Solved BAD IMAGE error, can't click anything on desktop with Windows Explorer open

ace khan · May 22, 2012

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-22 00:33:48
-----------------------------
00:33:48.826 OS Version: Windows 6.1.7601 Service Pack 1
00:33:48.826 Number of processors: 2 586 0x170A
00:33:48.828 ComputerName: NOOR-PC UserName: NOOR
00:34:05.682 Initialize success
00:39:04.959 AVAST engine defs: 12052101
00:39:25.623 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
00:39:25.627 Disk 0 Vendor: ST3500413AS JC45 Size: 476940MB BusType: 3
00:39:25.640 Disk 0 MBR read successfully
00:39:25.643 Disk 0 MBR scan
00:39:25.650 Disk 0 Windows 7 default MBR code
00:39:25.663 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 150000 MB offset 2048
00:39:25.725 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 150000 MB offset 307202048
00:39:25.769 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 176938 MB offset 614402048
00:39:25.799 Disk 0 scanning sectors +976771072
00:39:25.873 Disk 0 scanning C:\Windows\system32\drivers
00:39:38.942 Service scanning
00:39:51.263 Service MpKsl361faee6 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D04351CB-E65E-42EA-8409-FC61792824E1}\MpKsl361faee6.sys **LOCKED** 32
00:40:06.908 Modules scanning
00:40:13.858 Disk 0 trace - called modules:
00:40:13.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
00:40:13.879 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862694f0]
00:40:13.883 3 CLASSPNP.SYS[89b0659e] -> nt!IofCallDriver -> [0x85d99b60]
00:40:13.887 5 ACPI.sys[892a13d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x85da1030]
00:40:14.807 AVAST engine scan C:\Windows
00:40:16.879 AVAST engine scan C:\Windows\system32
00:43:44.587 AVAST engine scan C:\Windows\system32\drivers
00:43:59.717 AVAST engine scan C:\Users\NOOR
00:45:35.435 Disk 0 MBR has been saved successfully to "C:\Users\NOOR\Desktop\MBR.dat"
00:45:35.436 The log file has been saved successfully to "C:\Users\NOOR\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-22 00:33:48
-----------------------------
00:33:48.826 OS Version: Windows 6.1.7601 Service Pack 1
00:33:48.826 Number of processors: 2 586 0x170A
00:33:48.828 ComputerName: NOOR-PC UserName: NOOR
00:34:05.682 Initialize success
00:39:04.959 AVAST engine defs: 12052101
00:39:25.623 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
00:39:25.627 Disk 0 Vendor: ST3500413AS JC45 Size: 476940MB BusType: 3
00:39:25.640 Disk 0 MBR read successfully
00:39:25.643 Disk 0 MBR scan
00:39:25.650 Disk 0 Windows 7 default MBR code
00:39:25.663 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 150000 MB offset 2048
00:39:25.725 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 150000 MB offset 307202048
00:39:25.769 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 176938 MB offset 614402048
00:39:25.799 Disk 0 scanning sectors +976771072
00:39:25.873 Disk 0 scanning C:\Windows\system32\drivers
00:39:38.942 Service scanning
00:39:51.263 Service MpKsl361faee6 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D04351CB-E65E-42EA-8409-FC61792824E1}\MpKsl361faee6.sys **LOCKED** 32
00:40:06.908 Modules scanning
00:40:13.858 Disk 0 trace - called modules:
00:40:13.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
00:40:13.879 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862694f0]
00:40:13.883 3 CLASSPNP.SYS[89b0659e] -> nt!IofCallDriver -> [0x85d99b60]
00:40:13.887 5 ACPI.sys[892a13d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x85da1030]
00:40:14.807 AVAST engine scan C:\Windows
00:40:16.879 AVAST engine scan C:\Windows\system32
00:43:44.587 AVAST engine scan C:\Windows\system32\drivers
00:43:59.717 AVAST engine scan C:\Users\NOOR
00:45:35.435 Disk 0 MBR has been saved successfully to "C:\Users\NOOR\Desktop\MBR.dat"
00:45:35.436 The log file has been saved successfully to "C:\Users\NOOR\Desktop\aswMBR.txt"

Broni · May 22, 2012

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

ace khan · May 22, 2012

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.22.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
NOOR :: NOOR-PC [administrator]

22-May-12 10:27:23 PM
mbam-log-2012-05-22 (22-27-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247143
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ace khan · May 22, 2012

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-23 00:56:00
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 ST3500413AS rev.JC45
Running: 9y0v3ciq.exe; Driver: C:\Users\NOOR\AppData\Local\Temp\kxldqpob.sys
---- System - GMER 1.0.15 ----
SSDT 863A7FB0 ZwAlpcConnectPort
SSDT 863EF2A8 ZwLoadDriver
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 832853C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832BED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 832C5DB4 4 Bytes [B0, 7F, 3A, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1313 832C5FC8 4 Bytes [A8, F2, 3E, 86]
.text peauth.sys 9EF53C9D 28 Bytes [C4, E8, ED, D3, E6, D9, 17, ...]
.text peauth.sys 9EF53CC1 28 Bytes [C4, E8, ED, D3, E6, D9, 17, ...]
---- User code sections - GMER 1.0.15 ----
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtCreateFile + 6 77D355CE 4 Bytes [28, 00, 1D, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtCreateFile + B 77D355D3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtMapViewOfSection + 6 77D35C2E 1 Byte [28]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtMapViewOfSection + 6 77D35C2E 4 Bytes [28, 03, 1D, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtMapViewOfSection + B 77D35C33 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenFile + 6 77D35CDE 4 Bytes [68, 00, 1D, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenFile + B 77D35CE3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenProcess + 6 77D35D8E 4 Bytes [A8, 01, 1D, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenProcess + B 77D35D93 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenProcessToken + B 77D35DA3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenProcessTokenEx + 6 77D35DAE 4 Bytes [A8, 02, 1D, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenProcessTokenEx + B 77D35DB3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenThread + 6 77D35E0E 4 Bytes [68, 01, 1D, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenThread + B 77D35E13 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenThreadToken + 6 77D35E1E 4 Bytes [68, 02, 1D, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenThreadToken + B 77D35E23 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenThreadTokenEx + B 77D35E33 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtQueryAttributesFile + 6 77D35F3E 4 Bytes [A8, 00, 1D, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtQueryAttributesFile + B 77D35F43 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtQueryFullAttributesFile + B 77D35FF3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtSetInformationFile + 6 77D3663E 4 Bytes [28, 01, 1D, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtSetInformationFile + B 77D36643 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtSetInformationThread + 6 77D3669E 4 Bytes [28, 02, 1D, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtSetInformationThread + B 77D366A3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtUnmapViewOfSection + 6 77D369BE 1 Byte [68]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtUnmapViewOfSection + 6 77D369BE 4 Bytes [68, 03, 1D, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtUnmapViewOfSection + B 77D369C3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtCreateFile + 6 77D355CE 4 Bytes [28, 00, 17, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtCreateFile + B 77D355D3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtMapViewOfSection + 6 77D35C2E 1 Byte [28]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtMapViewOfSection + 6 77D35C2E 4 Bytes [28, 03, 17, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtMapViewOfSection + B 77D35C33 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenFile + 6 77D35CDE 4 Bytes [68, 00, 17, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenFile + B 77D35CE3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenProcess + 6 77D35D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenProcess + B 77D35D93 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenProcessToken + B 77D35DA3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenProcessTokenEx + 6 77D35DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenProcessTokenEx + B 77D35DB3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenThread + 6 77D35E0E 4 Bytes [68, 01, 17, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenThread + B 77D35E13 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenThreadToken + 6 77D35E1E 4 Bytes [68, 02, 17, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenThreadToken + B 77D35E23 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtOpenThreadTokenEx + B 77D35E33 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtQueryAttributesFile + 6 77D35F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtQueryAttributesFile + B 77D35F43 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtQueryFullAttributesFile + B 77D35FF3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtSetInformationFile + 6 77D3663E 4 Bytes [28, 01, 17, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtSetInformationFile + B 77D36643 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtSetInformationThread + 6 77D3669E 4 Bytes [28, 02, 17, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtSetInformationThread + B 77D366A3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtUnmapViewOfSection + 6 77D369BE 1 Byte [68]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtUnmapViewOfSection + 6 77D369BE 4 Bytes [68, 03, 17, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2620] ntdll.dll!NtUnmapViewOfSection + B 77D369C3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtCreateFile + 6 77D355CE 4 Bytes [28, 00, 16, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtCreateFile + B 77D355D3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtMapViewOfSection + 6 77D35C2E 1 Byte [28]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtMapViewOfSection + 6 77D35C2E 4 Bytes [28, 03, 16, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtMapViewOfSection + B 77D35C33 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenFile + 6 77D35CDE 4 Bytes [68, 00, 16, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenFile + B 77D35CE3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenProcess + 6 77D35D8E 4 Bytes [A8, 01, 16, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenProcess + B 77D35D93 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenProcessToken + B 77D35DA3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenProcessTokenEx + 6 77D35DAE 4 Bytes [A8, 02, 16, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenProcessTokenEx + B 77D35DB3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenThread + 6 77D35E0E 4 Bytes [68, 01, 16, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenThread + B 77D35E13 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenThreadToken + 6 77D35E1E 4 Bytes [68, 02, 16, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenThreadToken + B 77D35E23 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenThreadTokenEx + B 77D35E33 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtQueryAttributesFile + 6 77D35F3E 4 Bytes [A8, 00, 16, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtQueryAttributesFile + B 77D35F43 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtQueryFullAttributesFile + B 77D35FF3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtSetInformationFile + 6 77D3663E 4 Bytes [28, 01, 16, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtSetInformationFile + B 77D36643 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtSetInformationThread + 6 77D3669E 4 Bytes [28, 02, 16, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtSetInformationThread + B 77D366A3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtUnmapViewOfSection + 6 77D369BE 1 Byte [68]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtUnmapViewOfSection + 6 77D369BE 4 Bytes [68, 03, 16, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtUnmapViewOfSection + B 77D369C3 1 Byte [E2]
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3212] kernel32.dll!SetUnhandledExceptionFilter 778FF4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtCreateFile + 6 77D355CE 4 Bytes [28, 00, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtCreateFile + B 77D355D3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtMapViewOfSection + 6 77D35C2E 1 Byte [28]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtMapViewOfSection + 6 77D35C2E 4 Bytes [28, 03, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtMapViewOfSection + B 77D35C33 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenFile + 6 77D35CDE 4 Bytes [68, 00, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenFile + B 77D35CE3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcess + 6 77D35D8E 4 Bytes [A8, 01, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcess + B 77D35D93 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcessToken + B 77D35DA3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcessTokenEx + 6 77D35DAE 4 Bytes [A8, 02, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenProcessTokenEx + B 77D35DB3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThread + 6 77D35E0E 4 Bytes [68, 01, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThread + B 77D35E13 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThreadToken + 6 77D35E1E 4 Bytes [68, 02, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThreadToken + B 77D35E23 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtOpenThreadTokenEx + B 77D35E33 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtQueryAttributesFile + 6 77D35F3E 4 Bytes [A8, 00, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtQueryAttributesFile + B 77D35F43 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtQueryFullAttributesFile + B 77D35FF3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtSetInformationFile + 6 77D3663E 4 Bytes [28, 01, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtSetInformationFile + B 77D36643 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtSetInformationThread + 6 77D3669E 4 Bytes [28, 02, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtSetInformationThread + B 77D366A3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtUnmapViewOfSection + 6 77D369BE 1 Byte [68]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtUnmapViewOfSection + 6 77D369BE 4 Bytes [68, 03, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[3820] ntdll.dll!NtUnmapViewOfSection + B 77D369C3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtCreateFile + 6 77D355CE 4 Bytes [28, 00, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtCreateFile + B 77D355D3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtMapViewOfSection + 6 77D35C2E 1 Byte [28]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtMapViewOfSection + 6 77D35C2E 4 Bytes [28, 03, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtMapViewOfSection + B 77D35C33 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenFile + 6 77D35CDE 4 Bytes [68, 00, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenFile + B 77D35CE3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcess + 6 77D35D8E 4 Bytes [A8, 01, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcess + B 77D35D93 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcessToken + B 77D35DA3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcessTokenEx + 6 77D35DAE 4 Bytes [A8, 02, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcessTokenEx + B 77D35DB3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThread + 6 77D35E0E 4 Bytes [68, 01, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThread + B 77D35E13 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThreadToken + 6 77D35E1E 4 Bytes [68, 02, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThreadToken + B 77D35E23 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThreadTokenEx + B 77D35E33 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtQueryAttributesFile + 6 77D35F3E 4 Bytes [A8, 00, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtQueryAttributesFile + B 77D35F43 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtQueryFullAttributesFile + B 77D35FF3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationFile + 6 77D3663E 4 Bytes [28, 01, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationFile + B 77D36643 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationThread + 6 77D3669E 4 Bytes [28, 02, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationThread + B 77D366A3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtUnmapViewOfSection + 6 77D369BE 1 Byte [68]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtUnmapViewOfSection + 6 77D369BE 4 Bytes [68, 03, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtUnmapViewOfSection + B 77D369C3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtCreateFile + 6 77D355CE 4 Bytes [28, 00, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtCreateFile + B 77D355D3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtMapViewOfSection + 6 77D35C2E 1 Byte [28]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtMapViewOfSection + 6 77D35C2E 4 Bytes [28, 03, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtMapViewOfSection + B 77D35C33 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenFile + 6 77D35CDE 4 Bytes [68, 00, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenFile + B 77D35CE3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenProcess + 6 77D35D8E 4 Bytes [A8, 01, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenProcess + B 77D35D93 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenProcessToken + B 77D35DA3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenProcessTokenEx + 6 77D35DAE 4 Bytes [A8, 02, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenProcessTokenEx + B 77D35DB3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenThread + 6 77D35E0E 4 Bytes [68, 01, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenThread + B 77D35E13 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenThreadToken + 6 77D35E1E 4 Bytes [68, 02, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenThreadToken + B 77D35E23 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenThreadTokenEx + B 77D35E33 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtQueryAttributesFile + 6 77D35F3E 4 Bytes [A8, 00, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtQueryAttributesFile + B 77D35F43 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtQueryFullAttributesFile + B 77D35FF3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtSetInformationFile + 6 77D3663E 4 Bytes [28, 01, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtSetInformationFile + B 77D36643 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtSetInformationThread + 6 77D3669E 4 Bytes [28, 02, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtSetInformationThread + B 77D366A3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtUnmapViewOfSection + 6 77D369BE 1 Byte [68]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtUnmapViewOfSection + 6 77D369BE 4 Bytes [68, 03, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtUnmapViewOfSection + B 77D369C3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtCreateFile + 6 77D355CE 4 Bytes [28, 00, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtCreateFile + B 77D355D3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtMapViewOfSection + 6 77D35C2E 1 Byte [28]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtMapViewOfSection + 6 77D35C2E 4 Bytes [28, 03, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtMapViewOfSection + B 77D35C33 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtOpenFile + 6 77D35CDE 4 Bytes [68, 00, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtOpenFile + B 77D35CE3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtOpenProcess + 6 77D35D8E 4 Bytes [A8, 01, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtOpenProcess + B 77D35D93 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtOpenProcessToken + B 77D35DA3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtOpenProcessTokenEx + 6 77D35DAE 4 Bytes [A8, 02, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtOpenProcessTokenEx + B 77D35DB3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtOpenThread + 6 77D35E0E 4 Bytes [68, 01, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtOpenThread + B 77D35E13 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtOpenThreadToken + 6 77D35E1E 4 Bytes [68, 02, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtOpenThreadToken + B 77D35E23 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtOpenThreadTokenEx + B 77D35E33 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtQueryAttributesFile + 6 77D35F3E 4 Bytes [A8, 00, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtQueryAttributesFile + B 77D35F43 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtQueryFullAttributesFile + B 77D35FF3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtSetInformationFile + 6 77D3663E 4 Bytes [28, 01, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtSetInformationFile + B 77D36643 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtSetInformationThread + 6 77D3669E 4 Bytes [28, 02, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtSetInformationThread + B 77D366A3 1 Byte [E2]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtUnmapViewOfSection + 6 77D369BE 1 Byte [68]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtUnmapViewOfSection + 6 77D369BE 4 Bytes [68, 03, 35, 00]
.text C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe[4596] ntdll.dll!NtUnmapViewOfSection + B 77D369C3 1 Byte [E2]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6134649C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6134649C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [613463D7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61346CC4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61346CC4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [613464A2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61346306] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61346344] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61346537] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [613463D7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61346CC4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6134649C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [61346622] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4052] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [6134657C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Windows\system32\rundll32.exe[4588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75DBFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[4588] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75DBFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[4588] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75DBFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[4588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75DBFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[4588] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75DBFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[4588] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75DBFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
---- Files - GMER 1.0.15 ----
File C:\Users\NOOR\AppData\Roaming\Microsoft\Windows\Cookies\ZA38YVJ3.txt 93 bytes
---- EOF - GMER 1.0.15 ----

ace khan · May 22, 2012

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0
Run by NOOR at 1:39:54 on 2012-05-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2044.708 [GMT 5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BrowserCompanion\BCHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\X7 Oscar Keyboard Editor\OscarEditor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NOOR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.com.pk/
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{EDF53788-ACE8-4588-8686-B75F26FD4C7F}
uInternet Settings,ProxyServer = 192.168.1.4:8080
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWin0.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
mURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWin0.dll
BHO: Chatvibes Browser Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files\browsercompanion\jsloader.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWin0.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO: Chatvibes Browser Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - c:\program files\browsercompanion\updatebhoWin32.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWin0.dll
TB: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll
uRun: [OscarEditor] "c:\program files\x7 oscar keyboard editor\\OscarEditor.exe" Minimum
uRun: [OscarKeyboard] "c:\program files\x7 oscar keyboard editor\OscarEditor.exe" Minimum
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Browser companion helper] c:\program files\browsercompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRunOnce: [<NO NAME>]
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{92B09FD1-FC25-460A-9BE3-3CF046240A95} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F7A8368B-95C7-4BF8-9D00-A9526CF2BB8E} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F7A8368B-95C7-4BF8-9D00-A9526CF2BB8E}\4505D2C494E4B4F5132303836334 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F7A8368B-95C7-4BF8-9D00-A9526CF2BB8E}\75962756C656373702054534C4022427F616462414E444 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1100000.088\SymDS.sys [2011-12-9 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1100000.088\SymEFA.sys [2011-12-9 169008]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1100000.088\ccHPx86.sys [2011-12-9 501888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-5-12 242240]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20090828.002\IDSVix86.sys [2011-12-9 342576]
R1 MpKsl83b6e377;MpKsl83b6e377;c:\programdata\microsoft\microsoft antimalware\definition updates\{963b0ae5-de15-4df5-b7f3-a2f13a3f284a}\MpKsl83b6e377.sys [2012-5-22 29904]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1100000.088\symtdiv.sys [2011-12-9 338480]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2011-6-21 196912]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-18 909152]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-3-14 148800]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-3-14 491112]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20090829.001\BHDrvx86.sys [2011-12-9 506928]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1100000.088\Ironx86.sys [2011-12-9 114736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-15 136176]
S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.0.0.136\ccSvcHst.exe [2011-12-9 126392]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-15 2253120]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2011-11-25 257184]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-3-23 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2012-5-1 130976]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-15 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-8-16 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-16 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-15 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-05-22 20:23:0156200----a-w-c:\programdata\microsoft\windows defender\definition updates\{1cd05e98-61d5-404c-8cc3-2446dc22b29c}\offreg.dll
2012-05-22 20:21:296737808----a-w-c:\programdata\microsoft\windows defender\definition updates\{1cd05e98-61d5-404c-8cc3-2446dc22b29c}\mpengine.dll
2012-05-22 20:16:0456200----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{963b0ae5-de15-4df5-b7f3-a2f13a3f284a}\offreg.dll
2012-05-22 17:34:1229904----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{963b0ae5-de15-4df5-b7f3-a2f13a3f284a}\MpKsl83b6e377.sys
2012-05-22 17:03:356737808----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{963b0ae5-de15-4df5-b7f3-a2f13a3f284a}\mpengine.dll
2012-05-21 14:02:416737808------w-c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-05-13 20:02:26--------d-----w-c:\users\noor\appdata\roaming\GarenaPlus
2012-05-13 20:02:06--------d-----w-c:\programdata\GarenaMessenger
2012-05-12 19:52:40--------d-----w-c:\users\noor\appdata\roaming\Malwarebytes
2012-05-12 19:33:54--------d-----w-c:\programdata\Malwarebytes
2012-05-12 19:33:5322344----a-w-c:\windows\system32\drivers\mbam.sys
2012-05-12 19:33:53--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-05-12 16:29:102560----a-w-c:\windows\_MSRSTRT.EXE
2012-05-12 00:28:28242240----a-w-c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-12 00:28:20--------d-----w-c:\program files\DAEMON Tools Lite
2012-05-12 00:08:561291632----a-w-c:\windows\system32\drivers\tcpip.sys
2012-05-12 00:08:543968368----a-w-c:\windows\system32\ntkrnlpa.exe
2012-05-12 00:08:533913072----a-w-c:\windows\system32\ntoskrnl.exe
2012-05-12 00:08:532343424----a-w-c:\windows\system32\win32k.sys
2012-05-12 00:08:4856176----a-w-c:\windows\system32\drivers\partmgr.sys
2012-05-12 00:08:47936960----a-w-c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-12 00:08:46989184----a-w-c:\program files\windows journal\JNTFiltr.dll
2012-05-12 00:08:46969216----a-w-c:\program files\windows journal\JNWDRV.dll
2012-05-12 00:08:461221632----a-w-c:\program files\windows journal\NBDoc.DLL
2012-05-12 00:08:191077248----a-w-c:\windows\system32\DWrite.dll
2012-05-09 23:53:21--------d-----w-c:\program files\common files\Blizzard Entertainment
2012-05-07 22:36:32--------d-----w-c:\users\noor\appdata\local\{CB7F20FD-E6EE-43E1-8F7E-3405C77F1D9D}
2012-05-07 22:36:19--------d-----w-c:\users\noor\appdata\local\{B015C0AB-DE1F-4165-B104-667562C4CABF}
2012-05-07 16:09:01--------d-----w-c:\program files\common files\xing shared
2012-05-03 20:45:26--------d-----w-c:\users\noor\appdata\roaming\Spearit
2012-05-03 20:45:26--------d-----w-c:\programdata\Spearit
2012-05-03 20:45:24--------d-----w-c:\programdata\Laplink
2012-05-01 09:47:56--------d-----w-c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-05-01 09:47:56--------d-----w-c:\program files\Futuremark
2012-05-01 09:28:20--------d-----w-c:\users\noor\appdata\local\WinZip
2012-05-01 09:28:06--------d-----w-c:\users\noor\appdata\local\CRE
2012-04-29 18:39:21--------d-----w-c:\program files\Moozy
2012-04-26 05:23:2314744----a-w-c:\users\noor\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
.
==================== Find3M ====================
.
2012-05-22 02:12:40139128----a-w-c:\windows\system32\drivers\PnkBstrK.sys
2012-05-22 02:12:26215128----a-w-c:\windows\system32\PnkBstrB.xtr
2012-05-22 02:12:26215128----a-w-c:\windows\system32\PnkBstrB.exe
2012-05-07 16:14:3070304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-07 16:14:30426144----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-05-07 16:08:28499712----a-w-c:\windows\system32\msvcp71.dll
2012-05-07 16:08:28348160----a-w-c:\windows\system32\msvcr71.dll
2012-04-28 09:26:27772552----a-w-c:\windows\system32\npdeployJava1.dll
2012-04-28 09:26:27687560----a-w-c:\windows\system32\deployJava1.dll
2012-04-21 19:00:5484480----a-w-c:\windows\system32\EasyHook32.dll
2012-04-21 19:00:54109216----a-w-c:\windows\system32\EasyHook64.dll
2012-03-20 15:44:1274112----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 15:44:12171064----a-w-c:\windows\system32\drivers\MpFilter.sys
2012-03-08 13:50:2849016----a-w-c:\windows\system32\sirenacm.dll
2012-03-08 13:37:20302448----a-w-c:\windows\WLXPGSS.SCR
2012-03-08 13:32:2439272----a-w-c:\windows\system32\drivers\fssfltr.sys
2012-03-01 05:46:5719824----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37:41172544----a-w-c:\windows\system32\wintrust.dll
2012-03-01 05:33:23159232----a-w-c:\windows\system32\imagehlp.dll
2012-03-01 05:29:165120----a-w-c:\windows\system32\wmi.dll
2012-02-29 23:59:00881984----a-w-c:\windows\system32\nvgenco32.dll
2012-02-29 23:59:007713088----a-w-c:\windows\system32\nvwgf2um.dll
2012-02-29 23:59:0061248----a-w-c:\windows\system32\OpenCL.dll
2012-02-29 23:59:005892928----a-w-c:\windows\system32\nvcuda.dll
2012-02-29 23:59:002517312----a-w-c:\windows\system32\nvcuvid.dll
2012-02-29 23:59:002437440----a-w-c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59:002301248----a-w-c:\windows\system32\nvapi.dll
2012-02-29 23:59:0019444544----a-w-c:\windows\system32\nvoglv32.dll
2012-02-29 23:59:0017543488----a-w-c:\windows\system32\nvcompiler.dll
2012-02-29 23:59:0015009600----a-w-c:\windows\system32\nvd3dum.dll
2012-02-29 23:59:0010819392----a-w-c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59:001000256----a-w-c:\windows\system32\nvdispco32.dll
2012-02-29 20:56:413881792----a-w-c:\windows\system32\nvcpl.dll
2012-02-29 20:55:162719040----a-w-c:\windows\system32\nvsvc.dll
2012-02-29 20:53:47108352----a-w-c:\windows\system32\nvmctray.dll
2012-02-29 20:53:46645440----a-w-c:\windows\system32\nvvsvc.exe
2012-02-29 20:53:4662272----a-w-c:\windows\system32\nvshext.dll
2012-02-29 08:26:56416064----a-w-c:\windows\system32\nvStreaming.exe
2012-02-28 01:18:551799168----a-w-c:\windows\system32\jscript9.dll
2012-02-28 01:11:211427456----a-w-c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:071127424----a-w-c:\windows\system32\wininet.dll
2012-02-28 01:03:162382848----a-w-c:\windows\system32\mshtml.tlb
2012-02-23 05:18:36237072------w-c:\windows\system32\MpSigStub.exe
.
============= FINISH: 1:40:49.95 ===============

ace khan · May 22, 2012

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 15-Aug-11 3:20:08 PM
System Uptime: 22-May-12 11:20:07 PM (2 hours ago)
.
Motherboard: Intel Corporation | | DG41WV
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | PROCESSOR | 1580/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 103.793 GiB free.
D: is FIXED (NTFS) - 146 GiB total, 80.871 GiB free.
E: is FIXED (NTFS) - 173 GiB total, 55.817 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: BHDrvx86
Device ID: ROOT\LEGACY_BHDRVX86\0000
Manufacturer:
Name: BHDrvx86
PNP Device ID: ROOT\LEGACY_BHDRVX86\0000
Service: BHDrvx86
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Iron Driver
Device ID: ROOT\LEGACY_SYMIRON\0000
Manufacturer:
Name: Symantec Iron Driver
PNP Device ID: ROOT\LEGACY_SYMIRON\0000
Service: SymIRON
.
==== System Restore Points ===================
.
RP361: 13-May-12 10:17:39 PM - Scheduled Checkpoint
RP362: 14-May-12 12:34:22 AM - Windows Update
RP363: 18-May-12 3:24:38 AM - Windows Update
RP364: 21-May-12 7:02:09 PM - Windows Update
.
==== Installed Programs ======================
.
.
µTorrent
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
ATI Catalyst Install Manager
AVG 2012
Babylon toolbar on IE
Battlefield: Bad Company™ 2
Bing Bar
BrowserCompanion
CCleaner
Command & Conquer™ Red Alert™ 3
Compatibility Pack for the 2007 Office system
Conduit Engine
Coupon Printer for Windows
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
DiRT 3
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DriverIdentifier 3.9
F.E.A.R. 3
FIFA 11
FileHippo.com Update Checker
Free AVI Converter
Futuremark SystemInfo
Garena Plus
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP Deskjet 2050 J510 series Basic Device Software
HP Deskjet 2050 J510 series Help
HP Deskjet 2050 J510 series Product Improvement Study
HP Update
Intel(R) Integrator Assistant
Intel(R) Integrator Toolkit
Intel(R) Processor ID Utility
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 4
Junk Mail filter update
K-Lite Mega Codec Pack 8.6.0
Malwarebytes Anti-Malware version 1.61.0.1400
Medal of Honor
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Need for Speed™ Carbon
Nitro PDF Reader 2
Norton Internet Security
NVIDIA 3D Vision Controller Driver 296.10
NVIDIA Control Panel 296.10
NVIDIA Graphics Driver 296.10
NVIDIA HD Audio Driver 1.3.12.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Update 1.5.20
NVIDIA Update Components
OpenAL
PCmover
Portal 2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recuva
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Skype Click to Call
Skype™ 5.9
Speccy
System Requirements Lab for Intel
Tom Clancy's H.A.W.X
TP-LINK Wireless Client Utility
TypePad Blogging Services
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update Installer for WildTangent Games App
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.6195
ViewSonic Monitor Drivers
Virtua Tennis 4™
VLC media player 1.0.1
WildGames
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 beta 1 (32-bit)
WinZip 16.5
WinZipBar Toolbar
X7 Oscar Keyboard Editor
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
23-May-12 1:04:29 AM, Error: Service Control Manager [7024] - The HomeGroup Provider service terminated with service-specific error %%-2146959355.
22-May-12 9:54:25 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
22-May-12 9:54:25 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
22-May-12 9:52:27 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{F7A8368B-95C7-4BF8-9D00-A9526CF2BB8E} because another computer on the network has the same name. The server could not start.
22-May-12 9:52:27 PM, Error: NetBT [4321] - The name "NOOR-PC :20" could not be registered on the interface with IP address 192.168.2.101. The computer with the IP address 192.168.2.103 did not allow the name to be claimed by this computer.
22-May-12 9:52:27 PM, Error: NetBT [4321] - The name "NOOR-PC :0" could not be registered on the interface with IP address 192.168.2.101. The computer with the IP address 192.168.2.103 did not allow the name to be claimed by this computer.
22-May-12 9:52:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 SymIRON
22-May-12 9:52:23 PM, Error: Service Control Manager [7024] - The Norton Internet Security service terminated with service-specific error %%-1.
19-May-12 12:37:24 AM, Error: NetBT [4321] - The name "NOOR-PC :20" could not be registered on the interface with IP address 192.168.2.102. The computer with the IP address 192.168.2.103 did not allow the name to be claimed by this computer.
19-May-12 12:37:24 AM, Error: NetBT [4321] - The name "NOOR-PC :0" could not be registered on the interface with IP address 192.168.2.102. The computer with the IP address 192.168.2.103 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================

Broni · May 22, 2012

You're running two AV programs, AVG and MSE.
You must uninstall one of them.
If AVG use AVG Remover: http://www.avg.com/us-en/utilities

Next....

Download Bootkit Remover to your desktop.

Unzip downloaded file to your Desktop.
Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL+C
Open a Notepad and press CTRL+V
Post the output back here.

========================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

ace khan · May 22, 2012

I forgot to mention that I always get a blue screen usually when I play videos on youtube or other sites saying that "dumping of physical memory" and my system restarts itself. can you help me?

Broni · May 22, 2012

One thing at a time.
Continue with steps from my previous reply.

ace khan · May 22, 2012

I have tried all possible ways of uninstalling AVG link scanner, but somehow it wont uninstall and keep on reporting the same error again and again.

2012-05-22 21:15:13,561 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2012-05-22 21:15:13,570 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-05-22 21:15:13,570 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-05-22 21:15:13,570 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

rogramFilesDir (x86) value failed (error: e001003d)
2012-05-22 21:15:13,570 INFO Command line: "C:\Users\NOOR\Downloads\avg_remover_stf_x86_2012_2125.exe"
2012-05-22 21:15:13,571 WARN AvgDir param empty, but Remover found AvgDir at 'C:\Program Files\AVG\AVG2012\', use this path as default.
2012-05-22 21:15:13,571 WARN AvgDataDir param empty, but Remover found AvgDataDir at 'C:\ProgramData\AVG2012\', use this path as default.
2012-05-22 21:15:15,160 INFO AvgRemover runs in attempt number 1
2012-05-22 21:15:15,160 INFO Attempting to unregister AVG from the Windows Security Center.
2012-05-22 21:15:15,161 INFO Attempting to uninstall AVG Identity Protection.
2012-05-22 21:15:15,163 INFO Attempting to uninstall toolbar
2012-05-22 21:43:37,515 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2012-05-22 21:43:37,526 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-05-22 21:43:37,526 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-05-22 21:43:37,526 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

rogramFilesDir (x86) value failed (error: e001003d)
2012-05-22 21:43:37,526 INFO Command line: "C:\Users\NOOR\Downloads\avg_remover_stf_x86_2012_2125 (1).exe"
2012-05-22 21:43:37,526 WARN AvgDir param empty, but Remover found AvgDir at 'C:\Program Files\AVG\AVG2012\', use this path as default.
2012-05-22 21:43:37,526 WARN AvgDataDir param empty, but Remover found AvgDataDir at 'C:\ProgramData\AVG2012\', use this path as default.
2012-05-22 21:43:39,333 INFO AvgRemover runs in attempt number 1
2012-05-22 21:43:39,333 INFO Attempting to unregister AVG from the Windows Security Center.
2012-05-22 21:43:39,334 INFO Attempting to uninstall AVG Identity Protection.
2012-05-22 21:43:39,337 INFO Attempting to uninstall toolbar
2012-05-22 21:49:25,268 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2012-05-22 21:49:25,268 DEBUG Deleting stuck RunOnce value from registry.
2012-05-22 21:49:25,269 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-05-22 21:49:25,269 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-05-22 21:49:25,269 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

rogramFilesDir (x86) value failed (error: e001003d)
2012-05-22 21:49:25,269 INFO Command line: "C:\Users\NOOR\Downloads\avg_remover_stf_x86_2012_2125 (1).exe"
2012-05-22 21:49:25,269 WARN AvgDir param empty, but Remover found AvgDir at 'C:\Program Files\AVG\AVG2012\', use this path as default.
2012-05-22 21:49:25,269 WARN AvgDataDir param empty, but Remover found AvgDataDir at 'C:\ProgramData\AVG2012\', use this path as default.
2012-05-22 21:49:32,435 INFO AvgRemover runs in attempt number 1
2012-05-22 21:49:32,436 INFO Attempting to unregister AVG from the Windows Security Center.
2012-05-22 21:49:32,436 INFO Attempting to uninstall AVG Identity Protection.
2012-05-22 21:49:32,453 INFO Attempting to uninstall toolbar
2012-05-22 23:13:21,002 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2012-05-22 23:13:21,018 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-05-22 23:13:21,018 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-05-22 23:13:21,018 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

rogramFilesDir (x86) value failed (error: e001003d)
2012-05-22 23:13:21,018 INFO Command line: "C:\Users\NOOR\Downloads\avg_remover_stf_x86_2012_2125.exe" (1).exe /run_number=2 /avgdir="C:\Program Files\AVG\AVG2012\" /avgdatadir="C:\ProgramData\AVG2012\" /ndis_nextstep=1
2012-05-22 23:13:21,018 DEBUG AvgDir param set to C:\Program Files\AVG\AVG2012\.
2012-05-22 23:13:21,018 DEBUG AvgDataDir param set to C:\ProgramData\AVG2012\.
2012-05-22 23:13:21,018 INFO AvgRemover runs in attempt number 2
2012-05-22 23:13:21,018 INFO Attempting to uninstall AVG Identity Protection.
2012-05-22 23:13:21,018 INFO Attempting to uninstall toolbar
2012-05-23 00:37:22,189 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2012-05-23 00:37:22,204 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-05-23 00:37:22,204 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-05-23 00:37:22,204 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

rogramFilesDir (x86) value failed (error: e001003d)
2012-05-23 00:37:22,204 INFO Command line: "C:\Users\NOOR\Downloads\avg_remover_stf_x86_2012_2125.exe" /run_number=3 /avgdir="C:\Program Files\AVG\AVG2012\" /avgdatadir="C:\ProgramData\AVG2012\" /ndis_nextstep=1
2012-05-23 00:37:22,204 DEBUG AvgDir param set to C:\Program Files\AVG\AVG2012\.
2012-05-23 00:37:22,204 DEBUG AvgDataDir param set to C:\ProgramData\AVG2012\.
2012-05-23 00:37:22,204 INFO AvgRemover runs in attempt number 3
2012-05-23 00:37:22,204 INFO Attempting to uninstall AVG Identity Protection.
2012-05-23 00:37:22,236 INFO Attempting to uninstall toolbar
2012-05-23 02:25:55,603 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2012-05-23 02:25:55,603 DEBUG Deleting stuck RunOnce value from registry.
2012-05-23 02:25:55,603 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-05-23 02:25:55,603 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-05-23 02:25:55,603 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

rogramFilesDir (x86) value failed (error: e001003d)
2012-05-23 02:25:55,603 INFO Command line: "C:\Users\NOOR\Downloads\avg_remover_stf_x86_2012_2125.exe"
2012-05-23 02:25:55,603 WARN AvgDir param empty, but Remover found AvgDir at 'C:\Program Files\AVG\AVG2012\', use this path as default.
2012-05-23 02:25:55,603 WARN AvgDataDir param empty, but Remover found AvgDataDir at 'C:\ProgramData\AVG2012\', use this path as default.
2012-05-23 02:26:09,924 INFO AvgRemover runs in attempt number 1
2012-05-23 02:26:09,924 INFO Attempting to unregister AVG from the Windows Security Center.
2012-05-23 02:26:09,924 INFO Attempting to uninstall AVG Identity Protection.
2012-05-23 02:26:09,924 INFO Attempting to uninstall toolbar
2012-05-23 02:31:39,210 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2012-05-23 02:31:39,225 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-05-23 02:31:39,225 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-05-23 02:31:39,225 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

rogramFilesDir (x86) value failed (error: e001003d)
2012-05-23 02:31:39,225 INFO Command line: "C:\Users\NOOR\Downloads\avg_remover_stf_x86_2012_2125.exe" /run_number=2 /avgdir="C:\Program Files\AVG\AVG2012\" /avgdatadir="C:\ProgramData\AVG2012\" /ndis_nextstep=1
2012-05-23 02:31:39,225 DEBUG AvgDir param set to C:\Program Files\AVG\AVG2012\.
2012-05-23 02:31:39,225 DEBUG AvgDataDir param set to C:\ProgramData\AVG2012\.
2012-05-23 02:31:39,225 INFO AvgRemover runs in attempt number 2
2012-05-23 02:31:39,225 INFO Attempting to uninstall AVG Identity Protection.
2012-05-23 02:31:39,225 INFO Attempting to uninstall toolbar
2012-05-23 02:46:38,910 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2012-05-23 02:46:38,941 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-05-23 02:46:38,941 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-05-23 02:46:38,941 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

rogramFilesDir (x86) value failed (error: e001003d)
2012-05-23 02:46:38,941 INFO Command line: "C:\Users\NOOR\Downloads\avg_remover_stf_x86_2012_2125.exe" /run_number=3 /avgdir="C:\Program Files\AVG\AVG2012\" /avgdatadir="C:\ProgramData\AVG2012\" /ndis_nextstep=1
2012-05-23 02:46:38,941 DEBUG AvgDir param set to C:\Program Files\AVG\AVG2012\.
2012-05-23 02:46:38,941 DEBUG AvgDataDir param set to C:\ProgramData\AVG2012\.
2012-05-23 02:46:38,941 INFO AvgRemover runs in attempt number 3
2012-05-23 02:46:38,941 INFO Attempting to uninstall AVG Identity Protection.
2012-05-23 02:46:38,941 INFO Attempting to uninstall toolbar
2012-05-23 02:51:38,518 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2012-05-23 02:51:38,550 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-05-23 02:51:38,550 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-05-23 02:51:38,550 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

rogramFilesDir (x86) value failed (error: e001003d)
2012-05-23 02:51:38,550 INFO Command line: "C:\Users\NOOR\Downloads\avg_remover_stf_x86_2012_2125.exe" /run_number=4 /avgdir="C:\Program Files\AVG\AVG2012\" /avgdatadir="C:\ProgramData\AVG2012\" /ndis_nextstep=1
2012-05-23 02:51:38,550 DEBUG AvgDir param set to C:\Program Files\AVG\AVG2012\.
2012-05-23 02:51:38,550 DEBUG AvgDataDir param set to C:\ProgramData\AVG2012\.
2012-05-23 02:51:38,550 INFO AvgRemover runs in attempt number 4
2012-05-23 02:51:38,550 INFO Attempting to uninstall AVG Identity Protection.
2012-05-23 02:51:38,565 INFO Attempting to uninstall toolbar

Broni · May 22, 2012

As long as you uninstalled AVG using AVG Remover you're fine.
Go on...

ace khan · May 22, 2012

somehow I finally managed to remove AVG completely from the system.. here are the rest of the results..

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 32
-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

ace khan · May 22, 2012

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-23 08:26:44
-----------------------------
08:26:44.711 OS Version: Windows 6.1.7601 Service Pack 1
08:26:44.711 Number of processors: 2 586 0x170A
08:26:44.712 ComputerName: NOOR-PC UserName: NOOR
08:26:59.220 Initialize success
08:29:10.040 AVAST engine defs: 12052201
08:29:24.028 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-2
08:29:24.031 Disk 0 Vendor: ST3500413AS JC45 Size: 476940MB BusType: 3
08:29:24.046 Disk 0 MBR read successfully
08:29:24.049 Disk 0 MBR scan
08:29:24.056 Disk 0 Windows 7 default MBR code
08:29:24.061 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 150000 MB offset 2048
08:29:24.115 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 150000 MB offset 307202048
08:29:24.159 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 176938 MB offset 614402048
08:29:24.204 Disk 0 scanning sectors +976771072
08:29:24.327 Disk 0 scanning C:\Windows\system32\drivers
08:29:37.016 Service scanning
08:29:49.363 Service MpKsldc6bce66 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB53C9B1-2034-44B7-896A-217052D888F4}\MpKsldc6bce66.sys **LOCKED** 32
08:30:05.263 Modules scanning
08:30:11.915 Disk 0 trace - called modules:
08:30:11.932 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
08:30:11.936 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86066428]
08:30:11.940 3 CLASSPNP.SYS[8984c59e] -> nt!IofCallDriver -> [0x85b92750]
08:30:11.944 5 ACPI.sys[890bb3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-2[0x85b92030]
08:30:16.696 AVAST engine scan C:\Windows
08:30:19.021 AVAST engine scan C:\Windows\system32
08:33:50.472 AVAST engine scan C:\Windows\system32\drivers
08:34:05.696 AVAST engine scan C:\Users\NOOR
08:38:06.275 AVAST engine scan C:\ProgramData
08:40:39.895 Scan finished successfully
08:41:15.485 Disk 0 MBR has been saved successfully to "C:\Users\NOOR\Desktop\MBR.dat"
08:41:15.539 The log file has been saved successfully to "C:\Users\NOOR\Desktop\aswMBR.txt"

Broni · May 23, 2012

Those look fine.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

ace khan · May 23, 2012

ComboFix 12-05-23.01 - NOOR 23-May-12 19:49:51.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2044.1276 [GMT 5:00]
Running from: c:\users\NOOR\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\X7 Oscar Keyboard Editor\OscarEditor.exe
c:\users\NOOR\AppData\Local\TempDIR
c:\users\NOOR\AppData\Roaming\chrtmp
c:\windows\Fonts\browab.ttf
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-23 14:56 . 2012-05-23 14:56--------d-----w-c:\users\NOOR\AppData\Local\temp
2012-05-22 20:50 . 2012-05-08 16:406737808----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB53C9B1-2034-44B7-896A-217052D888F4}\mpengine.dll
2012-05-22 20:21 . 2012-05-14 20:436737808----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CD05E98-61D5-404C-8CC3-2446DC22B29C}\mpengine.dll
2012-05-21 14:02 . 2012-05-08 16:406737808----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-15 20:13 . 2012-05-15 20:13--------d-----w-c:\programdata\Yahoo!
2012-05-13 20:02 . 2012-05-22 23:14--------d-----w-c:\users\NOOR\AppData\Roaming\GarenaPlus
2012-05-13 20:02 . 2012-05-22 23:14--------d-----w-c:\programdata\GarenaMessenger
2012-05-12 19:52 . 2012-05-12 19:52--------d-----w-c:\users\NOOR\AppData\Roaming\Malwarebytes
2012-05-12 19:34 . 2012-05-12 19:34--------d-----w-c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-05-12 19:33 . 2012-05-12 19:33--------d-----w-c:\programdata\Malwarebytes
2012-05-12 19:33 . 2012-05-12 19:33--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-05-12 19:33 . 2012-04-04 10:5622344----a-w-c:\windows\system32\drivers\mbam.sys
2012-05-12 19:20 . 2012-05-12 19:20--------d-----w-c:\users\Administrator\AppData\Roaming\DAEMON Tools Lite
2012-05-12 16:29 . 2012-05-12 16:292560----a-w-c:\windows\_MSRSTRT.EXE
2012-05-12 00:28 . 2012-05-12 00:28242240----a-w-c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-12 00:28 . 2012-05-12 00:28--------d-----w-c:\program files\DAEMON Tools Lite
2012-05-12 00:08 . 2012-03-30 10:231291632----a-w-c:\windows\system32\drivers\tcpip.sys
2012-05-12 00:08 . 2012-03-31 04:393968368----a-w-c:\windows\system32\ntkrnlpa.exe
2012-05-12 00:08 . 2012-03-31 04:393913072----a-w-c:\windows\system32\ntoskrnl.exe
2012-05-12 00:08 . 2012-03-31 02:362343424----a-w-c:\windows\system32\win32k.sys
2012-05-12 00:08 . 2012-03-17 07:2756176----a-w-c:\windows\system32\drivers\partmgr.sys
2012-05-12 00:08 . 2012-03-31 04:29936960----a-w-c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 00:08 . 2012-03-31 04:301221632----a-w-c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 00:08 . 2012-03-31 04:29989184----a-w-c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 00:08 . 2012-03-31 04:29969216----a-w-c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 00:08 . 2012-03-03 05:311077248----a-w-c:\windows\system32\DWrite.dll
2012-05-09 23:53 . 2012-05-10 00:36--------d-----w-c:\program files\Common Files\Blizzard Entertainment
2012-05-07 16:09 . 2012-05-07 16:09--------d-----w-c:\program files\Common Files\xing shared
2012-05-03 20:45 . 2012-05-03 20:45--------d-----w-c:\users\NOOR\AppData\Roaming\Spearit
2012-05-03 20:45 . 2012-05-03 20:45--------d-----w-c:\users\Administrator\AppData\Roaming\Spearit
2012-05-03 20:45 . 2012-05-03 20:45--------d-----w-c:\programdata\Spearit
2012-05-03 20:45 . 2012-05-03 20:45--------d-----w-c:\programdata\Laplink
2012-05-01 09:47 . 2012-05-01 09:48--------d-----w-c:\program files\Futuremark
2012-05-01 09:47 . 2012-05-01 09:47--------d-----w-c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-05-01 09:28 . 2012-05-01 09:28--------d-----w-c:\users\NOOR\AppData\Local\WinZip
2012-05-01 09:28 . 2012-05-01 09:28--------d-----w-c:\users\NOOR\AppData\Local\CRE
2012-05-01 09:27 . 2012-05-01 09:27--------d-----w-c:\programdata\WinZip
2012-04-29 18:39 . 2012-04-29 18:39--------d-----w-c:\program files\Moozy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 02:12 . 2012-02-12 11:11139128----a-w-c:\windows\system32\drivers\PnkBstrK.sys
2012-05-22 02:12 . 2012-02-12 11:11215128----a-w-c:\windows\system32\PnkBstrB.exe
2012-05-22 02:12 . 2011-10-12 20:20215128----a-w-c:\windows\system32\PnkBstrB.xtr
2012-05-10 19:01 . 2011-10-12 17:30737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-05-10 19:01 . 2011-10-06 20:544283672----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-10 18:50 . 2011-10-06 20:5342776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-10 18:50 . 2011-10-21 13:37539984----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-07 16:14 . 2012-01-16 00:3770304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-07 16:14 . 2011-11-25 06:09426144----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-05-07 16:08 . 2011-12-06 22:00499712----a-w-c:\windows\system32\msvcp71.dll
2012-05-07 16:08 . 2011-12-06 22:00348160----a-w-c:\windows\system32\msvcr71.dll
2012-04-28 09:26 . 2012-01-03 14:15772552----a-w-c:\windows\system32\npdeployJava1.dll
2012-04-28 09:26 . 2011-11-16 05:40687560----a-w-c:\windows\system32\deployJava1.dll
2012-04-21 19:00 . 2012-04-21 19:0084480----a-w-c:\windows\system32\EasyHook32.dll
2012-04-21 19:00 . 2012-04-21 19:00109216----a-w-c:\windows\system32\EasyHook64.dll
2012-03-20 15:44 . 2011-04-27 10:2574112----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 15:44 . 2011-04-18 08:18171064----a-w-c:\windows\system32\drivers\MpFilter.sys
2012-03-15 02:15 . 2012-03-15 02:18713784------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B2B242B-8636-40E4-BA33-D65F64FC52C0}\gapaengine.dll
2012-03-08 13:50 . 2012-03-08 13:5049016----a-w-c:\windows\system32\sirenacm.dll
2012-03-08 13:37 . 2012-03-08 13:37302448----a-w-c:\windows\WLXPGSS.SCR
2012-03-08 13:32 . 2012-03-23 12:0539272----a-w-c:\windows\system32\drivers\fssfltr.sys
2012-03-01 05:46 . 2012-04-13 00:2919824----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-13 00:29172544----a-w-c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-13 00:29159232----a-w-c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 00:295120----a-w-c:\windows\system32\wmi.dll
2012-02-29 23:59 . 2012-03-14 14:5161248----a-w-c:\windows\system32\OpenCL.dll
2012-02-29 23:59 . 2012-03-14 14:515892928----a-w-c:\windows\system32\nvcuda.dll
2012-02-29 23:59 . 2012-03-14 14:512517312----a-w-c:\windows\system32\nvcuvid.dll
2012-02-29 23:59 . 2012-03-14 14:512437440----a-w-c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59 . 2012-03-14 14:5119444544----a-w-c:\windows\system32\nvoglv32.dll
2012-02-29 23:59 . 2012-03-14 14:5110819392----a-w-c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59 . 2012-03-14 14:5117543488----a-w-c:\windows\system32\nvcompiler.dll
2012-02-29 23:59 . 2011-11-16 05:36881984----a-w-c:\windows\system32\nvgenco32.dll
2012-02-29 23:59 . 2011-11-16 05:361000256----a-w-c:\windows\system32\nvdispco32.dll
2012-02-29 23:59 . 2011-05-21 01:017713088----a-w-c:\windows\system32\nvwgf2um.dll
2012-02-29 23:59 . 2011-05-21 01:012301248----a-w-c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2011-05-21 01:0115009600----a-w-c:\windows\system32\nvd3dum.dll
2012-02-29 20:56 . 2011-08-15 11:053881792----a-w-c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2011-08-15 11:052719040----a-w-c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2011-08-15 11:05108352----a-w-c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2011-08-15 11:05645440----a-w-c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2011-08-15 11:0562272----a-w-c:\windows\system32\nvshext.dll
2012-02-29 08:26 . 2012-02-29 08:26416064----a-w-c:\windows\system32\nvStreaming.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files\WinZipBar\prxtbWin0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
2011-10-27 09:25225584----a-w-c:\program files\BrowserCompanion\jsloader.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22176936----a-w-c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
2011-05-09 08:49176936----a-w-c:\program files\WinZipBar\prxtbWin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22176936----a-w-c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files\WinZipBar\prxtbWin0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}"= "c:\program files\WinZipBar\prxtbWin0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-15 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-18 893328]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-22 6591800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Browser companion helper"="c:\program files\BrowserCompanion\BCHelper.exe" [2011-12-16 187696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-14 9726568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-05-07 296056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-05-18 12:51893328----a-w-c:\program files\uTorrent\uTorrent.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" -osboot
.
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx86.sys [2009-08-30 506928]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1100000.088\Ironx86.SYS [2009-08-30 114736]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-15 136176]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257184]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 cpuz135;cpuz135;c:\users\NOOR\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
R3 EraserUtilDrv10920;EraserUtilDrv10920;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-15 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-01-17 148800]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-15 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1100000.088\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1100000.088\SYMEFA.SYS [2009-08-30 169008]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1100000.088\ccHPx86.sys [2009-08-24 501888]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-12 242240]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVix86.sys [2009-08-30 342576]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NIS\1100000.088\SYMTDIV.SYS [2009-08-30 338480]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2011-06-21 196912]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-01-18 909152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-11-23 491112]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-25 16:14]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-15 15:43]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-15 15:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.pk/
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{EDF53788-ACE8-4588-8686-B75F26FD4C7F}
uInternet Settings,ProxyServer = 192.168.1.4:8080
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.2.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKCU-Run-OscarEditor - c:\program files\X7 Oscar Keyboard Editor\\OscarEditor.exe
HKCU-Run-OscarKeyboard - c:\program files\X7 Oscar Keyboard Editor\OscarEditor.exe
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
MSConfigStartUp-Device Doctor - c:\program files\Device Doctor\DDLauncher.exe
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1654780193-2357526987-3854253030-1001\Software\SecuROM\License information*]
"datasecu"=hex:a0,0d,c7,c9,86,38,f8,9e,0e,82,26,95,e6,fb,58,49,bf,ba,fc,41,fa,
f9,d9,9d,54,e2,21,0c,20,e7,a1,b8,da,df,b8,f2,4e,45,81,2c,c5,45,8b,9d,39,3f,\
"rkeysecu"=hex:55,f9,78,e8,3f,f2,a0,72,dd,a6,1b,7f,7b,c1,30,4c
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-23 19:58:08
ComboFix-quarantined-files.txt 2012-05-23 14:58
.
Pre-Run: 110,606,536,704 bytes free
Post-Run: 110,805,635,072 bytes free
.
- - End Of File - - 42C0092908E3AA86CAD52A247990AC58

Broni · May 23, 2012

Looks good.

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

ace khan · May 23, 2012

computer is going good except for the same error again and again which says "bad image" {C:\windows\system32\MLANG.dll is either not designed to run on windows ot it contains an error}.

OTL Extras logfile created on: 24-May-12 4:49:41 AM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\NOOR\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.00 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.72% Memory free
3.99 Gb Paging File | 1.96 Gb Available in Paging File | 48.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.48 Gb Total Space | 99.89 Gb Free Space | 68.19% Space Free | Partition Type: NTFS
Drive D: | 146.48 Gb Total Space | 80.88 Gb Free Space | 55.21% Space Free | Partition Type: NTFS
Drive E: | 172.79 Gb Total Space | 57.19 Gb Free Space | 33.10% Space Free | Partition Type: NTFS

Computer Name: NOOR-PC | User Name: NOOR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{069860FE-BC2A-4CAF-987F-E33DF4F0B6F8}" = lport=137 | protocol=17 | dir=in | app=system |
"{081D3EAC-2AEF-4683-9424-64A19FFB44D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{16FBB949-F79E-4259-BBCD-4CDE097E3428}" = rport=138 | protocol=17 | dir=out | app=system |
"{1BFE1764-23D4-47E2-80D7-15DC11C93063}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2B812B23-692C-4FB1-A204-0CFBCF82FB1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{319A0D2C-34DF-4F21-9085-341B0AB54F0E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31BC2B38-3EB1-48DD-8198-1AAA3AC4F882}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{41A43F3A-072B-447E-85F9-A8736BE149C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{4594B757-3424-4B85-A78E-9740193C6731}" = rport=10243 | protocol=6 | dir=out | app=system |
"{503CD637-2EE9-47A6-97F6-4C6708AB57C0}" = lport=139 | protocol=6 | dir=in | app=system |
"{5062FD14-BB64-4C39-83BC-E623F9DE192C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{54E8A6D7-42E5-44A2-96CE-54286B8A57A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5DD7A980-20A3-4A7C-8C5E-03E65A4FE8E0}" = rport=445 | protocol=6 | dir=out | app=system |
"{64EC1FBB-B390-4CA4-A4FE-99E9A76E531C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71A8C4BB-9918-4000-A445-3704EAD5C3CA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75BC837F-B472-40E3-AED1-75A59B2CE652}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92A67671-2AA1-46C1-ADE7-C4060CA9B3A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4D48527-49FD-49CB-AA68-428F72932BE4}" = rport=137 | protocol=17 | dir=out | app=system |
"{C5B1BB9D-A035-48D4-9B00-B2C8D45A0DFC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{D218BB5A-6B19-4337-B485-5F262952B25F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D50E6EF2-208A-4364-B3BA-2377A77ECB86}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DD4C3797-B669-4498-AB6A-6482BF23A2CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5A961C2-6408-42E2-B64E-34264E637DF7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EF3BADF5-FC3C-497C-8672-151AE579EB0E}" = rport=139 | protocol=6 | dir=out | app=system |
"{FBB28609-F2A5-4465-BADF-2682538D915E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FFE24F06-2BB0-4ADF-8824-910EDE30A6B8}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EE4592-BD06-496A-8EE5-3B7E5EC65318}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B7DDE36-AFC7-4410-BD45-D0EEC2963D70}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{10136B44-8184-4FAA-BEB2-486F44735BA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{16075DEC-EA63-4946-AC9A-A923B0CD792E}" = protocol=17 | dir=in | app=d:\hawx\hawx\hawx_dx10.exe |
"{239C0DE1-247A-4EF3-9186-81CBEB21429F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25284F9A-2874-4EC0-8124-6FFB193DD7DF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{2BA4FAE1-F43F-4352-B5B5-942196A10FDB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{39E2EFC9-528D-4D63-A694-781D05449F62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3BBB045D-B6FD-4CF4-86F5-9B015F6E8E29}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3C95E6D1-8544-450C-B47F-AEDA4AA02897}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3EF546C8-9E92-49D9-8C75-068E1D888CF1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{437AD233-EAB6-4455-BA8D-6AE0537A17D4}" = protocol=17 | dir=in | app=d:\battlefield bc 2\bfbc2updater.exe |
"{4700EB65-3E8A-4B89-9BE8-CB36641D770D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4ACAFFCD-5944-4A2A-A613-448E847FE760}" = protocol=17 | dir=in | app=d:\medal of honor\medal of honor\binaries\moh.exe |
"{4F24A6ED-4FEF-4418-8E11-848E0675C562}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5044A356-53EC-4D75-BAC1-1DCC1A33BD31}" = protocol=6 | dir=in | app=d:\medal of honor\medal of honor\binaries\mohupdater.exe |
"{50F74E3A-193A-4CBB-BB70-F07912B9F627}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5CCA8294-F65C-444E-A74A-068346C1DA68}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5E96BB04-ED8B-4C07-BA4B-474701D33F8B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64A65830-2596-4948-A957-2A8EAC13A28C}" = protocol=6 | dir=in | app=d:\hawx\hawx\hawx.exe |
"{662A9CF0-6C68-4D83-9FBC-38E7A657099F}" = protocol=17 | dir=in | app=d:\hawx\hawx\hawx.exe |
"{692236DB-B04D-4EA9-AABA-09B7631E46DB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6DAF3DA8-8485-4719-921E-324CFEDB5C0B}" = protocol=6 | dir=in | app=d:\virtual tennis 4\vt4.exe |
"{7311A473-D399-4098-8136-3FEAFCEB150D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8172791C-7933-433B-8151-4154F769D49B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{818521C2-8834-4170-A0E3-3E147A5FE885}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8C3FCFB0-E76D-4B47-8397-BA54F5BF4C59}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{8E3A51E1-6396-4A1C-BD00-D220DFADCB2D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{90450C75-20A9-495A-BB23-269B9240AC45}" = protocol=6 | dir=in | app=d:\medal of honor\medal of honor\binaries\moh.exe |
"{91B0B827-1320-4BF3-B8AC-DF173C51FEE6}" = protocol=6 | dir=in | app=d:\hawx\hawx\hawx_dx10.exe |
"{93340FA3-C5FD-4042-AD90-37A8A7FFB4F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93CB74EE-081E-4C34-81AD-E8478A9FB15D}" = protocol=17 | dir=in | app=d:\virtual tennis 4\vt4.exe |
"{94E877BB-4508-4804-B81C-9078F1D25539}" = protocol=6 | dir=in | app=e:\pirated khan\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{96BA3FDD-5213-4F6C-8AE9-164B114B8408}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9EA781C2-87CC-409C-9C27-BB9003050A40}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{A219DE10-79E6-41FC-B6C5-1A6D5A5009D0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A43C3A30-27A8-4FB2-B155-6976DA9DE2D3}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A771BF1F-52BC-4426-94AE-5C893740E827}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B227845B-A744-499D-AAB2-1C1AC987539E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B59341CA-1063-47C9-BD82-F2D2C3E3A8A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8AF9813-3340-43C9-BD5B-245B66E83A6D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{BB381120-27DB-4F00-9851-238B3F431EBD}" = protocol=17 | dir=in | app=d:\dirt 3\dirt 3\dirt3_game.exe |
"{CA392492-9E8F-4E7B-BD54-F788C0AEC0E6}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{D7C3100D-A973-43AF-A4B1-1AA5D60ED602}" = protocol=17 | dir=in | app=e:\pirated khan\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{D9364177-AF4F-4517-BD57-38A1D29B23CC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{DB37E0FA-578A-4172-9FD7-FE43F92391BF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{DC38DE24-5DBC-41BF-9470-626F4960AB9D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DD75B8F2-0418-4B6F-A8F3-FDD87D37B853}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E4E89196-7A49-4C3B-A98D-6DA752383199}" = protocol=6 | dir=in | app=d:\dirt 3\dirt 3\dirt3_game.exe |
"{F0B3EA72-E014-4F27-A358-3615C380DCAD}" = protocol=6 | dir=out | app=system |
"{F0BC686C-561E-4BD8-9AD1-BA172626A4B9}" = protocol=17 | dir=in | app=d:\medal of honor\medal of honor\binaries\mohupdater.exe |
"{FB04CB3A-AB30-4E08-855D-C79A0C25DE56}" = protocol=6 | dir=in | app=d:\battlefield bc 2\bfbc2updater.exe |
"TCP Query User{1BCCE9E7-A4BA-4577-80CA-1E0DB036489C}D:\fear 3\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=d:\fear 3\f.e.a.r. 3\f.e.a.r. 3.exe |
"TCP Query User{25263E1B-4E5A-4562-9CE0-B142B79BF6E4}D:\hawx\hawx\hawx_dx10.exe" = protocol=6 | dir=in | app=d:\hawx\hawx\hawx_dx10.exe |
"TCP Query User{278D1D39-A745-4D46-877A-37CE0A61452C}H:\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=h:\counter-strike 1.6\hl.exe |
"TCP Query User{28A70F98-3F07-4EDA-8F76-623DE57A498A}D:\portal 2\portal 2\portal 2\portal2.exe" = protocol=6 | dir=in | app=d:\portal 2\portal 2\portal 2\portal2.exe |
"TCP Query User{3FD5885A-25A0-4AC6-9C26-50FB63B1B970}C:\program files\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files\garena plus\room\garena_room.exe |
"TCP Query User{46D76BC3-60B8-42D8-9B17-DE9A0FF780F2}D:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\warcraft iii\war3.exe |
"TCP Query User{591AF7BC-7CD9-424F-82D9-EE612CDCB9D5}E:\pirated khan\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\pirated khan\warcraft iii\war3.exe |
"TCP Query User{5C20B1BF-2E40-4429-9109-8A798C9984C0}I:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=I:\warcraft iii\war3.exe |
"TCP Query User{737CC595-3BA9-4B9F-B183-CA6EC7DB4DAD}D:\hawx\hawx\hawx.exe" = protocol=6 | dir=in | app=d:\hawx\hawx\hawx.exe |
"TCP Query User{760B5B47-EE86-4742-A13E-9E0D1F79E77B}D:\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\counter-strike 1.6\hl.exe |
"TCP Query User{D3356E18-C795-44F8-A93C-A47D725CC650}C:\program files\electronic arts\need for speed carbon\nfsc.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed carbon\nfsc.exe |
"TCP Query User{D49FB695-7B16-4BC5-BA98-44E455C924BD}D:\sh3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=d:\sh3\bin\win32_release\stronghold3.exe |
"TCP Query User{F0CFDE85-4585-4D7E-892D-AC0D64176040}C:\program files\laplink\pcmover\pcmover.exe" = protocol=6 | dir=in | app=c:\program files\laplink\pcmover\pcmover.exe |
"TCP Query User{F6E440C0-6512-43DB-86FB-FA304A7530E4}D:\counter-strike 1.6\hltv.exe" = protocol=6 | dir=in | app=d:\counter-strike 1.6\hltv.exe |
"UDP Query User{0AA5F0ED-8175-4D7F-A418-1636D73F07A0}D:\portal 2\portal 2\portal 2\portal2.exe" = protocol=17 | dir=in | app=d:\portal 2\portal 2\portal 2\portal2.exe |
"UDP Query User{1774F48B-1FAE-4376-9C43-F214BE73471B}D:\hawx\hawx\hawx_dx10.exe" = protocol=17 | dir=in | app=d:\hawx\hawx\hawx_dx10.exe |
"UDP Query User{3961AEFE-F159-4510-958B-E5D245EAF184}D:\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\counter-strike 1.6\hl.exe |
"UDP Query User{3F9908C7-54A2-4391-9735-ED9C7D5AA54E}C:\program files\laplink\pcmover\pcmover.exe" = protocol=17 | dir=in | app=c:\program files\laplink\pcmover\pcmover.exe |
"UDP Query User{497602CF-4CB7-4D6E-9B87-1C841DE1857C}C:\program files\electronic arts\need for speed carbon\nfsc.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed carbon\nfsc.exe |
"UDP Query User{557DCEA0-8035-4F29-989E-76A9AA8FC554}D:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\warcraft iii\war3.exe |
"UDP Query User{676FEFDE-07DA-4E2F-AA1B-1CC2FBDF6A72}D:\fear 3\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=d:\fear 3\f.e.a.r. 3\f.e.a.r. 3.exe |
"UDP Query User{A15FA19F-1529-4E9F-A301-3D0FDBEF4D7F}C:\program files\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files\garena plus\room\garena_room.exe |
"UDP Query User{A2AECDE2-7FC5-4F07-952E-C307AABEACB2}H:\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=h:\counter-strike 1.6\hl.exe |
"UDP Query User{AB87B100-BD27-406D-A1C2-9892F8A9E35D}I:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=I:\warcraft iii\war3.exe |
"UDP Query User{B371AC05-E2D5-44AC-B4B7-2986CDA68EC5}D:\counter-strike 1.6\hltv.exe" = protocol=17 | dir=in | app=d:\counter-strike 1.6\hltv.exe |
"UDP Query User{BCC2E4D8-5F22-4BC7-8BA0-773680FAC3F8}E:\pirated khan\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\pirated khan\warcraft iii\war3.exe |
"UDP Query User{D882B1FB-D1A0-4792-91F1-65B6162C9586}D:\hawx\hawx\hawx.exe" = protocol=17 | dir=in | app=d:\hawx\hawx\hawx.exe |
"UDP Query User{FD4AE232-13BD-4592-956D-7E99B331E74E}D:\sh3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=d:\sh3\bin\win32_release\stronghold3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E202730-41DE-479B-9AE3-63EE685766C4}" = SlimCleaner
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CE76936-BE60-414E-8031-8544B2E52036}" = Intel(R) Integrator Assistant
"{1E58B969-9BB4-4012-8D8B-D06005D1CD24}" = TP-LINK Wireless Client Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A274D69-F9BB-4AA9-85C9-440FA947DF04}_is1" = Medal of Honor
"{5E8F43F2-9DC1-4C82-9867-79199E3C0B9B}" = PCmover
"{63FBED9C-D995-47DC-A12D-843C570377DC}" = SlimDrivers
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{705D6406-AA83-4BBD-8036-EEB4A1F69B5B}" = X7 Oscar Keyboard Editor
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A34773-F701-46E1-9414-657F35391413}" = SlimComputer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{850DA472-9981-5D13-9C1A-118B6DF47DFF}" = ATI Catalyst Install Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{88FD4472-F950-4083-A6FA-A829AC785B04}" = HP Deskjet 2050 J510 series Product Improvement Study
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A67B3991-7226-404B-B5F6-71962D3F2376}" = Intel(R) Integrator Toolkit
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5712598-E05C-4B51-B97B-66A2EBC80170}" = Intel(R) Desktop Utilities
"{D7716C7E-75F1-4C51-A2D5-C6A1E8311D53}" = HP Deskjet 2050 J510 series Basic Device Software
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDEC1AF0-0C66-43B2-A0FC-A82648E8D36A}" = Nitro PDF Reader 2
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2ADCCAE-CC16-45F8-8688-FFC79543AF41}" = TypePad Blogging Services
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG Secure Search" = AVG Security Toolbar
"BrowserCompanion" = BrowserCompanion
"CCleaner" = CCleaner
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"conduitEngine" = Conduit Engine
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"F.E.A.R. 3_is1" = F.E.A.R. 3
"FileHippo.com" = FileHippo.com Update Checker
"Free AVI Converter_is1" = Free AVI Converter
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GFWL_{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™
"im" = Garena Plus
"InstallShield_{705D6406-AA83-4BBD-8036-EEB4A1F69B5B}" = X7 Oscar Keyboard Editor
"InstallShield_{D5712598-E05C-4B51-B97B-66A2EBC80170}" = Intel(R) Desktop Utilities
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.6.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NIS" = Norton Internet Security
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Postal 2_is1" = Portal 2
"RealPlayer 15.0" = RealPlayer
"Recuva" = Recuva
"SMBus" = Intel(R) SMBus
"Speccy" = Speccy
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 1.0.1
"WildTangent wildgames Master Uninstall" = WildGames
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 beta 2 (32-bit)
"WinZipBar Toolbar" = WinZipBar Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1654780193-2357526987-3854253030-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18-Feb-12 5:13:37 PM | Computer Name = NOOR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: daemonu.exe, version: 1.5.20.0, time stamp:
0x4e99198a Faulting module name: daemonu.exe, version: 1.5.20.0, time stamp: 0x4e99198a
Exception
code: 0xc000000d Fault offset: 0x0005f315 Faulting process id: 0x1578 Faulting application
start time: 0x01ccee822c4a1164 Faulting application path: C:\Program Files\NVIDIA
Corporation\NVIDIA Updatus\daemonu.exe Faulting module path: C:\Program Files\NVIDIA
Corporation\NVIDIA Updatus\daemonu.exe Report Id: 6b94cbb3-5a75-11e1-8ad1-f3506ddb3611

Error - 18-Feb-12 5:36:07 PM | Computer Name = NOOR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hl.exe, version: 1.1.1.1, time stamp: 0x3fd11900
Faulting
module name: serverbrowser.dll_unloaded, version: 0.0.0.0, time stamp: 0x42f19fab
Exception
code: 0xc0000005 Fault offset: 0x0be2e290 Faulting process id: 0x12bc Faulting application
start time: 0x01ccee8545093d3c Faulting application path: D:\Counter-Strike 1.6\hl.exe
Faulting
module path: serverbrowser.dll Report Id: 9088bcc0-5a78-11e1-8ad1-f3506ddb3611

Error - 19-Feb-12 3:39:06 AM | Computer Name = NOOR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: daemonu.exe, version: 1.5.20.0, time stamp:
0x4e99198a Faulting module name: daemonu.exe, version: 1.5.20.0, time stamp: 0x4e99198a
Exception
code: 0xc000000d Fault offset: 0x0005f315 Faulting process id: 0x1690 Faulting application
start time: 0x01cceed98ec15a57 Faulting application path: C:\Program Files\NVIDIA
Corporation\NVIDIA Updatus\daemonu.exe Faulting module path: C:\Program Files\NVIDIA
Corporation\NVIDIA Updatus\daemonu.exe Report Id: cd015b51-5acc-11e1-9164-a931b02a4302

Error - 19-Feb-12 7:05:36 AM | Computer Name = NOOR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: daemonu.exe, version: 1.5.20.0, time stamp:
0x4e99198a Faulting module name: daemonu.exe, version: 1.5.20.0, time stamp: 0x4e99198a
Exception
code: 0xc000000d Fault offset: 0x0005f315 Faulting process id: 0x1360 Faulting application
start time: 0x01cceef667b026c9 Faulting application path: C:\Program Files\NVIDIA
Corporation\NVIDIA Updatus\daemonu.exe Faulting module path: C:\Program Files\NVIDIA
Corporation\NVIDIA Updatus\daemonu.exe Report Id: a6296801-5ae9-11e1-90a9-aae51892de02

Error - 19-Feb-12 2:42:26 PM | Computer Name = NOOR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: daemonu.exe, version: 1.5.20.0, time stamp:
0x4e99198a Faulting module name: daemonu.exe, version: 1.5.20.0, time stamp: 0x4e99198a
Exception
code: 0xc000000d Fault offset: 0x0005f315 Faulting process id: 0x1078 Faulting application
start time: 0x01ccef3638e6735c Faulting application path: C:\Program Files\NVIDIA
Corporation\NVIDIA Updatus\daemonu.exe Faulting module path: C:\Program Files\NVIDIA
Corporation\NVIDIA Updatus\daemonu.exe Report Id: 77cae221-5b29-11e1-8fca-d22a09f52b0b

Error - 19-Feb-12 4:08:17 PM | Computer Name = NOOR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: daemonu.exe, version: 1.5.20.0, time stamp:
0x4e99198a Faulting module name: daemonu.exe, version: 1.5.20.0, time stamp: 0x4e99198a
Exception
code: 0xc000000d Fault offset: 0x0005f315 Faulting process id: 0x11ac Faulting application
start time: 0x01ccef4236b1be61 Faulting application path: C:\Program Files\NVIDIA
Corporation\NVIDIA Updatus\daemonu.exe Faulting module path: C:\Program Files\NVIDIA
Corporation\NVIDIA Updatus\daemonu.exe Report Id: 76072708-5b35-11e1-89f7-b41ad8add502

Error - 19-Feb-12 4:16:12 PM | Computer Name = NOOR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: daemonu.exe, version: 1.5.20.0, time stamp:
0x4e99198a Faulting module name: daemonu.exe, version: 1.5.20.0, time stamp: 0x4e99198a
Exception
code: 0xc000000d Fault offset: 0x0005f315 Faulting process id: 0x1128 Faulting application
start time: 0x01ccef4352b18aef Faulting application path: C:\Program Files\NVIDIA
Corporation\NVIDIA Updatus\daemonu.exe Faulting module path: C:\Program Files\NVIDIA
Corporation\NVIDIA Updatus\daemonu.exe Report Id: 90e68f5c-5b36-11e1-bfda-c669de36b115

Error - 19-Feb-12 8:06:48 PM | Computer Name = NOOR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: daemonu.exe, version: 1.5.20.0, time stamp:
0x4e99198a Faulting module name: daemonu.exe, version: 1.5.20.0, time stamp: 0x4e99198a
Exception
code: 0xc000000d Fault offset: 0x0005f315 Faulting process id: 0x15b8 Faulting application
start time: 0x01ccef63894099b6 Faulting application path: C:\Program Files\NVIDIA
Corporation\NVIDIA Updatus\daemonu.exe Faulting module path: C:\Program Files\NVIDIA
Corporation\NVIDIA Updatus\daemonu.exe Report Id: c81141f1-5b56-11e1-9043-c37db7a3ff02

Error - 19-Feb-12 8:50:18 PM | Computer Name = NOOR-PC | Source = Application Hang | ID = 1002
Description = The program DivX Plus Player.exe version 10.3.1.350 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 9a8 Start
Time: 01ccef69758bd48e Termination Time: 13 Application Path: C:\Program Files\DivX\DivX
Plus Player\DivX Plus Player.exe Report Id: d809de60-5b5c-11e1-9043-c37db7a3ff02

Error - 19-Feb-12 10:26:04 PM | Computer Name = NOOR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: daemonu.exe, version: 1.5.20.0, time stamp:
0x4e99198a Faulting module name: daemonu.exe, version: 1.5.20.0, time stamp: 0x4e99198a
Exception
code: 0xc000000d Fault offset: 0x0005f315 Faulting process id: 0xe88 Faulting application
start time: 0x01ccef76fcd79fd6 Faulting application path: C:\Program Files\NVIDIA
Corporation\NVIDIA Updatus\daemonu.exe Faulting module path: C:\Program Files\NVIDIA
Corporation\NVIDIA Updatus\daemonu.exe Report Id: 3c5b7b2d-5b6a-11e1-b6dd-d6327ba8f602

[ Media Center Events ]
Error - 19-May-12 6:03:44 AM | Computer Name = NOOR-PC | Source = MCUpdate | ID = 0
Description = 3:03:42 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 19-May-12 7:03:56 AM | Computer Name = NOOR-PC | Source = MCUpdate | ID = 0
Description = 4:03:55 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 19-May-12 12:39:28 PM | Computer Name = NOOR-PC | Source = MCUpdate | ID = 0
Description = 9:39:28 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 20-May-12 6:22:49 AM | Computer Name = NOOR-PC | Source = MCUpdate | ID = 0
Description = 3:22:45 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 20-May-12 3:09:27 PM | Computer Name = NOOR-PC | Source = MCUpdate | ID = 0
Description = 12:09:27 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 21-May-12 9:57:01 AM | Computer Name = NOOR-PC | Source = MCUpdate | ID = 0
Description = 6:57:01 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 21-May-12 12:28:15 PM | Computer Name = NOOR-PC | Source = MCUpdate | ID = 0
Description = 9:28:15 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 22-May-12 1:00:00 PM | Computer Name = NOOR-PC | Source = MCUpdate | ID = 0
Description = 10:00:00 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 23-May-12 10:37:04 AM | Computer Name = NOOR-PC | Source = MCUpdate | ID = 0
Description = 7:37:00 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 23-May-12 12:39:06 PM | Computer Name = NOOR-PC | Source = MCUpdate | ID = 0
Description = 9:39:06 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

[ System Events ]
Error - 23-May-12 3:21:32 PM | Computer Name = NOOR-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86 SymIRON

Error - 23-May-12 3:21:52 PM | Computer Name = NOOR-PC | Source = Microsoft-Windows-FunctionDiscoveryHost | ID = 1000
Description = Registration of the provider WSDiscoveryProvider failed with the following
error: 2147942593.

Error - 23-May-12 3:23:33 PM | Computer Name = NOOR-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1326 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 23-May-12 3:23:33 PM | Computer Name = NOOR-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 23-May-12 3:23:52 PM | Computer Name = NOOR-PC | Source = DCOM | ID = 10010
Description =

Error - 23-May-12 3:27:52 PM | Computer Name = NOOR-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Provider service terminated with service-specific error
%%-2146959355.

Error - 23-May-12 3:54:31 PM | Computer Name = NOOR-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1326 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 23-May-12 3:54:31 PM | Computer Name = NOOR-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 23-May-12 7:53:24 PM | Computer Name = NOOR-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 23-May-12 7:53:27 PM | Computer Name = NOOR-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

< End of report >

ace khan · May 23, 2012

OTL logfile created on: 24-May-12 4:49:41 AM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\NOOR\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.00 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.72% Memory free
3.99 Gb Paging File | 1.96 Gb Available in Paging File | 48.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.48 Gb Total Space | 99.89 Gb Free Space | 68.19% Space Free | Partition Type: NTFS
Drive D: | 146.48 Gb Total Space | 80.88 Gb Free Space | 55.21% Space Free | Partition Type: NTFS
Drive E: | 172.79 Gb Total Space | 57.19 Gb Free Space | 33.10% Space Free | Partition Type: NTFS

Computer Name: NOOR-PC | User Name: NOOR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-05-24 04:48:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\NOOR\Downloads\OTL.exe
PRC - [2012-05-24 00:30:28 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012-05-24 00:29:32 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012-05-18 17:51:45 | 000,893,328 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012-05-15 14:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012-05-15 14:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012-05-01 12:55:50 | 026,646,368 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe
PRC - [2012-03-26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012-01-03 18:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-11-10 10:49:56 | 000,124,616 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe
PRC - [2011-11-10 10:49:52 | 001,632,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Intel Desktop Utilities\iptray.exe
PRC - [2011-06-21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2011-03-28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011-02-25 10:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 17:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (No Company Name) ==========

MOD - [2012-05-24 00:30:28 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012-05-24 00:29:33 | 000,132,664 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012-05-21 16:50:21 | 000,437,272 | ---- | M] () -- C:\Users\NOOR\AppData\Local\Google\Chrome\Application\21.0.1145.0\ppgooglenaclpluginchrome.dll
MOD - [2012-05-21 16:50:18 | 003,988,504 | ---- | M] () -- C:\Users\NOOR\AppData\Local\Google\Chrome\Application\21.0.1145.0\pdf.dll
MOD - [2012-05-21 16:49:03 | 000,526,872 | ---- | M] () -- C:\Users\NOOR\AppData\Local\Google\Chrome\Application\21.0.1145.0\libglesv2.dll
MOD - [2012-05-21 16:49:02 | 000,104,984 | ---- | M] () -- C:\Users\NOOR\AppData\Local\Google\Chrome\Application\21.0.1145.0\libegl.dll
MOD - [2012-05-21 16:48:53 | 000,140,328 | ---- | M] () -- C:\Users\NOOR\AppData\Local\Google\Chrome\Application\21.0.1145.0\avutil-51.dll
MOD - [2012-05-21 16:48:51 | 000,262,184 | ---- | M] () -- C:\Users\NOOR\AppData\Local\Google\Chrome\Application\21.0.1145.0\avformat-54.dll
MOD - [2012-05-21 16:48:50 | 002,386,472 | ---- | M] () -- C:\Users\NOOR\AppData\Local\Google\Chrome\Application\21.0.1145.0\avcodec-54.dll
MOD - [2012-05-21 15:56:17 | 009,252,000 | ---- | M] () -- C:\Users\NOOR\AppData\Local\Google\Chrome\Application\21.0.1145.0\gcswf32.dll
MOD - [2012-02-22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010-01-21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010-01-09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Win32 Services (SafeList) ==========

SRV - [2012-05-24 00:29:32 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012-05-07 21:14:30 | 000,257,184 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-04-05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-03-26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012-01-03 18:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-11-10 10:49:56 | 000,124,616 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe -- (IduService) Intel(R)
SRV - [2011-11-10 10:47:08 | 000,061,440 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\FSC\FSCAppServ.exe -- (Intel(R) Desktop Boards FSC Application Service) Intel(R)
SRV - [2011-10-15 13:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-08-15 20:37:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011-06-21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011-04-01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011-03-28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011-03-01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010-10-12 22:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010-01-21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009-08-25 03:49:41 | 000,126,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe -- (NIS)
SRV - [2009-07-14 06:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 06:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 06:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys -- (EraserUtilDrv10920)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\NOOR\AppData\Local\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\NOOR\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012-05-24 01:07:39 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4BAA7AB3-F16E-4359-A318-073F021A0D3D}\MpKsl4a87922e.sys -- (MpKsl4a87922e)
DRV - [2012-05-24 00:21:38 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012-05-12 05:28:28 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-03-20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012-01-17 17:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011-12-09 21:18:44 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010-11-20 17:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 17:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 17:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 15:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 15:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010-11-20 14:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 14:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 14:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009-11-06 12:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009-08-30 05:17:21 | 000,338,480 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1100000.088\symtdiv.sys -- (SYMTDIv)
DRV - [2009-08-30 05:17:20 | 000,169,008 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1100000.088\SymEFA.sys -- (SymEFA)
DRV - [2009-08-30 05:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1100000.088\SymDS.sys -- (SymDS)
DRV - [2009-08-30 05:16:50 | 000,114,736 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NIS\1100000.088\Ironx86.sys -- (SymIRON)
DRV - [2009-08-30 05:16:46 | 000,342,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVix86.sys -- (IDSVix86)
DRV - [2009-08-30 05:16:41 | 000,506,928 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009-08-30 05:16:41 | 000,325,168 | R--- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1100000.088\srtsp.sys -- (SRTSP)
DRV - [2009-08-30 05:16:41 | 000,043,696 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1100000.088\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009-08-25 03:50:39 | 000,501,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1100000.088\ccHPx86.sys -- (ccHP)
DRV - [2000-01-01 05:00:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2000-01-01 05:00:00 | 000,022,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\intelsmb.sys -- (smbusp) Intel(R)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/cheatengine/{EDF53788-ACE8-4588-8686-B75F26FD4C7F}
IE - HKLM\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWin0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={988021...ad29f4135&lang=en&ds=ts022&pr=sa&d=2012-05-24 00:30:28&v=11.1.0.7&sap=hp
IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWin0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={sear...s_version=6.1-x86-SP1&iesrc={referrer:source}
IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...SP_ss&mntrId=f003de28000000000000f4ec38cd144d
IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\..\SearchScopes\{1F592872-D62A-48B5-A199-861C6BD8DA57}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ADRA_enPK445
IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...ad29f4135&lang=en&ds=ts022&pr=sa&d=2012-05-24 00:30:28&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/br...-ACE8-4588-8686-B75F26FD4C7F}?q={searchTerms}
IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.4:8080

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2012-03-15 07:29:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2012-03-15 07:29:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-10 10:23:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-05-07 21:08:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-05-07 21:08:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012-05-24 00:29:42 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\NOOR\AppData\Local\Google\Chrome\Application\21.0.1145.0\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\NOOR\AppData\Local\Google\Chrome\Application\21.0.1145.0\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\NOOR\AppData\Local\Google\Chrome\Application\21.0.1145.0\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\NOOR\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.132\pepflashplayer.dll
CHR - plugin: Chrome DAP extension (Enabled) = C:\Users\NOOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0\lib/npdapchrome.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\NOOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\NOOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.20 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - Extension: YouTube = C:\Users\NOOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: WinZipBar = C:\Users\NOOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgpnojibjokpoghebklhkdeijehkohhb\2.3.4.2_0\
CHR - Extension: Google Search = C:\Users\NOOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\NOOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\NOOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\NOOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\NOOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-05-23 19:56:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWin0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\..\Toolbar\WebBrowser: (WinZipBar Toolbar) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - C:\Program Files\WinZipBar\prxtbWin0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ipTray.exe] C:\Program Files\Intel\Intel Desktop Utilities\ipTray.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92B09FD1-FC25-460A-9BE3-3CF046240A95}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7A8368B-95C7-4BF8-9D00-A9526CF2BB8E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 02:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

ace khan · May 23, 2012

========== Files/Folders - Created Within 30 Days ==========

[2012-05-24 01:15:28 | 000,000,000 | ---D | C] -- C:\Users\NOOR\AppData\Local\{0FD03D79-2EDF-4448-922D-8BF3555759B4}
[2012-05-24 01:15:15 | 000,000,000 | ---D | C] -- C:\Users\NOOR\AppData\Local\{F7A3BA70-9467-44D2-8FBE-A14E69FC9950}
[2012-05-24 00:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012-05-24 00:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
[2012-05-24 00:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\SlimCleaner
[2012-05-24 00:29:46 | 000,000,000 | ---D | C] -- C:\Users\NOOR\AppData\Local\AVG Secure Search
[2012-05-24 00:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012-05-24 00:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012-05-24 00:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimComputer
[2012-05-24 00:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\SlimComputer
[2012-05-23 23:40:59 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012-05-23 23:22:16 | 000,000,000 | ---D | C] -- C:\Users\NOOR\AppData\Roaming\Intel
[2012-05-23 23:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012-05-23 23:01:57 | 000,000,000 | ---D | C] -- C:\Users\NOOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012-05-23 23:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012-05-23 22:53:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012-05-23 22:52:59 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012-05-23 22:52:59 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2012-05-23 22:52:58 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012-05-23 22:52:58 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012-05-23 22:52:58 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012-05-23 22:52:57 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012-05-23 22:52:56 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2012-05-23 22:52:55 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2012-05-23 22:52:55 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2012-05-23 22:52:52 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2012-05-23 22:52:52 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2012-05-23 22:52:52 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2012-05-23 22:52:52 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2012-05-23 22:52:51 | 007,161,696 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2012-05-23 22:52:51 | 000,351,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2012-05-23 22:52:51 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012-05-23 22:52:51 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012-05-23 22:52:51 | 000,103,776 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2012-05-23 22:52:51 | 000,088,928 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2012-05-23 22:52:51 | 000,062,304 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2012-05-23 22:52:49 | 000,350,552 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2012-05-23 22:52:48 | 007,783,768 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2012-05-23 22:52:48 | 001,099,096 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2012-05-23 22:52:43 | 001,836,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012-05-23 22:52:42 | 000,693,592 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll
[2012-05-23 22:52:40 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2012-05-23 22:52:39 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012-05-23 22:52:38 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2012-05-23 22:52:38 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012-05-23 22:52:31 | 002,190,400 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012-05-23 22:52:31 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2012-05-23 22:52:31 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2012-05-23 22:52:31 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2012-05-23 22:52:31 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2012-05-23 22:52:31 | 000,421,744 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2012-05-23 22:52:31 | 000,398,192 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2012-05-23 22:52:31 | 000,335,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2012-05-23 22:52:30 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2012-05-23 22:52:30 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2012-05-23 22:52:30 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2012-05-23 22:52:30 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2012-05-23 22:52:30 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2012-05-23 22:52:30 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2012-05-23 22:52:30 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2012-05-23 22:52:30 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2012-05-23 22:43:34 | 000,000,000 | ---D | C] -- C:\Users\NOOR\AppData\Local\SlimWare Utilities Inc
[2012-05-23 22:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2012-05-23 22:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\SlimDrivers
[2012-05-23 22:43:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012-05-23 19:58:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-05-23 19:58:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-05-23 19:58:09 | 000,000,000 | ---D | C] -- C:\Users\NOOR\AppData\Local\temp
[2012-05-23 19:48:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-05-23 19:48:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-05-23 19:48:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-05-23 19:48:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012-05-23 19:48:31 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012-05-23 19:43:47 | 004,502,778 | R--- | C] (Swearware) -- C:\Users\NOOR\Desktop\ComboFix.exe
[2012-05-23 01:15:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-05-16 01:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012-05-16 01:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012-05-14 01:02:26 | 000,000,000 | ---D | C] -- C:\Users\NOOR\AppData\Roaming\GarenaPlus
[2012-05-14 01:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\GarenaMessenger
[2012-05-13 00:52:40 | 000,000,000 | ---D | C] -- C:\Users\NOOR\AppData\Roaming\Malwarebytes
[2012-05-13 00:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-05-13 00:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-05-13 00:33:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-05-13 00:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-05-12 05:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012-05-12 05:28:28 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012-05-12 05:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012-05-10 04:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2012-05-10 04:53:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2012-05-08 03:36:32 | 000,000,000 | ---D | C] -- C:\Users\NOOR\AppData\Local\{CB7F20FD-E6EE-43E1-8F7E-3405C77F1D9D}
[2012-05-08 03:36:19 | 000,000,000 | ---D | C] -- C:\Users\NOOR\AppData\Local\{B015C0AB-DE1F-4165-B104-667562C4CABF}
[2012-05-07 21:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012-05-07 21:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012-05-04 01:45:26 | 000,000,000 | ---D | C] -- C:\Users\NOOR\AppData\Roaming\Spearit
[2012-05-04 01:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spearit
[2012-05-04 01:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Laplink
[2012-05-01 14:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
[2012-05-01 14:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\Futuremark
[2012-05-01 14:28:20 | 000,000,000 | ---D | C] -- C:\Users\NOOR\AppData\Local\WinZip
[2012-05-01 14:28:06 | 000,000,000 | ---D | C] -- C:\Users\NOOR\AppData\Local\CRE
[2012-05-01 14:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012-05-01 14:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012-05-01 14:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012-04-29 23:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\Moozy
[2012-04-26 10:23:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-05-24 04:47:09 | 000,045,270 | ---- | M] () -- C:\Users\NOOR\AppData\Roaming\room_v3.dat
[2012-05-24 04:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-05-24 04:16:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-05-24 00:29:50 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\SlimCleaner.lnk
[2012-05-24 00:28:35 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-05-24 00:28:35 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-05-24 00:28:12 | 000,002,457 | ---- | M] () -- C:\Users\Public\Desktop\SlimComputer.lnk
[2012-05-24 00:25:55 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-05-24 00:25:55 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-05-24 00:21:55 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012-05-24 00:21:38 | 000,011,232 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012-05-24 00:21:35 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-05-24 00:21:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-05-24 00:21:11 | 1607,143,424 | -HS- | M] () -- C:\hiberfil.sys
[2012-05-23 23:21:45 | 000,410,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-05-23 23:20:06 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\Intel(R) Desktop Utilities.lnk
[2012-05-23 23:03:34 | 000,002,562 | ---- | M] () -- C:\Users\NOOR\Desktop\Google Chrome.lnk
[2012-05-23 22:43:20 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2012-05-23 19:56:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-05-23 19:45:33 | 004,502,778 | R--- | M] (Swearware) -- C:\Users\NOOR\Desktop\ComboFix.exe
[2012-05-23 08:41:15 | 000,000,512 | ---- | M] () -- C:\Users\NOOR\Desktop\MBR.dat
[2012-05-22 07:12:40 | 000,139,128 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012-05-22 07:12:26 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012-05-16 01:13:46 | 000,001,135 | ---- | M] () -- C:\Users\NOOR\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012-05-16 01:13:46 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012-05-14 22:22:32 | 000,001,043 | ---- | M] () -- C:\Users\NOOR\Desktop\Garena Plus.lnk
[2012-05-13 00:50:29 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012-05-13 00:33:56 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-05-13 00:29:47 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-05-12 21:29:11 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2012-05-12 05:29:09 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012-05-12 05:28:28 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012-05-07 21:09:13 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012-05-07 21:08:33 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012-05-01 14:27:15 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012-04-28 14:24:35 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-05-24 00:29:50 | 000,002,455 | ---- | C] () -- C:\Users\Public\Desktop\SlimCleaner.lnk
[2012-05-24 00:28:12 | 000,002,457 | ---- | C] () -- C:\Users\Public\Desktop\SlimComputer.lnk
[2012-05-23 23:20:06 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\Intel(R) Desktop Utilities.lnk
[2012-05-23 22:52:52 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012-05-23 22:43:39 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012-05-23 22:43:35 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012-05-23 22:43:20 | 000,002,455 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2012-05-23 19:48:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-05-23 19:48:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-05-23 19:48:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-05-23 19:48:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-05-23 19:48:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-05-23 08:41:15 | 000,000,512 | ---- | C] () -- C:\Users\NOOR\Desktop\MBR.dat
[2012-05-16 01:13:46 | 000,001,135 | ---- | C] () -- C:\Users\NOOR\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012-05-16 01:13:46 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012-05-14 22:22:32 | 000,001,043 | ---- | C] () -- C:\Users\NOOR\Desktop\Garena Plus.lnk
[2012-05-13 00:50:29 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012-05-13 00:33:56 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-05-12 21:29:10 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012-05-12 05:29:09 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012-05-07 21:09:13 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012-05-01 14:27:15 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012-04-29 17:01:36 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012-04-22 00:00:53 | 000,109,216 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2012-04-22 00:00:53 | 000,084,480 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2012-04-17 10:00:45 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012-03-14 19:34:11 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012-03-12 06:46:21 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012-02-29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012-02-15 13:15:15 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012-02-12 16:11:43 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012-02-12 16:11:35 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012-02-12 16:11:23 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011-10-20 09:32:32 | 000,000,982 | ---- | C] () -- C:\Windows\eReg.dat
[2011-09-27 01:57:23 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2011-08-16 16:44:36 | 000,045,270 | ---- | C] () -- C:\Users\NOOR\AppData\Roaming\room_v3.dat
[2011-08-16 04:49:59 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011-08-16 04:48:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

========== LOP Check ==========

[2011-10-13 00:35:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Command and Conquer 4
[2012-05-13 00:20:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2012-04-21 13:54:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GarenaPlus
[2012-05-04 01:45:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spearit
[2012-05-13 00:48:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2011-11-18 14:47:29 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\Auto-Joiner
[2012-01-25 04:30:20 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\Babylon
[2012-04-03 22:41:32 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011-10-26 20:21:20 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\Command and Conquer 4
[2012-03-09 15:05:49 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\DAEMON Tools Lite
[2011-10-10 21:50:34 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\Day 1 Studios
[2012-03-12 08:56:52 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\driveridentifier
[2012-05-24 00:57:34 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\GarenaPlus
[2011-09-28 01:44:46 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\Leadertech
[2012-05-13 21:33:06 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\Nitro PDF
[2012-05-02 03:58:57 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\OpenCandy
[2011-10-18 01:45:42 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\Red Alert 3
[2012-03-10 10:20:31 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\Registry Mechanic
[2012-05-04 01:45:26 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\Spearit
[2011-12-09 21:04:35 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\Tific
[2012-01-03 02:41:57 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\TuneUp Software
[2012-05-24 04:51:41 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\uTorrent
[2011-09-17 18:26:55 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\WinZip
[2012-05-12 05:19:44 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012-05-24 00:21:55 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011-09-09 21:31:19 | 000,388,818 | ---- | M] () -- C:\AnalysisLog.sr0
[2009-06-11 02:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010-11-20 17:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2011-08-16 04:13:10 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012-05-23 19:58:08 | 000,020,681 | ---- | M] () -- C:\ComboFix.txt
[2009-06-11 02:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011-10-13 00:22:39 | 000,003,648 | ---- | M] () -- C:\config.xml
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007-11-07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007-11-07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007-11-07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011-08-15 16:09:21 | 000,203,836 | RHS- | M] () -- C:\grldr
[2012-05-24 00:21:11 | 1607,143,424 | -HS- | M] () -- C:\hiberfil.sys
[2007-11-07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007-11-07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007-11-07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007-11-07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007-11-07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007-11-07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007-11-07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007-11-07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007-11-07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2012-04-21 14:42:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012-04-21 12:59:53 | 000,000,217 | ---- | M] () -- C:\lan.log
[2012-05-01 23:09:22 | 000,003,138 | ---- | M] () -- C:\MAKEMSI_VBSCA-Kaspersky Security Scan(1.0.0.500)-Tuesday.log
[2012-04-21 14:42:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012-05-24 00:21:28 | 2142,859,264 | -HS- | M] () -- C:\pagefile.sys
[2012-04-21 12:54:16 | 000,000,206 | ---- | M] () -- C:\realtek.log
[2012-04-21 12:54:16 | 000,002,107 | ---- | M] () -- C:\RHDSetup.log
[2012-03-14 19:35:53 | 000,000,184 | ---- | M] () -- C:\setup.log
[2007-03-07 13:31:26 | 000,303,616 | ---- | M] () -- C:\tp_icon.dll
[2012-02-12 01:14:15 | 000,002,981 | ---- | M] () -- C:\user.js
[2007-11-07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007-11-07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007-11-07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2011-08-15 16:09:21 | 000,000,000 | RHS- | M] () -- C:\winx.ld

< %systemroot%\Fonts\*.com >
[2009-07-14 09:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009-07-14 09:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009-07-14 09:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009-07-14 09:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009-06-11 02:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009-07-14 06:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2010-11-20 17:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012-03-08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2012-03-12 12:21:43 | 000,001,702 | -HS- | M] () -- C:\Users\NOOR\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009-07-14 09:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011-10-18 23:33:02 | 000,000,317 | -HS- | M] () -- C:\Users\NOOR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012-05-23 19:45:33 | 004,502,778 | R--- | M] (Swearware) -- C:\Users\NOOR\Desktop\ComboFix.exe
[2006-11-01 09:07:32 | 008,904,704 | ---- | M] () -- C:\Users\NOOR\Desktop\nfsc.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012-05-24 04:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-05-24 00:21:35 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-05-24 04:16:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-05-24 00:21:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012-05-12 05:19:44 | 000,032,628 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
[2012-05-24 00:21:55 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009-06-11 02:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012-02-15 22:18:54 | 000,000,402 | -HS- | M] () -- C:\Users\NOOR\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-13 19:35:25

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7631EA83
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:553CA6CA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP

1B5B4F1
< End of report >

Broni · May 23, 2012

You have some Norton leftovers.
Please run this tool to remove them: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

Then...

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
PRC - [2012-05-24 00:30:28 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012-05-24 00:29:32 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
MOD - [2012-05-24 00:30:28 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012-05-24 00:29:33 | 000,132,664 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
SRV - [2012-05-24 00:29:32 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={988021...ad29f4135&lang=en&ds=ts022&pr=sa&d=2012-05-24 00:30:28&v=11.1.0.7&sap=hp
IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...ad29f4135&lang=en&ds=ts022&pr=sa&d=2012-05-24 00:30:28&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.4:8080
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012-05-24 00:29:42 | 000,000,000 | ---D | M]
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\NOOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
[2012-05-24 00:29:46 | 000,000,000 | ---D | C] -- C:\Users\NOOR\AppData\Local\AVG Secure Search
[2012-05-24 00:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012-03-10 10:20:31 | 000,000,000 | ---D | M] -- C:\Users\NOOR\AppData\Roaming\Registry Mechanic
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7631EA83
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:553CA6CA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Services

:Reg

:Files
C:\Program Files\AVG Secure Search
C:\Program Files\Common Files\AVG Secure Search

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

======================================================

Next....

Re-run OTL again.

Use the following settings:

Click the NONE button
Under Custom Scans/Fixes paste:

Code:

/md5start
MLANG.dll
/md5stop

Finally hit Run Scan and wait for the log to open.
Please post the content of the log into your next reply.

ace khan · May 23, 2012

All processes killed
========== OTL ==========
No active process named vprot.exe was found!
Process ToolbarUpdater.exe killed successfully!
Service vToolbarUpdater11.1.0 stopped successfully!
Service vToolbarUpdater11.1.0 deleted successfully!
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe moved successfully.
HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1654780193-2357526987-3854253030-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1654780193-2357526987-3854253030-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ deleted successfully.
File move failed. C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll scheduled to be moved on reboot.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ not found.
File C:\Users\NOOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
C:\Program Files\AVG Secure Search\vprot.exe moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
Invalid CLSID key: C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
File C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll not found.
C:\Users\NOOR\AppData\Local\AVG Secure Search\SiteSafety folder moved successfully.
C:\Users\NOOR\AppData\Local\AVG Secure Search folder moved successfully.
C:\ProgramData\AVG Secure Search\Toolbar folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\skin folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\zh-tw folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\zh-cn folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\tr folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\sr folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\sk folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\ru folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\pt-br folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\pt folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\pl folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\nl folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\ms folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\ko folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\ja folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\it folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\id folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\hu folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\fr folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\es-es folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\es folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\en folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\de folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\da folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale\cs folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules\locale folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\modules folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\locale\en-US folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\locale folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\components folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7\chrome folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.7 folder moved successfully.
C:\ProgramData\AVG Secure Search folder moved successfully.
C:\Users\NOOR\AppData\Roaming\Registry Mechanic folder moved successfully.
ADS C:\ProgramData\TEMP:7631EA83 deleted successfully.
ADS C:\ProgramData\TEMP:553CA6CA deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP

1B5B4F1 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\AVG Secure Search\skin folder moved successfully.
C:\Program Files\AVG Secure Search\radio folder moved successfully.
C:\Program Files\AVG Secure Search\Licenses folder moved successfully.
C:\Program Files\AVG Secure Search\11.1.0.7\radio folder moved successfully.
C:\Program Files\AVG Secure Search\11.1.0.7 folder moved successfully.
C:\Program Files\AVG Secure Search folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ToolBandTlb\11.1.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ToolBandTlb folder moved successfully.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller scheduled to be moved on reboot.
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.1.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\CommonInstaller\11.1.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\CommonInstaller folder moved successfully.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 4695163 bytes
->Temporary Internet Files folder emptied: 49343935 bytes
->Java cache emptied: 391201 bytes
->Google Chrome cache emptied: 6210828 bytes
->Flash cache emptied: 57547 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NOOR
->Temp folder emptied: 133426798 bytes
->Temporary Internet Files folder emptied: 11362970 bytes
->Java cache emptied: 485248 bytes
->Google Chrome cache emptied: 162914273 bytes
->Flash cache emptied: 58871 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 2834 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 167940 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 352.00 mb

[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: NOOR
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: NOOR
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.43.1 log created on 05242012_055425
Files\Folders moved on Reboot...
File\Folder C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll not found!
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search scheduled to be moved on reboot.
Registry entries deleted on Reboot...

ace khan · May 23, 2012

OTL logfile created on: 24-May-12 5:58:43 AM - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\NOOR\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.04% Memory free
3.99 Gb Paging File | 2.72 Gb Available in Paging File | 68.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.48 Gb Total Space | 101.21 Gb Free Space | 69.09% Space Free | Partition Type: NTFS
Drive D: | 146.48 Gb Total Space | 80.88 Gb Free Space | 55.21% Space Free | Partition Type: NTFS
Drive E: | 172.79 Gb Total Space | 57.19 Gb Free Space | 33.10% Space Free | Partition Type: NTFS

Computer Name: NOOR-PC | User Name: NOOR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: MLANG.DLL >
[2009-07-14 06:15:40 | 000,177,664 | ---- | M] () MD5=7E2FB1071CE770D72F22B4C5C9E661D6 -- C:\Windows\System32\mlang.dll
[2009-07-14 06:15:40 | 000,177,664 | ---- | M] () MD5=7E2FB1071CE770D72F22B4C5C9E661D6 -- C:\Windows\winsxs\x86_microsoft-windows-mlang_31bf3856ad364e35_6.1.7600.16385_none_56b5a19c4551e3b0\mlang.dll
< End of report >

Broni · May 23, 2012

It looks like your mlang.dll doesn't have Microsoft signature.
Attached is zipped mlang.dll file from my computer.
Unzip it and place mlang.dll file in a root C:\ directory.

Re-run OTL with the very same settings so I can see the file is in correct location.

ace khan · May 23, 2012

I tried to copy and replace it C:\ directory but it says "you need permission to perform this action" although I am logged in as administrator. and also along with MLANG.dll there is other app named MLANG.dat. when I click it windows media center is opened.

Broni · May 23, 2012

What do you mean by "replace"?
I didn't ask you to replace anything.
All I want you to is to PASTE mlang.dll file into C:\ directory.

Solved BAD IMAGE error, can't click anything on desktop with Windows Explorer open

Posts: 27 +0

Posts: 56,041 +517

Posts: 27 +0

Posts: 27 +0

Posts: 27 +0

Posts: 27 +0

Posts: 56,041 +517

Posts: 27 +0

Posts: 56,041 +517

Posts: 27 +0

Posts: 56,041 +517

Posts: 27 +0

Posts: 27 +0

Posts: 56,041 +517

Posts: 27 +0

Posts: 56,041 +517

Posts: 27 +0

Posts: 27 +0

Posts: 27 +0

Posts: 56,041 +517

Posts: 27 +0

Posts: 27 +0

Posts: 56,041 +517

Attachments

Posts: 27 +0

Posts: 56,041 +517

Similar threads