07/05/2011 15:12:28 | Computer Name = Mohammed-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07/05/2011 15:12:28 | Computer Name = Mohammed-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 07/05/2011 15:12:28 | Computer Name = Mohammed-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 07/05/2011 15:12:28 | Computer Name = Mohammed-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07/05/2011 15:12:28 | Computer Name = Mohammed-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 07/05/2011 15:17:24 | Computer Name = Mohammed-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 07/05/2011 15:17:34 | Computer Name = Mohammed-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 07/05/2011 15:20:29 | Computer Name = Mohammed-PC | Source = Print | ID = 72
Description = Windows could not initialize printer HP LaserJet 1020 because the
print processor IMFPrint could not be found. Please obtain and install a new version
of the driver from the manufacturer (if available), or choose an alternate driver
that works with this print device.


< End of report >

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:20 AM

Posted 07 May 2011 - 07:26 PM

Hi NuclearApe,




Step1


  • Please start OTL on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    :OTL
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-656780939-1293708457-850800029-1000..\Run: [AdobeBridge] File not found
    O4 - HKU\S-1-5-21-656780939-1293708457-850800029-1000..\Run: [Megakey] File not found
    O4 - HKU\S-1-5-21-656780939-1293708457-850800029-1000..\Run: [MegakeyUpdater] File not found
    O33 - MountPoints2\{1909a9d8-1a80-11dd-b845-00038a000015}\Shell\Auto\command - "" = AdobeR.exe e
    O33 - MountPoints2\{1909a9d8-1a80-11dd-b845-00038a000015}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
    O33 - MountPoints2\{6152600e-5e20-11dc-ae8d-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{8837bc92-75b9-11dc-a1dd-00038a000015}\Shell\autoplay\Command - "" = D:\yrpww.pif
    O33 - MountPoints2\{8837bc92-75b9-11dc-a1dd-00038a000015}\Shell\AutoRun\command - "" = D:\yrpww.pif
    O33 - MountPoints2\{8837bc92-75b9-11dc-a1dd-00038a000015}\Shell\eXPloRe\CommAnd - "" = D:\yrpww.pif
    O33 - MountPoints2\{8837bc92-75b9-11dc-a1dd-00038a000015}\Shell\OPen\comMaNd - "" = D:\yrpww.pif
    O33 - MountPoints2\{bb7ee600-c0d3-11df-97bd-00038a000015}\Shell\AutoRun\command - "" = G:\ji83j.exe
    O33 - MountPoints2\{bb7ee600-c0d3-11df-97bd-00038a000015}\Shell\open\Command - "" = ji83j.exe
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2B11E0DF
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:89EAFAFC
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [resethosts]
    [start explorer]
    
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTL will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.

Step2

Please download Malwarebytes' Anti-Malware from Here or Here

  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • You can refer to this tutorial

Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Step3

  • Go into the Control Panel (Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave both Checked

    Applications and Applets
    Trace and Log Files
  • Click OK on Delete Temporary Files Window
  • Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


Step4

Please run the ESET Online Scanner

Note: You will need to use Internet explorer for this scan, Vista user, Please right click your browser and select "Run As Administrator".

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt .
  • Copy and paste that log as a reply to this topic and also let me know how things are now.



In your next reply, please post back:

1.OTL delete log
2.MBAM log
3.Eset Online Scanner Report

Tell me if you have any remaining issues on your pc.

#7 NuclearApe

NuclearApe
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 08 May 2011 - 06:10 AM

Thanks for the help, I really appreciate it!

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-656780939-1293708457-850800029-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-656780939-1293708457-850800029-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Megakey deleted successfully.
Registry value HKEY_USERS\S-1-5-21-656780939-1293708457-850800029-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MegakeyUpdater deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1909a9d8-1a80-11dd-b845-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1909a9d8-1a80-11dd-b845-00038a000015}\ not found.
File AdobeR.exe e not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1909a9d8-1a80-11dd-b845-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1909a9d8-1a80-11dd-b845-00038a000015}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6152600e-5e20-11dc-ae8d-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6152600e-5e20-11dc-ae8d-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8837bc92-75b9-11dc-a1dd-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8837bc92-75b9-11dc-a1dd-00038a000015}\ not found.
File D:\yrpww.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8837bc92-75b9-11dc-a1dd-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8837bc92-75b9-11dc-a1dd-00038a000015}\ not found.
File D:\yrpww.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8837bc92-75b9-11dc-a1dd-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8837bc92-75b9-11dc-a1dd-00038a000015}\ not found.
File D:\yrpww.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8837bc92-75b9-11dc-a1dd-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8837bc92-75b9-11dc-a1dd-00038a000015}\ not found.
File D:\yrpww.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb7ee600-c0d3-11df-97bd-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb7ee600-c0d3-11df-97bd-00038a000015}\ not found.
File G:\ji83j.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb7ee600-c0d3-11df-97bd-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb7ee600-c0d3-11df-97bd-00038a000015}\ not found.
File ji83j.exe not found.
ADS C:\ProgramData\TEMP:2B11E0DF deleted successfully.
ADS C:\ProgramData\TEMP:89EAFAFC deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41704 bytes

User: Default User

User: Mohammed
->Temp folder emptied: 1094501630 bytes
->Temporary Internet Files folder emptied: 1112496 bytes
->Java cache emptied: 99167240 bytes
->FireFox cache emptied: 50080257 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 4111 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 132994325 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 87280066 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,397.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User

User: Mohammed
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05082011_080636

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\MPENGINE.DLL not found!
File\Folder C:\Windows\temp\TMP00000001A1B0545DAF883307 not found!
File\Folder C:\Windows\temp\TMP000000131D94B6E21CFA7F9E not found!

Registry entries deleted on Reboot...









Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6529

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

08/05/2011 08:38:51
mbam-log-2011-05-08 (08-38-51).txt

Scan type: Quick scan
Objects scanned: 120346
Time elapsed: 10 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)







ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=2a0be514ab79a94b858fcafe1d66ede9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-08 10:59:04
# local_time=2011-05-08 11:59:04 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 1702892 1702892 0 0
# compatibility_mode=3589 16777213 100 86 1625327 68209141 0 0
# compatibility_mode=5892 16776573 100 100 39126 142373574 0 0
# compatibility_mode=8192 67108863 100 0 175 175 0 0
# scanned=164760
# found=3
# cleaned=0
# scan_time=11498
C:\Applications\Tools\AOL\stdnet_updater.exe probably a variant of Win32/StartPage.LWOOMNQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Applications\Tools\AOL\comps\acs\acssetup.exe probably a variant of Win32/StartPage.LWOOMNQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Mohammed\Documents\FFOutput\Sony Vegas Pro 10.0a Build 387 (X86-X64) By Adrian Dennis\Activation By Adrian Dennis\Keygen.exe a variant of Win32/Keygen.AR application (unable to clean) 00000000000000000000000000000000 I





My computer is running a lot better! The theme changes have stopped and so have all other issues.


Sorry but I have another problem, when I got the virus, my external hard drive was plugged in and I fear it may still have the virus and since then I have left it unplugged but I was wondering if I were to format it would the virus go?


Once again thank you for all your help!


#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:20 AM

Posted 08 May 2011 - 07:09 AM

Hi NuclearApe,


I was wondering if I were to format it would the virus go?

Yes, the virus should be extinction after formatting the flash stick. After that, you might secure it with Panda USB and AutoRun Vaccine

Please remove Sony Vegas Pro Keygen.exe from the following filepath manually --->C:\Users\Mohammed\Documents\FFOutput\Sony Vegas Pro 10.0a Build 387 (X86-X64) By Adrian Dennis\Activation By Adrian Dennis\Keygen.exe

Other than that, your system appears to be clean now. :thumbsup: If you have no remaining concerns on your pc, lets do some tidy up and we can send you on your way.


Step1

  • Start OTL from your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.
    :Commands
    [CLEARALLRESTOREPOINTS]
    [emptytemp]
    [EMPTYFLASH]
    [start explorer]
    
  • Click Run Fix button on the top. After reboot, please do the following:
  • Double click OTL and let it run
  • Then Click the Cleanup button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:


  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Update all programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  • Backup your valid registry -ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry and restore if needed. Due to malware affects, a corrupt registry can prevent a system from booting. You're well advised to backup your valid registry while the system is clean now. For more info: Here and Here .


Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

#9 NuclearApe

NuclearApe
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 08 May 2011 - 10:09 AM

Thank you very much for all the help! It's great to have my laptop working properly again...

I did the rest of the steps like you said and once again thanks!

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:20 AM

Posted 08 May 2011 - 11:15 AM

Since this issue appears resolved ... this Topic is closed.

Glad to have helped.

Everyone else please begin a New Topic.

#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:20 AM

Posted 08 May 2011 - 11:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users