Home / Software / Computer viruses and spyware / remove spyware removal, trojan rootkit
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] 2  All - (Bottom) Print
Author Topic: remove spyware removal, trojan rootkit  (Read 558 times)
makaveli_801
Topic Starter
Rookie



Posts: 17



you can never count the blessing of GOD
« on: November 28, 2011, 06:30:25 PM »
So all a sudden the spyware removal thing pops up on my pc. Nothing I never seen before, I go into safe mode and try to scan with my virus scanner. I'm unable to do so, so I try to manually remove it and delete all the registrys. I restart my computer sane thing except now all desktop items and start buttons are gone but I can still access my data with the keyboard. I restart hoping to go into safe mode same thing I can't access desktop icons or start buttons, only difference now is my keyboard is disabled. I can't do a thing. So its time to do a fresh installationof windows. It won't boot from cd at first so I check my BIOS and everything is right. Now its trying to boot from disk it says it and everything but completely refuses to load. So I take that had drive out of the tower and place it in my other computer now that one has the same exact problem. Finally I bought a hdd case to put it into to scan it from another pc I did that but still when I put it into the computer its the same. What am I to do. Even when I put another hard drive into the tower it won't boot from the cd all I get is booting from cd for like a minute. I have a Compaq EVO 530 sff with one gb ram and Windows xp professional service pack 3.
IP logged
If you tried to number God's blessings, you could never count them. God is Ever-Forgiving, Most Merciful. (Surat an-Nahl: 18)
kimsland
Intermediate



Thanked: 10
Posts: 127

Experience: Guru
OS: Windows XP
Leaving, CH can obviously do without my support.
« Reply #1 on: November 28, 2011, 06:56:26 PM »
The bios firmware update: Adds support for 8X DVD+R media
Although this latest Bios came out in 2004.

You can find all your updates and manual here: http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=uk&prodNameId=316715&prodTypeId=12454&prodSeriesId=316713&swLang=13&taskId=135&swEnvOID=1093

There's likely a Fn key to press when starting from a cold start (ie Not restart), that allows you to select which boot device to pick (try the manual for what key this is if it doesn't show up when booting the computer)

Could also be a fully CD drive itself.
IP logged
makaveli_801
Topic Starter
Rookie



Posts: 17



you can never count the blessing of GOD
« Reply #2 on: December 01, 2011, 01:42:45 PM »
Well I don't think I need to update my BIOS or that the dvd drive is defective as I have tried multiple drives. As for the option for the boot method I have tinkered with ever method of booting only from the drive to everything in between. Only method I have not tried is the Jan flash drive method to boot from.
IP logged
If you tried to number God's blessings, you could never count them. God is Ever-Forgiving, Most Merciful. (Surat an-Nahl: 18)
SuperDave
Malware Removal Specialist
Moderator
Prodigy



Thanked: 617
Posts: 6,998

Certifications: List
Experience: Experienced
OS: Windows XP
« Reply #3 on: December 01, 2011, 04:15:29 PM »
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.
  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
  • Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved  in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
IP logged
AMD Athlon XP 1900+ 1.47 GHz  3 GB Ram Windows XP  Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware  and Threatfire with Comodo Firewall & Windows Defender
makaveli_801
Topic Starter
Rookie



Posts: 17



you can never count the blessing of GOD
« Reply #4 on: December 03, 2011, 07:24:58 PM »
I made the boot cd you told me to make but it doesn't read it. It just says attempting to boot from cd. I have other picture of my BIOS and when I boot normally and into safe mode with networking if those would help.

[regaining space - attachment deleted by admin]
IP logged
If you tried to number God's blessings, you could never count them. God is Ever-Forgiving, Most Merciful. (Surat an-Nahl: 18)
bronc52
Greenhorn



Posts: 6

Experience: Beginner
OS: Unknown
« Reply #5 on: December 03, 2011, 09:41:25 PM »
Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.  If you want to help, please go here. Superdave.
« Last Edit: December 04, 2011, 11:17:20 AM by SuperDave » IP logged
SuperDave
Malware Removal Specialist
Moderator
Prodigy



Thanked: 617
Posts: 6,998

Certifications: List
Experience: Experienced
OS: Windows XP
« Reply #6 on: December 04, 2011, 11:18:32 AM »
Are you certain that you created the CD correctly?. You need to burn with an ISO burner. Could you try the CD in another computer. If it was created correctly, it should boot the computer.
IP logged
AMD Athlon XP 1900+ 1.47 GHz  3 GB Ram Windows XP  Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware  and Threatfire with Comodo Firewall & Windows Defender
makaveli_801
Topic Starter
Rookie



Posts: 17



you can never count the blessing of GOD
« Reply #7 on: December 04, 2011, 11:13:35 PM »
Yes I used an ISO burner for some reason now I just tried it again and it seems to be loading up from the cd. I'll tell you all what happens
IP logged
If you tried to number God's blessings, you could never count them. God is Ever-Forgiving, Most Merciful. (Surat an-Nahl: 18)
makaveli_801
Topic Starter
Rookie



Posts: 17



you can never count the blessing of GOD
« Reply #8 on: December 04, 2011, 11:44:35 PM »
"Do you wish to load the remote registry", select Yes and  Change Drivers to Non-Microsoft where not there. So I just checked under drivers none. ( OTL logfile created on: 12/4/2011 10:22:36 PM - Run
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,015.00 Mb Total Physical Memory | 773.00 Mb Available Physical Memory | 76.00% Memory free
903.00 Mb Paging File | 823.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 3.58 Gb Free Space | 9.60% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = All Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (SoundMAX Agent Service (default))
SRV - File not found [Auto] --  -- (sdAuxService)
SRV - File not found [On_Demand] --  -- (iPod Service)
SRV - File not found [Auto] --  -- (HauppaugeTVServer)
SRV - File not found [On_Demand] --  -- (gupdatem) Google Update Service (gupdatem)
SRV - File not found [Auto] --  -- (gupdate) Google Update Service (gupdate)
SRV - File not found [Auto] --  -- (Apple Mobile Device)
SRV - [2011/07/06 21:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 17:39:26 | 000,011,736 | ---- | M] () [Auto] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/08 20:55:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/19 08:57:14 | 001,150,936 | ---- | M] () [Auto] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/05/26 12:48:02 | 000,067,584 | ---- | M] (Hauppauge Computer Works, Inc) [Auto] -- C:\Program Files\WinTV\Extend\WinTVExtender.exe -- (Hauppauge WinTV Extender)
SRV - [2010/02/19 16:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/06 14:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Disabled] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/11/11 11:38:06 | 000,620,544 | ---- | M] (Nokia.) [Disabled] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/09/24 17:50:46 | 000,052,888 | ---- | M] () [Disabled] -- C:\Program Files\VIA\RAID\vialogsv.exe -- (VRAID Log Service)
SRV - [2008/02/27 18:07:26 | 000,594,600 | ---- | M] ( ) [Disabled] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/02/27 18:07:14 | 000,098,984 | ---- | M] () [Disabled] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2002/10/24 21:17:54 | 000,065,536 | ---- | M] (Kenonic Controls Ltd.) [Auto] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Makaveli_801_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKU\Makaveli_801_ON_C\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - Reg Error: Key error. File not found
IE - HKU\Makaveli_801_ON_C\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  File not found
IE - HKU\Makaveli_801_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Makaveli_801_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Makaveli_801_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60970
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/18 21:38:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/24 17:17:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/24 17:17:09 | 000,000,000 | ---D | M]
 
[2011/08/25 14:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/06/17 22:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/11 00:11:05 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/09/16 20:52:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/14 13:50:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/17 22:12:40 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com
File not found (No name found) --
[2011/08/17 14:48:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 06:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/04/10 22:32:04 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/07/10 04:21:02 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml
 
O1 HOSTS File: ([2011/05/02 18:27:58 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} -  File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} -  File not found
O2 - BHO: (Iminent.BHO.NavigationError) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  File not found
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -  File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  File not found
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKU\Makaveli_801_ON_C\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\Makaveli_801_ON_C\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\Makaveli_801_ON_C\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DRam prosessor] C:\WINDOWS\System32\msupdate.exe ()
O4 - HKLM..\Run: [IMBooster]  File not found
O4 - HKLM..\Run: [Iminent.Notifier]  File not found
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [lxdnamon] C:\Program Files\Lexmark 2600 Series\lxdnamon.exe ()
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent]  File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKU\Makaveli_801_ON_C..\Run: [BitTorrent Ultra Accelerator] C:\Program Files\BitTorrent Ultra Accelerator\BitTorrent Ultra Accelerator.exe (TrafficSpeeders)
O4 - HKU\Makaveli_801_ON_C..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKU\Makaveli_801_ON_C..\Run: [Mega Manager]  File not found
O4 - HKU\Makaveli_801_ON_C..\Run: [MP3 Skype Recorder] C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov)
O4 - HKU\Makaveli_801_ON_C..\Run: [Security Protection]  File not found
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix]  File not found
O4 - HKU\Administrator_ON_C..\RunOnce: [ShowDeskFix]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [ShowDeskFix]  File not found
O4 - HKLM..\RunServices: [DRam prosessor] C:\WINDOWS\System32\msupdate.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BitTorrent Ultra Accelerator.lnk = C:\Program Files\BitTorrent Ultra Accelerator\BitTorrent Ultra Accelerator.exe (TrafficSpeeders)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinTV Recording Status..lnk = C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\Makaveli_801_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKU\Makaveli_801_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe ()
O20 - HKU\Makaveli_801_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe ()
O20 - Winlogon\Notify\opnnkjiJ: DllName - opnnkjiJ.dll -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/29 13:32:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within All Days ==========
 
[2011/10/30 04:15:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/30 16:52:20 | 000,000,000 | ---D | C] -- C:\.Trash-1000
[2011/08/25 15:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Debut
[2011/08/25 14:43:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/08/23 01:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Makaveli_801\Desktop\New Folder (2)
[2011/08/19 14:01:05 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2011/08/19 14:01:04 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fuusd.dll
[2011/08/19 14:01:04 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2011/08/19 14:01:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fnfilter.dll
[2011/08/19 14:01:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2011/08/17 19:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Makaveli_801\Desktop\pcsxr-xenon_a_0.5
[2011/08/16 13:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Makaveli_801\My Documents\New Folder
[2011/08/16 13:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Makaveli_801\My Documents\dvd
[2011/08/16 13:41:04 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2011/08/16 13:41:04 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2011/08/16 13:41:03 | 000,609,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.ocx
[2011/08/16 13:41:03 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.ocx
[2011/08/16 13:41:03 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comct232.ocx
[2011/08/16 13:41:03 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2011/08/09 21:51:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Makaveli_801\Desktop\New Folder
[2011/07/22 21:31:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AJKRIC
[2011/07/21 19:00:37 | 000,523,776 | ---- | C] (Shock Labs) -- C:\Documents and Settings\Makaveli_801\Desktop\Shock Labs File Binder v1.0.exe
[2011/07/16 17:31:04 | 000,072,192 | ---- | C] (VIA Technologies inc,.ltd) -- C:\WINDOWS\System32\viaraid.sys
[2011/07/12 13:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/07/12 13:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/07/12 13:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/07/12 13:20:54 | 000,050,536 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll
[2011/07/05 20:37:00 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2011/07/05 20:37:00 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2011/07/04 15:07:48 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2011/07/04 14:50:22 | 000,000,000 | ---D | C] -- C:\Temp
[2011/07/01 15:49:33 | 000,042,752 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\drivers\ser2pl.sys
[2011/07/01 15:46:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/06/18 21:54:08 | 000,000,000 | ---D | C] -- C:\Juz30
[2011/06/18 21:37:19 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/06/18 21:35:41 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/06/18 21:35:41 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/06/18 21:35:23 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/06/10 22:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Makaveli_801\My Documents\Free Sound Recorder
[2011/06/10 22:31:32 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll
[2011/06/10 22:31:32 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioTransform2.dll
[2011/06/10 22:31:32 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioVisualization2.dll
[2011/06/10 22:31:32 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll
[2011/06/10 22:31:32 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2011/06/10 22:31:32 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTTextToAudio2.dll
[2011/06/10 22:31:32 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll
[2011/06/10 22:31:31 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll
[2011/06/10 22:31:31 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioEditor2.dll
[2011/06/10 22:31:31 | 000,835,584 | ---- | C] (NCT) -- C:\WINDOWS\System32\NCTAudioCDGrabber2.dll
[2011/06/10 22:31:30 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2011/06/10 22:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Makaveli_801\My Documents\Untitled_Recorded
[2011/06/10 22:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Makaveli_801\My Documents\Adobe
[2011/06/10 21:39:22 | 000,109,704 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_mdm.sys
[2011/06/10 21:39:22 | 000,083,592 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bus.sys
[2011/06/10 21:39:22 | 000,015,112 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_mdfl.sys
[2011/06/10 21:39:22 | 000,012,424 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_whnt.sys
[2011/06/10 21:39:22 | 000,012,424 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_wh.sys
[2011/06/10 21:39:22 | 000,012,424 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_cmnt.sys
[2011/06/10 21:39:22 | 000,012,424 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_cm.sys
[2011/06/10 21:39:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2011/06/10 21:05:16 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2011/06/10 20:54:13 | 000,090,624 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2011/06/02 01:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Makaveli_801\My Documents\My Games
[2011/06/01 22:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Makaveli_801\My Documents\Visual Studio 2005
[2011/06/01 20:23:46 | 000,436,792 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2011/06/01 18:18:49 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2011/06/01 18:18:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2011/06/01 18:18:33 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2011/06/01 18:18:29 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2011/06/01 18:18:29 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2011/05/23 11:59:19 | 000,000,000 | ---D | C] -- C:\e73728b94b1b80de49d46c61dd866cdd
[2011/05/18 11:55:07 | 000,000,000 | ---D | C] -- C:\b13362d19ca9bcb9ac47
[2011/05/17 13:14:12 | 000,000,000 | ---D | C] -- C:\9f47c7c7e91adbf16b2cea83d3462e9d
[2011/05/15 01:18:23 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/11 23:06:17 | 000,000,000 | ---D | C] -- C:\hadith
[2011/05/10 01:01:56 | 000,000,000 | ---D | C] -- C:\HAD
[2011/05/09 13:17:14 | 000,000,000 | ---D | C] -- C:\9e653b70fa343ea08174fb259ca440
[2011/05/09 06:14:19 | 000,000,000 | ---D | C] -- C:\c1cd0ef68994bcc1f752
[2011/05/07 06:16:28 | 000,000,000 | ---D | C] -- C:\ff5720b1331474dffcb1118880414c89
[2011/05/06 06:25:55 | 000,000,000 | ---D | C] -- C:\41dbc57eb26a9ab9b29c
[2011/05/05 17:23:57 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\WINDOWS\Ckconfig.exe
[2011/05/05 17:23:57 | 000,065,536 | ---- | C] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\Crypserv.exe
[2011/05/05 06:23:59 | 000,000,000 | ---D | C] -- C:\1e4a9817e20f39398c7c4e4528e126
[2011/05/03 06:25:13 | 000,000,000 | ---D | C] -- C:\1517d995b27ffe1a3c79188f6134
[2011/05/02 00:50:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/02 00:50:02 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/30 08:49:37 | 000,000,000 | ---D | C] -- C:\6085089f9e44d46924
[2011/04/29 18:50:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\digilogue
[2011/04/29 18:43:24 | 000,000,000 | ---D | C] -- C:\nebulatemprepository
[2011/04/29 18:41:36 | 000,000,000 | ---D | C] -- C:\Vstplugins
[2011/04/29 18:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Makaveli_801\My Documents\FabFilter
[2011/04/29 18:13:17 | 000,286,720 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun506.exe
[2011/04/29 18:12:18 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2011/04/27 12:48:29 | 000,000,000 | ---D | C] -- C:\7a4705dc5a14508c24d5f2
[2011/04/26 17:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Makaveli_801\My Documents\Image-Line
[2011/04/21 08:32:42 | 000,000,000 | ---D | C] -- C:\1273e1a945b8b441724250
[2011/04/17 13:32:35 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/04/11 14:00:29 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/04/05 20:43:03 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/04/05 20:43:03 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/04/05 20:43:02 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/04/05 20:42:53 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/04/05 20:42:53 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/04/05 20:42:38 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/04/05 20:37:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/03/28 14:00:44 | 000,000,000 | ---D | C] -- C:\e73eb950529ec14709ebfff67a6da907
[2011/03/27 00:11:15 | 000,000,000 | ---D | C] -- C:\bb991a93888925a918ee3d9e
[2011/03/19 21:00:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\TVUAx
[2011/03/19 00:12:56 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2011/03/18 23:58:32 | 000,000,000 | ---D | C] -- C:\Intel
[2011/03/18 23:03:02 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2011/03/18 22:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Makaveli_801\My Documents\DriverGenius
[2011/03/12 14:45:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/03/08 22:26:11 | 000,000,000 | ---D | C] -- C:\powerIso
[2011/03/08 17:21:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/02/02 02:58:35 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2011/01/27 06:57:06 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2011/01/26 19:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Makaveli_801\My Documents\My Received Files
[2011/01/26 19:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/01/26 17:49:31 | 000,054,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2011/01/25 16:38:46 | 000,000,000 | ---D | C] -- C:\output
[2011/01/21 09:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/10 18:30:23 | 000,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2011/01/10 18:30:22 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2011/01/10 18:30:22 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010/12/30 17:45:43 | 000,000,000 | ---D | C] -- C:\Deployment
[2010/12/30 17:45:32 | 000,000,000 | ---D | C] -- C:\resources
[2010/12/30 17:41:40 | 000,000,000 | ---D | C] -- C:\payloads
[2010/12/30 17:41:35 | 000,000,000 | ---D | C] -- C:\packages
[2010/12/15 22:50:24 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 22:36:27 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/11/12 16:56:56 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2010/11/12 16:56:56 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2010/11/12 16:56:55 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2010/11/12 16:56:55 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2010/11/12 16:56:54 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2010/11/12 16:56:54 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2010/11/12 16:56:54 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2010/11/12 16:56:53 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2010/11/12 16:56:51 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2010/11/12 16:56:51 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2010/11/12 16:56:50 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2010/11/12 16:56:49 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2010/11/12 16:56:49 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2010/11/12 16:56:48 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe
[2 C:\Documents and Settings\Makaveli_801\My Documents\*.tmp files -> C:\Documents and Settings\Makaveli_801\My Documents\*.tmp -> ]
 
========== Files - Modified Within All Days ==========
 
[2011/12/03 21:09:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/03 17:36:16 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/25 18:14:19 | 000,043,408 | -HS- | M] () -- C:\WINDOWS\System32\c_99754.nl_
[2011/08/25 18:06:46 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/25 17:41:57 | 000,607,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/08/25 17:19:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2299180878
[2011/08/25 15:17:38 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2011/08/24 17:35:16 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/24 17:16:10 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/08/24 17:10:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/22 22:12:58 | 000,001,012 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EASEUS Data Recovery Wizard Free Edition 5.5.1.lnk
[2011/08/19 14:34:40 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/19 13:47:40 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\User's Guide.lnk
[2011/08/19 13:47:40 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FinePixViewer S.lnk
[2011/08/19 13:46:02 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk
[2011/08/17 15:40:26 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/08/17 14:56:51 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/17 11:52:02 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/17 05:52:07 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/17 04:00:01 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MAKAVELI-565454-Makaveli_801.job
[2011/08/16 13:41:38 | 000,001,577 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\Desktop\DVD Flick.lnk
[2011/08/15 15:35:43 | 000,000,303 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\My Documents\Dileysi.rtf
[2011/08/14 19:58:03 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-842925246-1417001333-1004.job
[2011/08/06 16:22:12 | 002,112,912 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/06 16:22:10 | 000,688,374 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/28 00:42:37 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-842925246-1417001333-1004.job
[2011/07/28 00:42:23 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/07/17 01:18:05 | 000,005,599 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\My Documents\oldlove.sms
[2011/07/15 21:17:49 | 000,000,072 | ---- | M] () -- C:\WINDOWS\RegisterRSM.ini
[2011/07/14 17:27:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\Application Data\chrtmp
[2011/07/12 13:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/07/12 13:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/07/12 13:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/07/12 13:20:54 | 000,050,536 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll
[2011/07/09 14:11:32 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/07/06 21:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 21:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/05 20:37:00 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2011/07/05 20:37:00 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2011/07/04 15:14:24 | 000,001,719 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\Desktop\Verizon V CAST Media Manager.lnk
[2011/07/03 21:41:03 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2011/07/03 19:13:40 | 000,007,345 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\Application Data\BA3E.723
[2011/07/03 04:58:13 | 000,437,183 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\My Documents\prophetswayofprayer.pdf
[2011/07/01 17:47:10 | 000,030,353 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\My Documents\Document.rtf
[2011/06/20 14:50:29 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\Desktop\MP3 Skype Recorder.lnk
[2011/06/19 15:44:22 | 000,023,552 | -H-- | M] () -- C:\Documents and Settings\Makaveli_801\My Documents\photothumb.db
[2011/06/18 21:39:24 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/06/18 21:37:19 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/06/18 21:35:41 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/06/18 21:35:41 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/06/18 21:35:24 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/06/14 16:39:41 | 010,652,986 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\My Documents\Goldschmidt-achotme.rar
[2011/06/13 03:41:49 | 000,011,186 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\dmnl8x0wg7864d2gc7ys3jwch87q680g6u3
[2011/06/13 03:41:48 | 000,011,186 | -HS- | M] () -- C:\Documents and Settings\Makaveli_801\Local Settings\Application Data\dmnl8x0wg7864d2gc7ys3jwch87q680g6u3
[2011/06/11 14:48:58 | 000,349,980 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\My Documents\Direct_Deposit.pdf
[2011/06/10 22:21:03 | 000,585,352 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\My Documents\Untitled.ses
[2011/06/06 03:51:39 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\Local Settings\Application Data\fusioncache.dat
[2011/06/02 00:51:58 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sid Meier's Civilization IV Colonization.lnk
[2011/05/30 20:32:50 | 000,007,494 | -HS- | M] () -- C:\Documents and Settings\Makaveli_801\Local Settings\Application Data\q5knv24l11k4
[2011/05/30 20:32:50 | 000,007,494 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\q5knv24l11k4
[2011/05/10 03:17:19 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\Desktop\Athan.lnk
[2011/05/10 03:16:21 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2011/05/09 13:22:10 | 000,002,240 | ---- | M] () -- C:\WINDOWS\System32\esnecil.ind
[2011/05/06 18:52:01 | 000,002,240 | ---- | M] () -- C:\WINDOWS\System32\esnecil.nlp
[2011/05/06 13:15:00 | 003,623,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/05 17:24:15 | 000,000,043 | ---- | M] () -- C:\WINDOWS\Crypkey.ini
[2011/05/05 17:23:56 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\Application Data\Microsoft\Internet Explorer\Quick Launch\Kelk2000.lnk
[2011/05/02 18:27:58 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/02 17:03:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/02 00:50:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Makaveli.lnk
[2011/05/01 12:22:03 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\debutDowngrade.job
[2011/04/29 19:07:32 | 000,286,720 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun506.exe
[2011/04/26 17:21:44 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\Desktop\FL Studio 10.lnk
[2011/04/20 02:30:28 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/20 02:30:28 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/15 14:47:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/11 00:28:12 | 000,003,760 | -H-- | M] () -- C:\Documents and Settings\Makaveli_801\Application Data\Makaveli_801log.dat
[2011/04/10 22:27:10 | 000,059,206 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\Application Data\Makaveli_8013SQLite3.dll
[2011/04/05 20:42:46 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/03/20 21:54:09 | 000,366,788 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\My Documents\online_application.pdf
[2011/03/18 22:17:31 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/03/07 00:33:50 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/03/04 01:37:06 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2011/03/04 01:37:06 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2011/03/04 01:37:06 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2011/03/04 01:37:06 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2011/03/03 08:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2011/03/03 08:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2011/03/03 01:55:19 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2011/03/02 21:07:52 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/03/02 21:07:51 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/03/01 16:20:32 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\JDownloader.lnk
[2011/02/28 10:09:40 | 000,053,248 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2011/02/26 22:27:31 | 000,009,756 | -HS- | M] () -- C:\Documents and Settings\Makaveli_801\My Documents\Folder.jpg
[2011/02/26 22:27:31 | 000,009,756 | -HS- | M] () -- C:\Documents and Settings\Makaveli_801\My Documents\AlbumArt_{2AA87207-7577-4A18-912A-495077EF8D6F}_Large.jpg
[2011/02/26 22:26:13 | 000,002,428 | -HS- | M] () -- C:\Documents and Settings\Makaveli_801\My Documents\AlbumArtSmall.jpg
[2011/02/26 22:26:13 | 000,002,428 | -HS- | M] () -- C:\Documents and Settings\Makaveli_801\My Documents\AlbumArt_{2AA87207-7577-4A18-912A-495077EF8D6F}_Small.jpg
[2011/02/22 18:06:29 | 005,962,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/02/22 18:06:29 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2011/02/22 18:06:29 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2011/02/22 18:06:29 | 001,210,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2011/02/22 18:06:29 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2011/02/22 18:06:29 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2011/02/22 18:06:29 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2011/02/22 18:06:29 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2011/02/22 18:06:29 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/02/22 18:06:29 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2011/02/22 18:06:29 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2011/02/22 18:06:29 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2011/02/22 18:06:29 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/02/22 18:06:29 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2011/02/22 18:06:29 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2011/02/22 18:06:29 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2011/02/22 18:06:29 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2011/02/22 18:06:28 | 011,080,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/02/22 18:06:28 | 001,991,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/02/22 18:06:28 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/02/22 18:06:28 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2011/02/22 18:06:28 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2011/02/22 18:06:28 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2011/02/22 18:06:28 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2011/02/22 06:41:59 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2011/02/17 08:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/02/17 08:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2011/02/15 07:56:39 | 000,290,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2011/02/15 07:56:39 | 000,290,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2011/02/10 21:38:55 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/09 08:53:52 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011/02/09 08:53:52 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/02/08 08:33:55 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll
[2011/02/08 08:33:55 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/02/08 08:33:55 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll
[2011/02/08 08:33:55 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2011/02/02 20:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/02/02 02:58:35 | 002,067,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2011/01/27 06:57:06 | 000,677,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2011/01/26 15:20:57 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Debut Video Capture Software.lnk
[2011/01/21 09:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 09:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/17 11:10:26 | 000,251,560 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/01/10 18:29:51 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/08 18:25:08 | 000,000,028 | ---- | M] () -- C:\WINDOWS\v2d.INI
[2010/12/30 04:48:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Makaveli_801\net
[2010/12/25 21:39:16 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Prism Video File Converter.lnk
[2010/12/22 07:34:28 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2010/12/20 12:26:00 | 000,730,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2010/12/20 12:26:00 | 000,730,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/12/16 10:46:04 | 000,070,536 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/12/10 18:57:26 | 000,160,448 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/12/10 15:24:12 | 000,239,168 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2 C:\Documents and Settings\Makaveli_801\My Documents\*.tmp files -> C:\Documents and Settings\Makaveli_801\My Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/08/25 18:14:19 | 000,043,408 | -HS- | C] () -- C:\WINDOWS\System32\c_99754.nl_
[2011/08/25 15:17:38 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2011/08/25 14:48:14 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/25 14:48:14 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Sidebar.lnk
[2011/08/25 14:47:58 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2011/08/25 14:47:57 | 000,001,823 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Right Click Image Converter.lnk
[2011/08/25 14:01:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2299180878
[2011/08/24 17:35:16 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/24 17:16:10 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/08/24 17:10:03 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/22 22:12:58 | 000,001,012 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EASEUS Data Recovery Wizard Free Edition 5.5.1.lnk
[2011/08/19 13:47:40 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\User's Guide.lnk
[2011/08/19 13:47:40 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FinePixViewer S.lnk
[2011/08/19 13:46:02 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk
[2011/08/17 18:45:30 | 001,050,112 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\Desktop\xbins.exe
[2011/08/16 13:41:38 | 000,001,577 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\Desktop\DVD Flick.lnk
[2011/08/15 15:35:43 | 000,000,303 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\My Documents\Dileysi.rtf
[2011/08/09 17:21:26 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BitTorrent Ultra Accelerator.lnk
[2011/08/09 17:21:26 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinTV Recording Status..lnk
[2011/07/17 01:18:05 | 000,005,599 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\My Documents\oldlove.sms
[2011/07/16 17:31:04 | 000,007,605 | ---- | C] () -- C:\WINDOWS\System32\viaraid.cat
[2011/07/16 17:31:04 | 000,001,541 | ---- | C] () -- C:\WINDOWS\System32\VIARAID.INF
[2011/07/15 21:17:49 | 000,000,072 | ---- | C] () -- C:\WINDOWS\RegisterRSM.ini
[2011/07/14 17:27:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\Application Data\chrtmp
[2011/07/04 15:38:55 | 010,829,947 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\My Documents\Goldschmidt, Arthur & Lawrence Davidson - A Concise History of the Middle East, 8e (2006).pdf
[2011/07/04 15:36:33 | 010,652,986 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\My Documents\Goldschmidt-achotme.rar
[2011/07/04 15:14:24 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\Desktop\Verizon V CAST Media Manager.lnk
[2011/07/03 21:41:02 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2011/07/03 15:57:54 | 000,007,345 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\Application Data\BA3E.723
[2011/07/03 04:58:13 | 000,437,183 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\My Documents\prophetswayofprayer.pdf
[2011/06/22 20:53:39 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-842925246-1417001333-1004.job
[2011/06/21 20:46:17 | 124,669,952 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\Desktop\gparted-live-0.7.0-7.iso
[2011/06/21 00:21:01 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-842925246-1417001333-1004.job
[2011/06/19 15:44:21 | 000,023,552 | -H-- | C] () -- C:\Documents and Settings\Makaveli_801\My Documents\photothumb.db
[2011/06/18 21:39:24 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/06/12 17:55:01 | 000,011,186 | -HS- | C] () -- C:\Documents and Settings\Makaveli_801\Local Settings\Application Data\dmnl8x0wg7864d2gc7ys3jwch87q680g6u3
[2011/06/12 17:55:01 | 000,011,186 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\dmnl8x0wg7864d2gc7ys3jwch87q680g6u3
[2011/06/11 14:48:58 | 000,349,980 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\My Documents\Direct_Deposit.pdf
[2011/06/10 22:36:44 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\Desktop\MP3 Skype Recorder.lnk
[2011/06/10 22:31:32 | 000,113,486 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2011/06/10 22:20:08 | 000,585,352 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\My Documents\Untitled.ses
[2011/06/06 03:51:39 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\Local Settings\Application Data\fusioncache.dat
[2011/06/02 00:51:58 | 000,002,163 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sid Meier's Civilization IV Colonization.lnk
[2011/05/30 19:53:25 | 000,007,494 | -HS- | C] () -- C:\Documents and Settings\Makaveli_801\Local Settings\Application Data\q5knv24l11k4
[2011/05/30 19:53:25 | 000,007,494 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q5knv24l11k4
[2011/05/16 00:30:54 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 00:30:52 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/06 18:51:58 | 000,002,240 | ---- | C] () -- C:\WINDOWS\System32\esnecil.nlp
[2011/05/06 18:51:58 | 000,002,240 | ---- | C] () -- C:\WINDOWS\System32\esnecil.ind
[2011/05/05 17:24:15 | 000,000,043 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/05/05 17:23:57 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/05/05 17:23:57 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/05/05 17:23:57 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/05/05 17:23:56 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\Application Data\Microsoft\Internet Explorer\Quick Launch\Kelk2000.lnk
[2011/05/02 18:32:53 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/02 00:50:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Makaveli.lnk
[2011/05/01 19:11:16 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\Desktop\Athan.lnk
[2011/04/26 17:21:44 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\Desktop\FL Studio 10.lnk
[2011/04/20 02:30:28 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/20 02:30:28 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/19 16:11:26 | 000,030,353 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\My Documents\Document.rtf
[2011/04/10 22:27:10 | 000,059,206 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\Application Data\Makaveli_8013SQLite3.dll
[2011/04/05 20:43:04 | 000,607,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/04/05 20:42:46 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/03/26 18:38:05 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\Desktop\Windows Media Player.lnk
[2011/03/20 21:54:08 | 000,366,788 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\My Documents\online_application.pdf
[2011/03/18 23:04:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System\VRAIDlog.dll
[2011/03/18 22:17:31 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/03/18 22:17:14 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/03/02 01:04:39 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/03/01 16:20:32 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\JDownloader.lnk
[2011/02/26 22:28:10 | 000,009,756 | -HS- | C] () -- C:\Documents and Settings\Makaveli_801\My Documents\Folder.jpg
[2011/02/26 22:28:10 | 000,009,756 | -HS- | C] () -- C:\Documents and Settings\Makaveli_801\My Documents\AlbumArt_{2AA87207-7577-4A18-912A-495077EF8D6F}_Large.jpg
[2011/02/26 22:28:10 | 000,002,428 | -HS- | C] () -- C:\Documents and Settings\Makaveli_801\My Documents\AlbumArtSmall.jpg
[2011/02/26 22:28:10 | 000,002,428 | -HS- | C] () -- C:\Documents and Settings\Makaveli_801\My Documents\AlbumArt_{2AA87207-7577-4A18-912A-495077EF8D6F}_Small.jpg
[2011/02/23 01:22:45 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\debutDowngrade.job
[2011/02/10 21:38:55 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/09 08:53:52 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011/02/09 08:53:52 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/01/26 15:20:57 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Debut Video Capture Software.lnk
[2011/01/10 18:29:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/08 18:25:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2010/12/30 18:18:58 | 000,000,356 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MAKAVELI-565454-Makaveli_801.job
[2010/12/30 04:48:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Makaveli_801\net
[2010/12/25 21:39:16 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Prism Video File Converter.lnk
[2010/12/15 14:44:51 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/12/11 00:10:47 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2010/12/06 08:58:56 | 002,496,715 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe
[2010/12/01 18:50:54 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/01 18:49:29 | 000,142,337 | ---- | C] () -- C:\WINDOWS\System32\Wait.exe
[2010/12/01 18:46:16 | 000,008,144 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010/12/01 17:02:17 | 000,066,048 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2010/11/12 17:06:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2010/11/12 17:06:19 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
[2010/11/12 17:05:00 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2010/11/12 17:05:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2010/11/12 17:04:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2010/11/12 17:04:2
IP logged
If you tried to number God's blessings, you could never count them. God is Ever-Forgiving, Most Merciful. (Surat an-Nahl: 18)
makaveli_801
Topic Starter
Rookie



Posts: 17



you can never count the blessing of GOD
« Reply #9 on: December 05, 2011, 01:19:59 AM »
0 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2010/11/12 17:04:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2010/11/12 17:04:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2010/11/12 16:57:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini
[2010/11/12 16:56:57 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2010/11/12 16:56:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2010/10/29 16:29:31 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/10/02 19:19:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2010/09/27 13:52:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/22 16:10:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/09/11 00:03:33 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/11 00:03:33 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/31 21:27:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2010/08/29 14:14:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/29 13:58:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/29 13:43:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/29 13:28:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/29 13:25:14 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\CabTool.exe
[2010/08/29 06:15:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/29 06:12:48 | 003,623,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 17:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 17:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/06/19 15:39:47 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe
[2008/06/19 15:39:45 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2008/06/19 15:39:45 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 002,112,912 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 001,280,000 | RHS- | C] () -- C:\WINDOWS\System32\msupdate.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | C] () -- C:\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 000,688,374 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys
[2008/04/14 07:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2008/04/14 07:00:00 | 000,052,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/12/26 03:26:02 | 000,003,760 | -H-- | C] () -- C:\Documents and Settings\Makaveli_801\Application Data\Makaveli_801log.dat
[2003/10/01 21:21:42 | 000,029,414 | ---- | C] () -- C:\WINDOWS\System32\CKLDRV.SYS
[2002/12/24 17:51:00 | 001,533,952 | ---- | C] () -- C:\WINDOWS\System32\Klk79.dll
[2002/12/24 17:51:00 | 000,818,688 | ---- | C] () -- C:\WINDOWS\System32\K2KLOC.dll
 
========== LOP Check ==========
 
[2010/11/13 16:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\abgx360
[2010/11/07 18:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\AVG
[2010/11/07 17:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\AVG10
[2011/08/25 14:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\BitTorrent
[2011/04/29 18:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\FabFilter
[2011/06/10 22:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\Free Sound Recorder
[2011/04/21 23:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\FreeCall
[2010/09/15 18:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\FreeFileViewer
[2011/08/19 13:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\FUJIFILM
[2011/04/21 01:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\GetRightToGo
[2010/09/02 23:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\ImgBurn
[2010/11/22 15:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\Lexmark Productivity Studio
[2011/06/10 22:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\MP3SkypeRecorder
[2010/09/03 09:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\NCH Swift Sound
[2011/04/20 13:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\OpenCandy
[2011/06/10 21:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\PC Suite
[2010/12/30 04:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\PhotoScape
[2010/09/02 18:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\Recordpad
[2010/11/07 20:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\Registry Mechanic
[2011/06/10 21:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\Samsung
[2010/08/29 13:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\Styler
[2011/06/17 22:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\Toolbar4
[2011/03/31 21:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\Trusteer
[2010/10/24 16:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makaveli_801\Application Data\Xbins
[2010/11/19 22:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/07 17:36:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/08/29 22:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2010/08/29 22:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/06/10 20:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/12/16 15:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/01 17:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/09/02 18:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/08/29 23:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2011/06/10 21:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/08/09 06:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/06/14 14:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/12/01 22:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shared Documents
[2011/10/04 23:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/22 15:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2011/03/31 21:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/08/29 15:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/01 12:22:03 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\debutDowngrade.job
[2011/08/25 15:17:38 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job
[2011/07/28 00:42:23 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/07/03 21:41:03 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2011/05/07 13:04:01 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\
[2011/05/07 13:04:01 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 816 bytes -> C:\WINDOWS\2299180878:2974348662.exe
@Alternate Data Stream - 336 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
Sorry I only have internet access via mobile.
IP logged
If you tried to number God's blessings, you could never count them. God is Ever-Forgiving, Most Merciful. (Surat an-Nahl: 18)
SuperDave
Malware Removal Specialist
Moderator
Prodigy



Thanked: 617
Posts: 6,998

Certifications: List
Experience: Experienced
OS: Windows XP
« Reply #10 on: December 05, 2011, 12:58:20 PM »
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]
:OTL

IE - HKU\Makaveli_801_ON_C\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - Reg Error: Key error. File not found
IE - HKU\Makaveli_801_ON_C\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  File not found
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} -  File not found
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} -  File not found
O2 - BHO: (Iminent.BHO.NavigationError) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  File not found
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -  File not found
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  File not found
O3 - HKU\Makaveli_801_ON_C\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  File not found
O4 - HKLM..\Run: [IMBooster]  File not found
O4 - HKLM..\Run: [Iminent.Notifier]  File not found
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [NBAgent]  File not found
O4 - HKU\Makaveli_801_ON_C..\Run: [Mega Manager]  File not found
O4 - HKU\Makaveli_801_ON_C..\Run: [Security Protection]  File not found
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix]  File not found
O4 - HKU\Administrator_ON_C..\RunOnce: [ShowDeskFix]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [ShowDeskFix]  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O20 - Winlogon\Notify\opnnkjiJ: DllName - opnnkjiJ.dll -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
Please try to boot your computer in Normal Mode and tell me what's happening.
IP logged
AMD Athlon XP 1900+ 1.47 GHz  3 GB Ram Windows XP  Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware  and Threatfire with Comodo Firewall & Windows Defender
makaveli_801
Topic Starter
Rookie



Posts: 17



you can never count the blessing of GOD
« Reply #11 on: December 07, 2011, 11:15:32 PM »
It starts up normally as before keyboard is disabled and blank white screen thank you very much for helping really appreciate it.          :OTL

IE - HKU\Makaveli_801_ON_C\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - Reg Error: Key error. File not found IE - HKU\Makaveli_801_ON_C\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - File not found O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - File not found O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - File not found O2 - BHO: (Iminent.BHO.NavigationError) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - File not found O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - File not found O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - File not found O3 - HKU\Makaveli_801_ON_C\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - File not found O4 - HKLM..\Run: [IMBooster] File not found O4 - HKLM..\Run: [Iminent.Notifier] File not found O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NBAgent] File not found O4 - HKU\Makaveli_801_ON_C..\Run: [Mega Manager] File not found O4 - HKU\Makaveli_801_ON_C..\Run: [Security Protection] File not found O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found O4 - HKU\Administrator_ON_C..\RunOnce: [ShowDeskFix] File not found O4 - HKU\NetworkService_ON_C..\RunOnce: [ShowDeskFix] File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -File not found O20 - Winlogon\Notify\opnnkjiJ: DllName - opnnkjiJ.dll -File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found

:COMMANDS [resethosts] [purity] [start explorer].                                                                                                                       
IP logged
If you tried to number God's blessings, you could never count them. God is Ever-Forgiving, Most Merciful. (Surat an-Nahl: 18)
SuperDave
Malware Removal Specialist
Moderator
Prodigy



Thanked: 617
Posts: 6,998

Certifications: List
Experience: Experienced
OS: Windows XP
« Reply #12 on: December 08, 2011, 12:42:47 PM »
Please try running this in Normal mode. If you cannot, please run it in Safe Mode.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
IP logged
AMD Athlon XP 1900+ 1.47 GHz  3 GB Ram Windows XP  Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware  and Threatfire with Comodo Firewall & Windows Defender
SuperDave
Malware Removal Specialist
Moderator
Prodigy



Thanked: 617
Posts: 6,998

Certifications: List
Experience: Experienced
OS: Windows XP
« Reply #13 on: December 08, 2011, 12:45:39 PM »
Please try running this in Normal mode. If you cannot, please run it in Safe Mode.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Sorry for the double post. The site is acting weird today.
IP logged
AMD Athlon XP 1900+ 1.47 GHz  3 GB Ram Windows XP  Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware  and Threatfire with Comodo Firewall & Windows Defender
makaveli_801
Topic Starter
Rookie



Posts: 17



you can never count the blessing of GOD
« Reply #14 on: December 08, 2011, 04:09:19 PM »
I cant access my desktop on safe mode or normal mode. It starts up as stated before with just a white screen and my keyboard disabled.
IP logged
If you tried to number God's blessings, you could never count them. God is Ever-Forgiving, Most Merciful. (Surat an-Nahl: 18)
Pages: [1] 2  All - (Top) Print 
Home / Software / Computer viruses and spyware / remove spyware removal, trojan rootkit « previous next »
 


Login with username, password and session length

Old Forum Search | Forum Rules
Copyright © 2010 Computer Hope ® All rights reserved.
Powered by SMF 2.0 RC3 | SMF © 2006–2010, Simple Machines LLC
Page created in 0.36 seconds with 21 queries.