Techmonkeys.co.uk / Security / Virus & Spyware Support / Continuous uploading to internet

Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Continuous uploading to internet
04-11-2011, 02:56 PM
Post: #1
nmmanas Offline
Baboon
 		Posts: 24
Joined: Nov 2011
Reputation: 0
Continuous uploading to internet
Hello,

First of all I would like to tell that when I tried to run the dds.scr script, when about the 3/4 of the scan in complete my laptop freezes.

I am using avast! Free Antivirus and usually in the past few months when I disconnect from the internet avast shows a threat being detected. Then I ran a full system scan and the following viruses are found & cleaned except the hiberfil.sys which couldn't be cleaned

[Image: 6312121864_937a3c6e7d.jpg]

And for the past few weeks I notice a continuous upload from my laptop, but I dont know who initiates them who where does they go.

Please help me as I couldn't run the dds.scr script

Thanks.
Send this user an email Find all posts by this user
Quote this message in a reply
05-11-2011, 12:39 AM
Post: #2
Maniac Offline
Malware Fighter
*****
 		Posts: 1,339
Joined: Dec 2009
Reputation: 7
RE: Continuous uploading to internet
Hello nmmanas! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
06-11-2011, 12:04 AM
Post: #3
nmmanas Offline
Baboon
 		Posts: 24
Joined: Nov 2011
Reputation: 0
RE: Continuous uploading to internet
Hi Maniac,

I am really excited to get help from you! Smile

I have a small concern. I noticed in the utility that the 'File Age:' option was set to '30 Days'. But I am having this problem for more than a month. Though I didn't see the continuous uploading of data before a month, the virus problem has occurred for nearly the past 2 months.

Anyway, here are my logs:
======
OTL.txt:
======
OTL logfile created on: 11/6/2011 3:05:35 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Manas\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

374.04 Mb Total Physical Memory | 182.85 Mb Available Physical Memory | 48.88% Memory free
965.73 Mb Paging File | 521.52 Mb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 564 1128 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.67 Gb Total Space | 1.79 Gb Free Space | 13.11% Space Free | Partition Type: NTFS
Drive D: | 11.79 Gb Total Space | 0.77 Gb Free Space | 6.51% Space Free | Partition Type: NTFS
Drive E: | 11.80 Gb Total Space | 4.51 Gb Free Space | 38.24% Space Free | Partition Type: NTFS
Drive H: | 34.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DELL | User Name: Manas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/06 02:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Manas\Desktop\OTL.exe
PRC - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/28 19:35:26 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/25 01:35:25 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/10/21 14:39:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/09/07 02:15:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/07 02:15:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/09/02 06:12:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Manas\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/07/19 01:03:44 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/06/02 14:12:43 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jusched.exe
PRC - [2011/04/25 21:00:52 | 003,298,712 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2010/06/21 13:53:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/06/07 16:35:36 | 000,618,496 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2010/05/25 19:58:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2010/05/08 17:18:36 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
PRC - [2004/08/04 04:26:56 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2004/08/04 04:26:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/05 15:47:17 | 001,608,192 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11110502\algo.dll
MOD - [2011/11/03 22:12:38 | 000,239,432 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11110502\aswRep.dll
MOD - [2011/10/28 19:35:28 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/10/28 19:35:28 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/28 19:35:26 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/09/07 02:15:25 | 000,011,800 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswMonVD.dll
MOD - [2010/06/07 16:35:36 | 000,618,496 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
MOD - [2010/05/08 17:18:36 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
MOD - [2009/08/10 13:07:46 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ssp7ml3.dll
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004/08/04 04:26:44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/09/07 02:15:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/21 13:53:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/05/08 17:18:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2008/04/17 19:13:44 | 005,750,784 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- (wampmysqld)
SRV - [2008/01/18 01:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache)


========== Driver Services (SafeList) ==========

DRV - [2011/10/28 19:35:28 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/10/28 19:35:26 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/09/07 02:08:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/07 02:07:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/07 02:06:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/07 02:06:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/07 02:06:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/07 02:06:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/07 02:03:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/03/28 23:16:40 | 000,098,160 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2010/06/01 14:07:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/05/22 14:48:20 | 000,070,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/03/25 10:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/03/20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/07 21:51:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/07/20 14:14:06 | 000,258,160 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/05/21 21:47:12 | 000,175,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.2.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecorde​xt.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/19 01:04:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/19 01:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownlo​admanager.com: C:\Documents and Settings\Manas\Application Data\IDM\idmmzcc3 [2011/06/07 17:32:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdown​loadmanager.com: C:\Documents and Settings\Manas\Application Data\IDM\idmmzcc3 [2011/06/07 17:32:02 | 000,000,000 | ---D | M]

[2011/06/02 14:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Manas\Application Data\Mozilla\Extensions
[2011/10/31 23:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Manas\Application Data\Mozilla\Firefox\Profiles\bntoylew.default\extensions
[2011/06/17 21:34:50 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Manas\Application Data\Mozilla\Firefox\Profiles\bntoylew.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/10/31 23:26:49 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Manas\Application Data\Mozilla\Firefox\Profiles\bntoylew.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/07/06 00:52:49 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Manas\Application Data\Mozilla\Firefox\Profiles\bntoylew.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/10/31 23:26:44 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Manas\Application Data\Mozilla\Firefox\Profiles\bntoylew.default\extensions\piclens@cooliris.com
[2011/07/24 01:47:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/20 16:09:29 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/02 14:12:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2011/06/27 10:56:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/07/19 01:04:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MANAS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BNTOYLEW.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MANAS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BNTOYLEW.DEFAULT\EXTENSIONS\TRANSLATOR@ZOLI.BOD.XPI
[2011/07/04 21:06:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/04 21:06:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQu​eryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGrou​pParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantF​ieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecorde​xt.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: TweetDeck = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\0.9.8.2_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: ESPN Cricinfo = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ijhlikjoigjegofbedmfmlcfkmhabldh\1.8.4.1_0\
CHR - Extension: World Time Buddy = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdhpjomiingppeefgnohkiapmnaeakoj\4_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Todoist: To-Do list and Task Manager = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh\1.72_0\
CHR - Extension: Send from Gmail (by Google) = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\

O1 HOSTS File: ([2001/08/23 17:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe (Corel Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - Startup: C:\Documents and Settings\Manas\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Manas\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Manas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Manas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/02 10:31:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/25 11:00:31 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/12 01:18:36 | 000,126,976 | R--- | M] () - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/10/01 22:42:34 | 000,000,045 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/09/13 01:10:28 | 000,000,094 | R--- | M] () - H:\autorun.sh -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/06 03:00:29 | 000,000,000 | ---D | C] -- D:\My Documents\Techmonkeys
[2011/11/06 02:57:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Manas\Desktop\OTL.exe
[2011/11/04 17:46:15 | 000,000,000 | ---D | C] -- D:\My Documents\Diagnose
[2011/11/04 16:40:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Manas\Desktop\dds.scr
[2011/11/04 08:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manas\Local Settings\Application Data\adaware
[2011/11/04 08:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/11/04 08:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/11/04 08:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manas\Application Data\adawaretb
[2011/11/04 08:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2011/11/04 08:49:44 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/11/04 08:49:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/11/04 08:49:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/04 08:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/11/04 08:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/11/04 08:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/11/04 07:31:05 | 000,000,000 | R--D | C] -- D:\My Documents\Dropbox
[2011/11/04 07:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manas\Start Menu\Programs\Dropbox
[2011/11/04 07:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manas\Application Data\Dropbox
[2011/11/04 06:42:03 | 000,000,000 | ---D | C] -- D:\My Documents\HijackThis – Quick Start! What the Tech_files
[2011/11/02 00:18:01 | 000,000,000 | ---D | C] -- D:\My Documents\Contracts
[2011/10/30 14:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manas\Application Data\skypePM
[2011/10/30 13:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/10/30 13:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/10/30 13:46:53 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/10/30 13:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/10/30 13:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manas\Start Menu\Programs\Revo Uninstaller
[2011/10/30 13:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/10/17 22:17:20 | 000,000,000 | ---D | C] -- D:\My Documents\Islamic Online University volanteer_files
[2011/10/16 23:21:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/10/15 22:37:02 | 000,000,000 | ---D | C] -- D:\My Documents\UYT
[2011/10/07 14:40:45 | 000,000,000 | ---D | C] -- D:\My Documents\THE ISLAMIC LAWS OF INHERITANCE_files
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/06 02:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Manas\Desktop\OTL.exe
[2011/11/06 02:40:49 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1682526488-854245398-1003UA.job
[2011/11/06 01:40:52 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1682526488-854245398-1003Core.job
[2011/11/06 00:40:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-861567501-1682526488-854245398-1003.job
[2011/11/06 00:40:24 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-1682526488-854245398-1003.job
[2011/11/05 02:27:10 | 000,000,206 | ---- | M] () -- C:\WINDOWS\POD.INI
[2011/11/04 16:59:33 | 392,278,016 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/04 16:59:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/04 16:41:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Manas\Desktop\dds.scr
[2011/11/04 08:55:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/04 08:49:49 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/11/04 07:31:05 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Manas\Desktop\Dropbox.lnk
[2011/11/04 07:27:35 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Manas\Start Menu\Programs\Startup\Dropbox.lnk
[2011/11/03 01:33:11 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Manas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/03 01:33:09 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Manas\Desktop\Google Chrome.lnk
[2011/11/01 15:49:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/30 14:58:31 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/10/30 13:47:15 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/10/30 13:40:59 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Manas\Desktop\Revo Uninstaller.lnk
[2011/10/28 19:35:28 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/10/17 22:17:20 | 000,086,873 | ---- | M] () -- D:\My Documents\Islamic Online University volanteer.htm
[2011/10/17 16:53:45 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/07 17:02:08 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Manas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/07 14:40:45 | 000,033,697 | ---- | M] () -- D:\My Documents\THE ISLAMIC LAWS OF INHERITANCE.htm
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/04 08:49:49 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/11/04 07:31:05 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\Manas\Desktop\Dropbox.lnk
[2011/11/04 07:27:34 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\Manas\Start Menu\Programs\Startup\Dropbox.lnk
[2011/10/30 14:58:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/10/30 13:47:15 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/10/30 13:40:59 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Manas\Desktop\Revo Uninstaller.lnk
[2011/10/17 22:17:12 | 000,086,873 | ---- | C] () -- D:\My Documents\Islamic Online University volanteer.htm
[2011/10/07 14:40:42 | 000,033,697 | ---- | C] () -- D:\My Documents\THE ISLAMIC LAWS OF INHERITANCE.htm
[2011/07/26 15:19:38 | 000,484,656 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2011/07/26 15:19:01 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssp7ml3.dll
[2011/07/19 02:44:40 | 000,000,007 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2011/07/19 02:44:40 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2011/07/10 06:23:29 | 000,000,491 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/06/02 18:05:05 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Manas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/02 18:00:32 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2011/06/02 15:35:21 | 000,005,525 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/02 15:34:07 | 000,328,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/02 14:20:47 | 000,000,206 | ---- | C] () -- C:\WINDOWS\POD.INI
[2011/06/02 14:10:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/02 11:16:31 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/06/02 10:44:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/02 10:27:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/18 09:33:32 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2011/01/18 09:33:30 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\Crutl14.dll
[2011/01/18 09:33:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Crsybdtc14.dll
[2011/01/18 09:33:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CRInf9.dll
[2004/08/04 04:37:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 04:26:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/02 17:50:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 15:06:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 17:30:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 17:30:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 17:30:00 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 17:30:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 17:30:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 17:30:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 17:30:00 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 17:30:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 17:30:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 17:30:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >















========
Extras.txt:
========

OTL Extras logfile created on: 11/6/2011 3:05:35 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Manas\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

374.04 Mb Total Physical Memory | 182.85 Mb Available Physical Memory | 48.88% Memory free
965.73 Mb Paging File | 521.52 Mb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 564 1128 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.67 Gb Total Space | 1.79 Gb Free Space | 13.11% Space Free | Partition Type: NTFS
Drive D: | 11.79 Gb Total Space | 0.77 Gb Free Space | 6.51% Space Free | Partition Type: NTFS
Drive E: | 11.80 Gb Total Space | 4.51 Gb Free Space | 38.24% Space Free | Partition Type: NTFS
Drive H: | 34.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DELL | User Name: Manas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\wmpdtc32.exe" = C:\WINDOWS\system32\wmpdtc32.exe:*:Enabled:aLAN
"C:\WINDOWS\system32\wmpdtv32.exe" = C:\WINDOWS\system32\wmpdtv32.exe:*:Enabled:cLAN
"C:\WINDOWS\system32\igfxvtk32.exe" = C:\WINDOWS\system32\igfxvtk32.exe:*:Enabled:bLAN

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" = C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\wmpdtc32.exe" = C:\WINDOWS\system32\wmpdtc32.exe:*:Enabled:aLAN
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\WINDOWS\system32\wmpdtv32.exe" = C:\WINDOWS\system32\wmpdtv32.exe:*:Enabled:cLAN
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\WINDOWS\system32\igfxvtk32.exe" = C:\WINDOWS\system32\igfxvtk32.exe:*:Enabled:bLAN
"C:\Documents and Settings\Manas\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Manas\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\adawaretb\dtUser.exe" = C:\Program Files\adawaretb\dtUser.exe:*:Enabled:Ad-Aware Security Toolbar DTX Broker -- (Visicom Media Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160000}" = Java™ SE Development Kit 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7699B723-9718-41DE-8C18-549F341C02CE}" = Crystal Reports
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1" = Free MP3 Cutter 1.01
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AAD741ED-AD97-4C3F-84DD-A335CC9B7451}" = ECU V4.1.0
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Bukhari, Muslim, Malik, and Dawud Hadith Collection_is1" = Bukhari, Muslim, Malik, and Dawud Hadith Collection
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FBackup 4_is1" = FBackup 4
"GameSpy Arcade" = GameSpy Arcade
"Get Organized_is1" = Get Organized 1.05
"Internet Download Manager" = Internet Download Manager
"Juz30_is1" = Juz30 2.2 Beta
"Khalid Bin Waleed - The Sword of Allah_is1" = Khalid Bin Waleed - The Sword of Allah
"Lotus NotesSQL 2.06 driver" = Lotus NotesSQL 2.06 driver
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.93
"Samsung ML-1660 Series" = Maintenance Samsung ML-1660 Series
"TeamViewer 5" = TeamViewer 5
"The KMPlayer" = The KMPlayer (remove only)
"The Noble Quran - Saheeh Int. Translation_is1" = The Noble Quran - Saheeh Int. Translation
"thriXXX WebLaunch" = thriXXX WebLaunch
"VLC media player" = VLC media player 1.1.7
"WampServer 2_is1" = WampServer 2.0
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinRAR archiver" = WinRAR archiver
"Zekr" = Zekr

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"VirtuaGirl_is1" = VirtuaGirl version 1.0.6.01

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/11/2011 11:23:00 AM | Computer Name = DELL | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/11/2011 11:23:25 AM | Computer Name = DELL | Source = crypt32 | ID = 131075
Description = Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: This operation returned because the timeout period expired.

Error - 9/14/2011 9:43:19 AM | Computer Name = DELL | Source = NTBackup | ID = 8009
Description = End Verify of 'D:' 'Failed' Consult the backup report for more detail.


Error - 9/14/2011 2:36:49 PM | Computer Name = DELL | Source = Chrome | ID = 1
Description =

Error - 9/18/2011 9:35:30 PM | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application Skype.exe, version 5.3.0.120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/23/2011 11:32:21 AM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application kmplayer.exe, version 2.9.4.1434, faulting module
diracsplitter.ax, version 1.2.925.0, fault address 0x00003713.

Error - 9/30/2011 3:17:11 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 10/5/2011 2:29:16 PM | Computer Name = DELL | Source = Chrome | ID = 1
Description =

Error - 10/6/2011 2:42:00 PM | Computer Name = DELL | Source = Chrome | ID = 1
Description =

Error - 10/8/2011 12:35:01 PM | Computer Name = DELL | Source = Chrome | ID = 1
Description =

[ System Events ]
Error - 10/3/2011 12:22:05 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 10/3/2011 1:47:45 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 10/3/2011 1:47:45 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 10/5/2011 2:34:38 PM | Computer Name = DELL | Source = Dhcp | ID = 1002
Description = The IP address lease 175.157.162.59 for the Network Card with network
address 001E101F2D19 has been denied by the DHCP server 123.231.57.74 (The DHCP
Server sent a DHCPNACK message).

Error - 10/6/2011 12:22:37 AM | Computer Name = DELL | Source = Dhcp | ID = 1002
Description = The IP address lease 175.157.160.90 for the Network Card with network
address 001E101FB172 has been denied by the DHCP server 175.157.184.214 (The DHCP
Server sent a DHCPNACK message).

Error - 10/6/2011 12:46:40 AM | Computer Name = DELL | Source = Dhcp | ID = 1002
Description = The IP address lease 175.157.184.213 for the Network Card with network
address 001E101FB172 has been denied by the DHCP server 175.157.185.1 (The DHCP
Server sent a DHCPNACK message).

Error - 10/6/2011 12:58:03 AM | Computer Name = DELL | Source = Dhcp | ID = 1002
Description = The IP address lease 175.157.185.15 for the Network Card with network
address 001E101FB172 has been denied by the DHCP server 175.157.169.245 (The DHCP
Server sent a DHCPNACK message).

Error - 10/6/2011 1:00:18 AM | Computer Name = DELL | Source = Dhcp | ID = 1002
Description = The IP address lease 175.157.169.246 for the Network Card with network
address 001E101FB172 has been denied by the DHCP server 175.157.183.33 (The DHCP
Server sent a DHCPNACK message).

Error - 10/6/2011 1:15:35 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7024
Description = The Messenger service terminated with service-specific error 2137
(0x859).

Error - 10/6/2011 3:07:18 PM | Computer Name = DELL | Source = Dhcp | ID = 1002
Description = The IP address lease 175.157.205.182 for the Network Card with network
address 001E101F5127 has been denied by the DHCP server 123.231.9.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
Send this user an email Find all posts by this user
Quote this message in a reply
06-11-2011, 03:47 PM
Post: #4
Maniac Offline
Malware Fighter
*****
 		Posts: 1,339
Joined: Dec 2009
Reputation: 7
RE: Continuous uploading to internet
Good! Smile

Don't worry about the file age. Wink

I need more information about the following files:
C:\hiberfil.sys
C:\WINDOWS\ssndii.exe
C:\WINDOWS\treeskp.sys

So please try one by one upload them in http://www.virustotal.com and when the scan is finished, please post here links to them.
[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
06-11-2011, 05:10 PM
Post: #5
nmmanas Offline
Baboon
 		Posts: 24
Joined: Nov 2011
Reputation: 0
RE: Continuous uploading to internet
Hi, Smile

I tried to do as you instructed.

I couldn't scan the "C:\hiberfil.sys" file as its size is 374MB and the limit was 20MB. Sad

I couldn't scan "C:\WINDOWS\ssndii.exe" file either as when I try to upload this, again an anonymous continuous upload is initiated. Here is the picture of my modem software showing the bandwidth consumption. (I tried twice)

[Image: 6318154141_f7640123e2.jpg]

And following is the response I get after the upload:
[Image: 6318180395_dda07a765f.jpg]


Only file I managed to scan is "C:\WINDOWS\treeskp.sys" and here is the link: http://www.virustotal.com/file-scan/repo...1320589933

I am really grateful and appreciate your help. Your help to me is invaluable.

Thanks. Wink
Send this user an email Find all posts by this user
Quote this message in a reply
06-11-2011, 05:18 PM (This post was last modified: 06-11-2011 05:18 PM by Maniac.)
Post: #6
Maniac Offline
Malware Fighter
*****
 		Posts: 1,339
Joined: Dec 2009
Reputation: 7
RE: Continuous uploading to internet
Quote:I couldn't scan "C:\WINDOWS\ssndii.exe" file either as when I try to upload this, again an anonymous continuous upload is initiated. Here is the picture of my modem software showing the bandwidth consumption. (I tried twice)

About this file, please try with http://www.virusscan.jotti.org . The procedure is similiar to Virustotal.

Quote:I couldn't scan the "C:\hiberfil.sys" file as its size is 374MB and the limit was 20MB. Sad

  • Open the Windows Control Panel
  • Double-click Power Options
  • Click the Hibernate tab, de-select the 'Enable hibernate support' check box, and then click Apply.
  • Restart your computer and hiberfil.sys should be automatically deleted (this is not always the case - simply delete it if Windows didn't do it for you).

When you finish, please turn it on, reboot and post a new fresh OTL log file with the link for file analyse.
[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
06-11-2011, 08:14 PM
Post: #7
nmmanas Offline
Baboon
 		Posts: 24
Joined: Nov 2011
Reputation: 0
RE: Continuous uploading to internet
Quote:
Quote:I couldn't scan "C:\WINDOWS\ssndii.exe" file either as when I try to upload this, again an anonymous continuous upload is initiated. Here is the picture of my modem software showing the bandwidth consumption. (I tried twice)

About this file, please try with http://www.virusscan.jotti.org . The procedure is similiar to Virustotal.

Even this time the automatic updating of data was held throughout the process, but finally I got the response.
Here is the link: http://virusscan.jotti.org/en/scanresult...106a0cd565


Quote:
Quote:I couldn't scan the "C:\hiberfil.sys" file as its size is 374MB and the limit was 20MB. Sad

  • Open the Windows Control Panel
  • Double-click Power Options
  • Click the Hibernate tab, de-select the 'Enable hibernate support' check box, and then click Apply.
  • Restart your computer and hiberfil.sys should be automatically deleted (this is not always the case - simply delete it if Windows didn't do it for you).

done.. it was automatically deleted..

Quote:When you finish, please turn it on, reboot and post a new fresh OTL log file with the link for file analyse.

This time I didn't get the "Extras.txt" file. When I started the utility I saw in the "Extra Registry" section "None" was selected by default. I can remember it was set to "Use SafeList" when I first ran.

Anyway here is OTL.txt

I first ran the OTL utility and then got "C:\WINDOWS\ssndii.exe" analysed (in case the sequence is important)

======
OTL.txt
======


OTL logfile created on: 11/6/2011 11:17:26 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Manas\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

374.04 Mb Total Physical Memory | 87.80 Mb Available Physical Memory | 23.47% Memory free
904.71 Mb Paging File | 666.09 Mb Available in Paging File | 73.63% Paging File free
Paging file location(s): C:\pagefile.sys 564 1128 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.67 Gb Total Space | 1.66 Gb Free Space | 12.16% Space Free | Partition Type: NTFS
Drive D: | 11.79 Gb Total Space | 0.72 Gb Free Space | 6.12% Space Free | Partition Type: NTFS
Drive E: | 11.80 Gb Total Space | 4.51 Gb Free Space | 38.24% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Manas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/06 02:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Manas\Desktop\OTL.exe
PRC - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/28 19:35:26 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/25 01:35:25 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/10/21 14:39:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/09/07 02:15:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/07 02:15:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/07/19 01:03:44 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/06/02 14:12:43 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jusched.exe
PRC - [2011/04/25 21:00:52 | 003,298,712 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2010/06/21 13:53:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/06/07 16:35:36 | 000,618,496 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2010/05/25 19:58:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2010/05/08 17:18:36 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
PRC - [2004/08/04 04:26:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/05 15:47:17 | 001,608,192 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11110502\algo.dll
MOD - [2011/11/03 22:12:38 | 000,239,432 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11110502\aswRep.dll
MOD - [2011/10/28 19:35:28 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/10/28 19:35:28 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/28 19:35:26 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2010/06/07 16:35:36 | 000,618,496 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
MOD - [2010/05/08 17:18:36 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
MOD - [2009/08/10 13:07:46 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ssp7ml3.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/09/07 02:15:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/21 13:53:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/05/08 17:18:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2008/04/17 19:13:44 | 005,750,784 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- (wampmysqld)
SRV - [2008/01/18 01:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache)


========== Driver Services (SafeList) ==========

DRV - [2011/10/28 19:35:28 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/10/28 19:35:26 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/09/07 02:08:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/07 02:07:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/07 02:06:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/07 02:06:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/07 02:06:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/07 02:06:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/07 02:03:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/03/28 23:16:40 | 000,098,160 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2010/06/01 14:07:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/05/22 14:48:20 | 000,070,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/03/25 10:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/03/20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/07 21:51:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/07/20 14:14:06 | 000,258,160 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/05/21 21:47:12 | 000,175,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.2.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecorde​xt.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/19 01:04:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/19 01:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownlo​admanager.com: C:\Documents and Settings\Manas\Application Data\IDM\idmmzcc3 [2011/06/07 17:32:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdown​loadmanager.com: C:\Documents and Settings\Manas\Application Data\IDM\idmmzcc3 [2011/06/07 17:32:02 | 000,000,000 | ---D | M]

[2011/06/02 14:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Manas\Application Data\Mozilla\Extensions
[2011/10/31 23:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Manas\Application Data\Mozilla\Firefox\Profiles\bntoylew.default\extensions
[2011/06/17 21:34:50 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Manas\Application Data\Mozilla\Firefox\Profiles\bntoylew.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/10/31 23:26:49 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Manas\Application Data\Mozilla\Firefox\Profiles\bntoylew.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/07/06 00:52:49 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Manas\Application Data\Mozilla\Firefox\Profiles\bntoylew.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/10/31 23:26:44 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Manas\Application Data\Mozilla\Firefox\Profiles\bntoylew.default\extensions\piclens@cooliris.com
[2011/07/24 01:47:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/20 16:09:29 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/02 14:12:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2011/06/27 10:56:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/07/19 01:04:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MANAS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BNTOYLEW.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MANAS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BNTOYLEW.DEFAULT\EXTENSIONS\TRANSLATOR@ZOLI.BOD.XPI
[2011/07/04 21:06:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/04 21:06:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQu​eryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGrou​pParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantF​ieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecorde​xt.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: TweetDeck = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\0.9.8.2_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: ESPN Cricinfo = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ijhlikjoigjegofbedmfmlcfkmhabldh\1.8.4.1_0\
CHR - Extension: World Time Buddy = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdhpjomiingppeefgnohkiapmnaeakoj\4_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Todoist: To-Do list and Task Manager = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh\1.72_0\
CHR - Extension: Send from Gmail (by Google) = C:\Documents and Settings\Manas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\

O1 HOSTS File: ([2001/08/23 17:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe (Corel Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - Startup: C:\Documents and Settings\Manas\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Manas\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Manas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Manas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/02 10:31:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/25 11:00:31 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/06 03:00:29 | 000,000,000 | ---D | C] -- D:\My Documents\Techmonkeys
[2011/11/06 02:57:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Manas\Desktop\OTL.exe
[2011/11/04 17:46:15 | 000,000,000 | ---D | C] -- D:\My Documents\Diagnose
[2011/11/04 16:40:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Manas\Desktop\dds.scr
[2011/11/04 08:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manas\Local Settings\Application Data\adaware
[2011/11/04 08:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/11/04 08:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/11/04 08:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manas\Application Data\adawaretb
[2011/11/04 08:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2011/11/04 08:49:44 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/11/04 08:49:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/11/04 08:49:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/04 08:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/11/04 08:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/11/04 08:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/11/04 07:31:05 | 000,000,000 | R--D | C] -- D:\My Documents\Dropbox
[2011/11/04 07:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manas\Start Menu\Programs\Dropbox
[2011/11/04 07:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manas\Application Data\Dropbox
[2011/11/04 06:42:03 | 000,000,000 | ---D | C] -- D:\My Documents\HijackThis – Quick Start! What the Tech_files
[2011/11/02 00:18:01 | 000,000,000 | ---D | C] -- D:\My Documents\Contracts
[2011/10/30 14:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manas\Application Data\skypePM
[2011/10/30 13:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/10/30 13:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/10/30 13:46:53 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/10/30 13:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/10/30 13:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manas\Start Menu\Programs\Revo Uninstaller
[2011/10/30 13:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/10/17 22:17:20 | 000,000,000 | ---D | C] -- D:\My Documents\Islamic Online University volanteer_files
[2011/10/16 23:21:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/10/15 22:37:02 | 000,000,000 | ---D | C] -- D:\My Documents\UYT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/06 23:14:16 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-861567501-1682526488-854245398-1003.job
[2011/11/06 23:13:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/06 23:13:51 | 392,278,016 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/06 22:40:04 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1682526488-854245398-1003UA.job
[2011/11/06 22:34:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/06 22:12:16 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-1682526488-854245398-1003.job
[2011/11/06 02:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Manas\Desktop\OTL.exe
[2011/11/06 01:40:52 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1682526488-854245398-1003Core.job
[2011/11/05 02:27:10 | 000,000,206 | ---- | M] () -- C:\WINDOWS\POD.INI
[2011/11/04 16:41:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Manas\Desktop\dds.scr
[2011/11/04 08:49:49 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/11/04 07:31:05 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Manas\Desktop\Dropbox.lnk
[2011/11/04 07:27:35 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Manas\Start Menu\Programs\Startup\Dropbox.lnk
[2011/11/03 01:33:11 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Manas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/03 01:33:09 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Manas\Desktop\Google Chrome.lnk
[2011/11/01 15:49:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/30 14:58:31 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/10/30 13:47:15 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/10/30 13:40:59 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Manas\Desktop\Revo Uninstaller.lnk
[2011/10/28 19:35:28 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/10/17 22:17:20 | 000,086,873 | ---- | M] () -- D:\My Documents\Islamic Online University volanteer.htm
[2011/10/17 16:53:45 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/06 23:11:41 | 392,278,016 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/04 08:49:49 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/11/04 07:31:05 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\Manas\Desktop\Dropbox.lnk
[2011/11/04 07:27:34 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\Manas\Start Menu\Programs\Startup\Dropbox.lnk
[2011/10/30 14:58:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/10/30 13:47:15 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/10/30 13:40:59 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Manas\Desktop\Revo Uninstaller.lnk
[2011/10/17 22:17:12 | 000,086,873 | ---- | C] () -- D:\My Documents\Islamic Online University volanteer.htm
[2011/07/26 15:19:38 | 000,484,656 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2011/07/26 15:19:01 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssp7ml3.dll
[2011/07/19 02:44:40 | 000,000,007 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2011/07/19 02:44:40 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2011/07/10 06:23:29 | 000,000,491 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/06/02 18:05:05 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Manas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/02 18:00:32 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2011/06/02 15:35:21 | 000,005,525 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/02 15:34:07 | 000,328,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/02 14:20:47 | 000,000,206 | ---- | C] () -- C:\WINDOWS\POD.INI
[2011/06/02 14:10:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/02 11:16:31 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/06/02 10:44:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/02 10:27:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/18 09:33:32 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2011/01/18 09:33:30 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\Crutl14.dll
[2011/01/18 09:33:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Crsybdtc14.dll
[2011/01/18 09:33:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CRInf9.dll
[2004/08/04 04:37:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 04:26:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/02 17:50:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 15:06:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 17:30:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 17:30:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 17:30:00 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 17:30:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 17:30:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 17:30:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 17:30:00 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 17:30:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 17:30:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 17:30:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >
Send this user an email Find all posts by this user
Quote this message in a reply
06-11-2011, 08:25 PM
Post: #8
Maniac Offline
Malware Fighter
*****
 		Posts: 1,339
Joined: Dec 2009
Reputation: 7
RE: Continuous uploading to internet
Please uninstall Ad-Aware, reboot and then make sure avast! database is up-to-date, which means 111106-1 and perform a full system scan. Let me know if avast again reported about the problem somewhere.
[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
07-11-2011, 03:39 AM
Post: #9
nmmanas Offline
Baboon
 		Posts: 24
Joined: Nov 2011
Reputation: 0
RE: Continuous uploading to internet
(06-11-2011 08:25 PM)Maniac Wrote:  Please uninstall Ad-Aware, reboot and then make sure avast! database is up-to-date, which means 111106-1 and perform a full system scan. Let me know if avast again reported about the problem somewhere.

I did as you instructed. And avast caught a virus:

[Image: 6320257855_2603765bb9.jpg]
Send this user an email Find all posts by this user
Quote this message in a reply
07-11-2011, 10:19 AM
Post: #10
Maniac Offline
Malware Fighter
*****
 		Posts: 1,339
Joined: Dec 2009
Reputation: 7
RE: Continuous uploading to internet
This is restore points (System Restore) from the old ones, so it is not who knows what. To clean them as should, please follow the instruction to turn off System Restore and then to turn on:
http://support.microsoft.com/kb/310405

Let me know.
[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


Contact Us | Techmonkeys.co.uk | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication