Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus/Malware transferred via USB drive - Suspect Recycler


  • Please log in to reply

#1
mokhseinabd

mokhseinabd

    Member

  • Member
  • PipPip
  • 28 posts
Hello, I suspect I have transferred a malware/virus from a colleague's PC to my Laptop via a USB thumbdrive. After doing a search on the internet about people having similar symptoms I think it may be what is being referred to a the "recycler" virus/malware.

I noticed the symptom on my USB thumbdrive that all image files which used to have the irfanview icon got changed to another unknown icon and the type of file was shown as "Application" instead of "Irfanview JPG file".

I have removed the USB drive from my Laptop but am afraid the problem has already been transferred to my Laptop.

Now I keep getting a message every now and then from the system tray saying that "You have files waiting to be written to the CD. To see the files now click this balloon". When I click the balloon I see the D drive showing an "autorun" file and a "Recycler" folder.

I have followed the steps in the Malware and Spyware Cleaning Guide and here are the results :

1. TFC done.

2. ERUNT done.

3. MBAM done.
Here is the log :
Malwarebytes' Anti-Malware 1.44
Database version: 3729
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/15/2010 9:17:20 AM
mbam-log-2010-02-15 (09-17-20).txt

Scan type: Quick Scan
Objects scanned: 191487
Time elapsed: 9 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\new folder.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cscript.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\exefile\nevershowext (Trojan.Autorun) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


4. GMER Rootkit Scanner :
Attempted but could not complete, because each time I tried suddenly in the middle of doing it the computer rebooted itself.

5. OTL logs are as follows :

OTL.txt is as follows :

OTL logfile created on: 2/15/2010 10:09:10 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Abah\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 465.00 Mb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.08 Gb Total Space | 13.27 Gb Free Space | 18.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOKHSEIN
Current User Name: Abah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/15 10:06:36 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Abah\Desktop\OTL.exe
PRC - [2010/02/12 06:26:24 | 001,611,368 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
PRC - [2010/02/12 06:26:24 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010/02/12 06:26:24 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2010/02/06 02:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Abah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/12/24 17:02:32 | 001,280,272 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\IS360tray.exe
PRC - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\IS360srv.exe
PRC - [2009/11/20 13:51:34 | 002,335,880 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/07/25 05:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/24 21:38:20 | 000,287,566 | RHS- | M] (1280 X 960) -- C:\Documents and Settings\Abah\Application Data\Java\ϝshimgvwʅ.exe
PRC - [2009/03/24 21:38:20 | 000,287,566 | RHS- | M] (1280 X 960) -- C:\Documents and Settings\Abah\Application Data\Java\ߙJviewʚ.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/01/02 05:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/12/20 06:55:17 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/05/24 18:28:28 | 000,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/05/24 18:21:28 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2006/05/01 09:34:00 | 000,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2006/05/01 09:28:26 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2006/05/01 09:28:06 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2006/05/01 09:26:14 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/05/01 09:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/05/01 09:20:52 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/05/01 09:20:26 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/03/08 11:48:02 | 000,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/12/13 02:45:00 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2005/12/13 02:41:08 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/12/13 02:41:00 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2005/11/15 19:44:14 | 001,200,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2005/11/15 19:42:22 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\PROGRA~1\MI3AA1~1\rapimgr.exe
PRC - [2005/07/23 10:33:48 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2005/02/23 15:57:24 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Mixer\CTSVolFE.exe
PRC - [2004/12/01 17:07:20 | 000,139,264 | ---- | M] (OTi) -- C:\WINDOWS\System32\UStorSrv.exe
PRC - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
PRC - [2002/12/16 16:51:24 | 000,036,864 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
PRC - [2002/04/30 18:47:34 | 000,077,824 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\HPBPRO.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/15 10:06:36 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Abah\Desktop\OTL.exe
MOD - [2009/12/24 17:02:28 | 000,237,840 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll
MOD - [2006/05/24 18:29:44 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2005/12/13 02:39:58 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (VideoAcceleratorService)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\IS360srv.exe -- (IS360service)
SRV - [2009/10/02 07:17:13 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/07/25 05:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/08 12:31:36 | 000,313,840 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2009/07/08 12:31:32 | 000,170,480 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2009/07/08 12:31:12 | 001,108,464 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/25 23:32:01 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/21 22:06:58 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\net3d.exe -- (Net3D)
SRV - [2009/01/12 16:23:31 | 000,000,000 | ---D | M] [Disabled | Stopped] -- C:\WINDOWS\system32\msdtc -- (MSDTC)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/18 13:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 13:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/07/10 10:51:22 | 000,532,264 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/07/10 09:47:18 | 000,116,040 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/04/11 03:58:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/12/06 23:20:56 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 23:20:52 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/11/06 21:16:54 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 21:16:54 | 000,139,264 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/07/24 15:17:08 | 000,229,376 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/12/20 06:55:17 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/11/04 06:07:04 | 000,537,480 | R--- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\dlcxcoms.exe -- (dlcx_device)
SRV - [2006/10/06 19:55:54 | 000,062,200 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\RaMaint.exe -- (LMIMaint)
SRV - [2006/10/06 19:55:16 | 001,622,768 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\LogMeIn.exe -- (LogMeIn)
SRV - [2006/09/29 09:18:00 | 000,266,343 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/05/24 18:21:28 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/05/01 09:34:00 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER) Intel®
SRV - [2006/05/01 09:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/05/01 09:20:52 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/05/01 09:20:26 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)
SRV - [2004/12/01 17:07:20 | 000,139,264 | ---- | M] (OTi) [Auto | Running] -- C:\WINDOWS\System32\UStorSrv.exe -- (UStorage Server Service)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.5.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.1.4
FF - prefs.js..keyword.URL: "http://search.speedb...asp?site=tb&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2010/02/01 09:17:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/07 17:55:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/07 09:40:48 | 000,000,000 | ---D | M]

[2008/07/03 22:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Mozilla\Extensions
[2010/02/10 23:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Mozilla\Firefox\Profiles\7erdy8i3.default\extensions
[2009/07/15 06:31:42 | 000,000,000 | ---D | M] (Html Validator) -- C:\Documents and Settings\Abah\Application Data\Mozilla\Firefox\Profiles\7erdy8i3.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2008/01/26 11:33:42 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\Abah\Application Data\Mozilla\Firefox\Profiles\7erdy8i3.default\searchplugins\aolsearch.xml
[2010/02/10 23:19:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/02/20 22:34:44 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npigl.dll
[2003/01/13 23:08:06 | 000,499,712 | ---- | M] (Morgan Multimedia) -- C:\Program Files\Mozilla Firefox\plugins\npjp2.dll
[2008/03/27 02:22:37 | 000,024,576 | ---- | M] (My Search) -- C:\Program Files\Mozilla Firefox\plugins\NPMySrch.dll
[2006/07/31 16:07:16 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Free Traffic Bar by E-Business Tutor) - {F275EF20-1E52-47B8-98D3-0537A2EB8223} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Free Traffic Bar by E-Business Tutor) - {F275EF20-1E52-47B8-98D3-0537A2EB8223} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTSVolFE.exe] C:\Program Files\Creative\Mixer\CTSVolFE.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [jre͸] C:\Documents and Settings\Abah\Application Data\Java\ߙJviewʚ.exe (1280 X 960)
O4 - HKCU..\Run: [MOKHSEIN̉] C:\Documents and Settings\Abah\Application Data\Java\ϝshimgvwʅ.exe (1280 X 960)
O4 - HKCU..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - Reg Error: Key error. File not found
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 89 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} https://www.uob.com.my/uob/index.jsp (Reg Error: Value error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://downloadcente...trolLite_EN.cab (DjVuCtl Class)
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} http://www.digitalwe...er/dbplugin.cab (dnlplayer Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Value error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1245169154625 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} http://www.gamehouse.../DVCControl.cab (DVC Download Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game09.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.to...33.7/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} https://www.hasil.or...dcCertUtils.cab (dcCertUtils.clsOperation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 () - http://re3.mm-a4.yim...mage/1075500540
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Abah\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Abah\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\ansavgd: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\attrib.exe: Debugger - rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\autorunme.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\blastclnn.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\blastclnnn.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\cscript.exe: Debugger - rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\egui.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\EHttpSrv.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\ise32.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\Nbrowser.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\New Folder.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\Njeeves.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\nod32kui.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npc_login.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npc_tray.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npcsvc32.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npflgutl.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npfports.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npfrules.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npfsvc32.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npfuser.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npfwiz.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\nprosec.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\nuaa.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\Nvcoa.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\nvcsched.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\nvoy.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\reg32.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\rtpsvc.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\scsaver.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\SSCVIHOST.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\wscript.exe: Debugger - rundll32.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0ca6b66a-55d3-11de-99e1-0015c56a9851}\Shell\AutoRun\command - "" = RCYCLER\thumbs.db ;i???????)AE?{cc???B??N?????u?Ao-?Iga???U_R??gi??LP?rMO'??n??FiW??g?-h?}AZA?????U?UhU?s??;??`???D?U?0#???Cc?O??!??U??il??jg??Coih??s'Uu??y??&??A?gY???GoUa????L????\>??qW?N??cuSU???nO?OU?l?E?E?o?
O33 - MountPoints2\{0ca6b66a-55d3-11de-99e1-0015c56a9851}\Shell\Explore\Command - "" = RCYCLER\thumbs.db ;i???????)AE?{cc???B??N?????u?Ao-?Iga???U_R??gi??LP?rMO'??n??FiW??g?-h?}AZA?????U?UhU?s??;??`???D?U?0#???Cc?O??!??U??il??jg??Coih??s'Uu??y??&??A?gY???GoUa????L????\>??qW?N??cuSU???nO?OU?l?E?E?o?
O33 - MountPoints2\{0ca6b66a-55d3-11de-99e1-0015c56a9851}\Shell\Open\Command - "" = RCYCLER\thumbs.db ;i???????)AE?{cc???B??N?????u?Ao-?Iga???U_R??gi??LP?rMO'??n??FiW??g?-h?}AZA?????U?UhU?s??;??`???D?U?0#???Cc?O??!??U??il??jg??Coih??s'Uu??y??&??A?gY???GoUa????L????\>??qW?N??cuSU???nO?OU?l?E?E?o?
O33 - MountPoints2\{19dc4525-5f0d-11dd-96bf-0018de6a1b61}\Shell\AutoRun\command - "" = 1.bat
O33 - MountPoints2\{19dc4525-5f0d-11dd-96bf-0018de6a1b61}\Shell\explore\Command - "" = 1.bat
O33 - MountPoints2\{19dc4525-5f0d-11dd-96bf-0018de6a1b61}\Shell\open\Command - "" = 1.bat
O33 - MountPoints2\{55df3ce0-3aa2-11de-9989-0015c56a9851}\Shell\Auto\command - "" = KONOHAx.exe
O33 - MountPoints2\{55df3ce0-3aa2-11de-9989-0015c56a9851}\Shell\AutoRun\command - "" = KONOHAx.exe
O33 - MountPoints2\{55df3ce0-3aa2-11de-9989-0015c56a9851}\Shell\command - "" = KONOHAx.exe
O33 - MountPoints2\{6c5270f4-8657-11de-9a5c-0015c56a9851}\Shell\AutoRun\command - "" = qr.exe
O33 - MountPoints2\{6c5270f4-8657-11de-9a5c-0015c56a9851}\Shell\open\Command - "" = qr.exe
O33 - MountPoints2\{6c6dd262-1f12-11dc-9222-0018de6a1b61}\Shell\AutoRun\command - "" = ie.exe
O33 - MountPoints2\{6c6dd262-1f12-11dc-9222-0018de6a1b61}\Shell\explore\Command - "" = ie.exe
O33 - MountPoints2\{6c6dd262-1f12-11dc-9222-0018de6a1b61}\Shell\open\Command - "" = ie.exe
O33 - MountPoints2\{74dbd0d6-86ea-11db-8fe7-0018de6a1b61}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{943bba20-313a-11de-9963-0015c56a9851}\Shell - "" = AutoRun
O33 - MountPoints2\{943bba20-313a-11de-9963-0015c56a9851}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ead2a2ae-6c02-11db-8f5b-454e45544531}\Shell\Auto\command - "" = E:\infrom.exe -- File not found
O33 - MountPoints2\{ead2a2ae-6c02-11db-8f5b-454e45544531}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f40fda9c-bce0-11db-90bb-0018de6a1b61}\Shell\Auto\command - "" = infrom.exe
O33 - MountPoints2\{f40fda9c-bce0-11db-90bb-0018de6a1b61}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/01/14 19:30:41 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 14 Days ==========

[2010/02/15 10:06:27 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Abah\Desktop\OTL.exe
[2010/02/15 09:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abah\Desktop\gmer
[2010/02/15 09:02:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/15 09:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/14 13:53:06 | 000,000,000 | ---D | C] -- C:\AV-CLS
[2010/02/13 06:38:39 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/02/13 06:38:39 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/02/13 06:38:39 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/02/13 06:38:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/02/13 06:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/02/13 06:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/13 06:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/13 06:02:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/13 06:02:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/13 05:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/13 05:18:14 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/02/13 05:18:14 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/02/13 05:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/02/13 04:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abah\Application Data\AVG8
[2010/02/12 20:52:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abah\Application Data\Malwarebytes
[2010/02/12 20:52:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/12 20:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/12 20:52:46 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/12 20:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/12 09:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abah\Desktop\USB_WORK FILES
[2010/02/12 05:39:55 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Abah\Application Data\Java
[2010/01/26 07:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/11/23 19:10:33 | 028,408,050 | ---- | C] (Web CEO Ltd. ) -- C:\Program Files\webceo.exe
[2009/11/06 17:18:55 | 006,097,532 | ---- | C] (Kappix ) -- C:\Program Files\DRoster_setup.exe
[2009/10/02 07:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/10/02 07:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/09/24 07:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2009/03/24 20:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/01/31 01:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2007/07/04 19:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/05/25 22:39:53 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2006/12/03 19:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/12/03 19:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2006/10/12 06:01:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2006/10/12 05:59:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2006/10/12 05:54:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2006/10/12 05:52:34 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2006/10/12 05:51:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2006/10/12 05:48:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2006/10/12 05:48:14 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2006/10/12 05:47:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2006/10/12 05:41:42 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2006/10/12 05:41:04 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2006/10/12 05:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2006/10/04 04:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/10/03 22:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2006/10/03 22:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/15 10:10:13 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4E09C448-5B89-456C-A96A-E05DDAAC3CA7}.job
[2010/02/15 10:06:36 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Abah\Desktop\OTL.exe
[2010/02/15 10:04:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/15 10:02:29 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/15 10:02:16 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/15 10:02:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/15 10:02:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/15 09:34:05 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/02/15 09:29:07 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1997004556-3902810429-2234385630-1011UA.job
[2010/02/15 09:29:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/15 09:20:42 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Abah\Desktop\gmer.zip
[2010/02/15 09:04:21 | 000,000,464 | ---- | M] () -- C:\Documents and Settings\Abah\Desktop\Restore Registry.lnk
[2010/02/15 09:03:47 | 014,942,208 | ---- | M] () -- C:\Documents and Settings\Abah\ntuser.dat
[2010/02/15 09:01:23 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Abah\Desktop\NTREGOPT.lnk
[2010/02/15 09:01:23 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Abah\Desktop\ERUNT.lnk
[2010/02/15 08:12:17 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Abah\ntuser.ini
[2010/02/15 08:08:33 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\Abah\Desktop\Malware and Spyware Cleaning Guide.url
[2010/02/14 22:58:45 | 000,000,940 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/14 22:58:45 | 000,000,331 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/14 22:58:45 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/02/14 22:50:37 | 001,703,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/14 22:47:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/14 22:46:56 | 000,562,916 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/14 22:46:56 | 000,483,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/14 22:46:56 | 000,088,914 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/14 18:29:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1997004556-3902810429-2234385630-1011Core.job
[2010/02/13 23:51:49 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\btefynlw.sys
[2010/02/13 15:54:40 | 000,129,024 | ---- | M] () -- C:\Documents and Settings\Abah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/13 11:54:48 | 008,717,860 | -H-- | M] () -- C:\Documents and Settings\Abah\Local Settings\Application Data\IconCache.db
[2010/02/13 06:44:02 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/02/13 06:12:51 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/02/13 05:18:14 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/02/12 20:52:53 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/12 17:55:23 | 000,063,328 | ---- | M] () -- C:\Documents and Settings\Abah\Desktop\Citibank_12Feb2010.pdf
[2010/02/12 17:55:20 | 000,000,048 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2010/02/11 23:17:28 | 000,020,929 | ---- | M] () -- C:\Documents and Settings\Abah\Desktop\PBVisa_11Feb2010.pdf
[2010/02/11 23:15:07 | 000,020,901 | ---- | M] () -- C:\Documents and Settings\Abah\Desktop\citibank_11Feb2010.pdf
[2010/02/11 00:16:53 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/02/09 12:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/05 19:47:00 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2010/02/05 18:30:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (MOKHSEIN-Shyazana).job
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/15 09:20:35 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Abah\Desktop\gmer.zip
[2010/02/15 09:04:21 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\Abah\Desktop\Restore Registry.lnk
[2010/02/15 09:01:23 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Abah\Desktop\NTREGOPT.lnk
[2010/02/15 09:01:23 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Abah\Desktop\ERUNT.lnk
[2010/02/15 08:08:33 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\Abah\Desktop\Malware and Spyware Cleaning Guide.url
[2010/02/14 22:31:42 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/02/14 13:55:15 | 000,002,577 | ---- | C] () -- C:\WINDOWS\config.nt
[2010/02/14 13:55:15 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\config.bak
[2010/02/14 13:55:15 | 000,001,789 | ---- | C] () -- C:\WINDOWS\autoexec.nt
[2010/02/14 13:55:15 | 000,001,789 | ---- | C] () -- C:\WINDOWS\System32\autoexec.bak
[2010/02/13 23:51:49 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\btefynlw.sys
[2010/02/13 06:44:02 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/02/12 20:52:53 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/12 17:55:20 | 000,063,328 | ---- | C] () -- C:\Documents and Settings\Abah\Desktop\Citibank_12Feb2010.pdf
[2010/02/11 23:17:27 | 000,020,929 | ---- | C] () -- C:\Documents and Settings\Abah\Desktop\PBVisa_11Feb2010.pdf
[2010/02/11 23:15:04 | 000,020,901 | ---- | C] () -- C:\Documents and Settings\Abah\Desktop\citibank_11Feb2010.pdf
[2010/01/27 17:49:20 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2010/01/27 17:49:20 | 000,000,141 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2010/01/27 17:43:39 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2010/01/27 17:42:37 | 000,017,076 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2010/01/07 02:27:54 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/11/07 08:48:43 | 000,000,150 | ---- | C] () -- C:\WINDOWS\Config.ini
[2009/09/15 02:58:19 | 000,212,992 | ---- | C] () -- C:\Program Files\CrucialScan.exe
[2009/06/20 23:01:40 | 009,577,800 | ---- | C] () -- C:\Program Files\winzip121.exe
[2009/03/15 17:07:28 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/02/03 00:04:11 | 000,024,877 | ---- | C] () -- C:\Documents and Settings\Abah\Application Data\CleanUp!.log
[2008/11/11 06:29:38 | 000,010,570 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2008/09/08 20:14:42 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2008/09/06 07:51:00 | 000,000,066 | ---- | C] () -- C:\WINDOWS\TLC_Pokemon_database.ini
[2008/09/06 07:43:09 | 000,000,083 | ---- | C] () -- C:\WINDOWS\TLC_pokemon_Data.ini
[2008/09/06 07:04:51 | 000,000,136 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2008/08/31 12:44:54 | 000,000,096 | ---- | C] () -- C:\WINDOWS\VPPLAYS.INI
[2008/08/26 11:12:22 | 000,213,072 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2008/04/11 05:39:16 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/03/18 08:05:18 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/02/29 06:32:22 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2007/07/31 14:27:31 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Abah\Application Data\WavCodec.wff
[2007/05/25 22:50:54 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\C3C035E34F.sys
[2007/05/25 22:49:35 | 000,006,216 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/05/25 22:41:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2007/05/25 22:41:05 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2007/05/25 22:39:53 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2007/05/25 22:38:36 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2007/04/25 06:06:22 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Abah\Application Data\dm.ini
[2007/04/20 16:03:40 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2007/04/03 20:23:24 | 000,002,150 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/11 20:45:23 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Abah\Application Data\dvd.bmk
[2007/01/09 01:19:39 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2006/12/25 19:59:42 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
[2006/11/25 03:59:58 | 000,000,600 | ---- | C] () -- C:\Program Files\nvu.exe.lnk
[2006/10/31 22:18:19 | 000,030,309 | ---- | C] () -- C:\Program Files\adsense-deluxe_wp_plugin.zip
[2006/10/28 08:14:37 | 000,000,084 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2006/10/22 17:37:25 | 000,000,349 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/10/22 17:17:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/10/21 08:07:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2006/10/21 08:06:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2006/10/21 08:03:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2006/10/21 07:57:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2006/10/21 07:56:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2006/10/21 07:55:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2006/10/21 07:54:42 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2006/10/21 07:48:36 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2006/10/21 07:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2006/10/14 02:36:05 | 000,404,480 | ---- | C] () -- C:\Program Files\Dear_son_daughter.ppt.pps
[2006/10/14 02:05:13 | 000,000,423 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2006/10/14 02:05:13 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2006/10/14 02:05:13 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2006/10/14 02:04:19 | 000,000,948 | ---- | C] () -- C:\WINDOWS\EBHTMLCP.INI
[2006/10/13 13:40:26 | 000,001,159 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/12 00:01:54 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Abah\Application Data\$_hpcst$.hpc
[2006/10/09 19:00:35 | 000,318,775 | ---- | C] () -- C:\Program Files\CleanUp40.exe
[2006/10/07 08:29:54 | 000,129,024 | ---- | C] () -- C:\Documents and Settings\Abah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/04 02:18:20 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2006/10/04 02:18:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2006/10/04 02:10:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2006/10/04 02:10:24 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/10/03 22:05:51 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Abah\Local Settings\Application Data\fusioncache.dat
[2006/09/30 03:01:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/30 02:54:32 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/09/30 02:53:57 | 000,000,169 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/30 02:50:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/30 02:19:01 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/30 02:17:32 | 000,000,300 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/24 09:54:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ARAudioTransform2.dll
[2006/09/24 09:54:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ARAudioPlayer2.dll
[2006/09/24 09:54:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ARAudioCDGrabber2.dll
[2006/09/24 09:54:38 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/09/24 09:53:47 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2006/09/22 19:42:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2006/09/06 18:13:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2006/08/09 03:58:04 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2006/05/24 18:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/04/25 03:09:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2006/03/20 08:03:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/04 18:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mwigacc32.dll
[2003/04/29 11:08:20 | 001,112,526 | ---- | C] () -- C:\Program Files\install.exe
[2003/04/18 18:14:22 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\NCTDiscRipper.dll
[2003/04/18 17:44:52 | 001,527,808 | ---- | C] () -- C:\WINDOWS\System32\NCTDiscWriter.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/31 09:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2007/11/20 17:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Ace
[2009/11/29 13:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Affilorama
[2008/02/28 22:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Aveyond II
[2010/01/07 02:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Canneverbe_Limited
[2009/03/09 15:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Canon
[2006/10/26 09:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Datalayer
[2009/12/01 02:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Domain Name Analyzer v4.1
[2009/05/06 23:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\DriverCure
[2008/02/26 20:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\EbkReader
[2008/01/02 13:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Gaijin Ent
[2008/08/25 20:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Gamelab
[2009/06/12 22:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\GetRightToGo
[2007/12/09 20:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Good Keywords v2
[2009/05/05 22:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Graboid Inc
[2007/12/28 15:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Home Sweet Home
[2010/01/16 03:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\IBP
[2008/10/16 20:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\iMesh
[2009/06/22 05:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Inbit
[2009/02/02 11:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\InfraRecorder
[2009/05/23 17:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\IObit
[2006/12/03 00:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\IrfanView
[2007/11/01 10:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Jane s Hotel
[2010/02/14 23:40:24 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Abah\Application Data\Java
[2007/02/11 09:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Kybtec Software
[2008/11/01 20:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Laplink
[2006/10/25 08:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Leadertech
[2006/11/26 12:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\LimeWire
[2008/06/15 20:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Ludia
[2007/02/11 09:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\MipKukSoft
[2006/10/26 10:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Nokia
[2008/08/19 21:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Nvu
[2008/03/20 12:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Oberon Games
[2009/08/13 22:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\OfficeUpdate12
[2008/10/31 17:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\OpenOffice.org
[2009/05/03 01:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Palo Alto Software Inc
[2006/10/04 02:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\pdf995
[2008/07/30 19:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\PlayFirst
[2010/01/19 20:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Research In Motion
[2010/01/25 23:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\RIM Palm&PPC Upgrade Wizard
[2007/07/29 15:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Sandlot Games
[2007/12/25 13:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\ScanSoft
[2007/12/09 20:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Softnik Technologies
[2010/02/01 09:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Toolbar4
[2009/04/25 15:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Uniblue
[2009/01/29 00:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\uTorrent
[2008/03/20 19:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\Valusoft
[2008/06/15 19:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\ViquaSoft
[2009/09/05 07:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\VoipStunt
[2009/07/06 00:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\XMind
[2009/01/12 16:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\yoclient
[2009/04/08 03:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abah\Application Data\YouSendIt
[2010/02/14 23:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2007/10/07 14:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bryxen Software
[2010/01/07 02:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2007/12/11 00:31:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/05/09 01:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/05/07 21:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/03/09 11:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2008/03/27 02:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2009/06/03 20:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/05/01 10:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2008/01/02 11:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/01/22 16:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2007/11/05 18:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/08/19 20:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2007/10/20 13:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/01/22 17:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2008/06/15 20:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2007/02/11 09:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MipKukSoft
[2008/04/18 11:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/11/19 17:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2008/01/26 08:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2009/05/06 23:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/02/12 17:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/07/13 13:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/01/12 16:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2010/01/19 20:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2007/09/22 10:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/04/19 20:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/02/13 13:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2006/11/26 15:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2009/11/11 01:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Speedbit
[2009/12/25 15:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/03/20 19:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/06/15 21:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm
[2009/06/20 23:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/09/07 11:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/04/25 15:00:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2010/02/15 09:34:05 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2010/02/05 19:47:00 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2008/04/18 01:01:18 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
[2010/02/15 10:10:13 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4E09C448-5B89-456C-A96A-E05DDAAC3CA7}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 18:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/25 06:59:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/25 06:59:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 18:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/25 06:59:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/25 06:59:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/04 18:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 18:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/05/12 00:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 18:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/17 08:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 18:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2005/11/18 02:58:16 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\WINDOWS\dell\symmpi\symmpi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/01/15 03:13:35 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/01/14 19:01:53 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2007/01/15 03:13:35 | 029,884,416 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/01/15 03:13:37 | 006,029,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B51CAAE
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AB8D21A
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9EEB760
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA46F44F
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A561576B
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8134D8F
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBCF563D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31F2397C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A96D3F23
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DA9DB01
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8DB81DC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F1019FF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FACB65E7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A97FF73C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C49306C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:490BCC52
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9414241D
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:554C6431
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8247A199
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:669764DD
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1EA8A42
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFAD7A5D
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63F8EC77
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33611CFB
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA99C0C
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:483AC68A
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:126591AF
< End of report >


Extras.txt is as follows :

OTL Extras logfile created on: 2/15/2010 10:09:10 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Abah\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 465.00 Mb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.08 Gb Total Space | 13.27 Gb Free Space | 18.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOKHSEIN
Current User Name: Abah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusOverride " = 1
"AntiVirusDisableNotify " = 1
"FirewallDisableNotify " = 1
"FirewallOverride " = 1
"UpdatesDisableNotify " = 1
"UacDisableNotify " = 1
"FirstRunDisabled " = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride " = 1
"AntiVirusDisableNotify " = 1
"FirewallDisableNotify " = 1
"FirewallOverride " = 1
"UpdatesDisableNotify " = 1
"UacDisableNotify " = 1
"FirstRunDisabled " = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component -- (TVU Networks)
"C:\Program Files\homeMessenger\homemsngr.exe" = C:\Program Files\homeMessenger\homemsngr.exe:*:Enabled:homemsngr -- ()
"C:\Program Files\IBP 9\IBP.exe" = C:\Program Files\IBP 9\IBP.exe:*:Enabled:Internet Business Promoter (IBP) -- (Axandra GmbH)
"C:\Program Files\Pando Networks\Pando\pando.exe" = C:\Program Files\Pando Networks\Pando\pando.exe:*:Disabled:pando -- (Pando Networks)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Documents and Settings\Harits\Desktop\stuff\utorrent.exe" = C:\Documents and Settings\Harits\Desktop\stuff\utorrent.exe:*:Enabled:Torrent -- ()
"C:\WINDOWS\system32\dlcxcoms.exe" = C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe" = C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" = C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program -- (CyberLink Corp.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0 -- (SmartSoft Ltd.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\IBP 10\IBP.exe" = C:\Program Files\IBP 10\IBP.exe:*:Enabled:Internet Business Promoter (IBP) -- (Axandra GmbH)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\AV-CLS\WGET.EXE" = C:\AV-CLS\WGET.EXE:*:Enabled:WGET.EXE -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{02F90E10-F89C-11DC-6784-1F310BBF18BE}" = TaxSaya
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{1485B7CD-4CBD-4039-8EAE-5A22993D7F54}" = hp LaserJet 1150 / 1300
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{280A2E19-00DC-43C5-AE10-33ED8EF6A79D}" = SmartFTP Client
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}" = Apple Mobile Device Support
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5}" = Nokia Connectivity Cable Driver
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{48C1F7C8-FFE0-4FA4-8968-4B9C8EEF2954}" = Proxy P2P
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.07
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{626F5150-0656-4337-B401-F08EEE0D3FF3}" = Palo Alto Software MiniPlan
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{689404D2-1C94-44B3-9203-BEC5594FDA7A}" = Microsoft SQL Server Desktop Engine
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry Media Sync
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6CD08FEA-D8C4-4543-B50C-CB3D4D34E4B0}" = VideoWebWizard
"{6D3EED1C-F3DE-4A2E-B4D6-F9D22A3CF914}" = CWFREE
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E267359-C0B3-4F12-B8BB-706F5DEAD241}" = Gogglebox TV
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111322673}" = SpongeBob Diner Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111438590}" = Virtual Villagers
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8905BA90-88E7-4E4F-91DF-6B01B4AAC188}" = OBB- Online Business Builder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}" = URGE
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}" = Windows Live Toolbar
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF3AA081-81E8-47BC-B995-4DD86128AD02}" = IP Works
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BA2D4D22-0B99-4D63-BCEE-D2EA4736F27F}" = LogMeIn
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}" = Pando
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C7EC0699-D82C-4451-B701-C98C330D43AF}" = hp deskjet 3500
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDBC8703-AA18-491F-97BE-98D4543A901B}" = PCsync
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E4D4A72D-64F6-419F-BD09-2194DA65E029}" = Big Tut
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}" = iTunes
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FC26CFC9-E801-4E90-B139-769D3CB1B01B}" = Gantt Designer
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Advanced HTML Optimizer_is1" = Advanced HTML Optimizer version 3.3
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Affiliate Pro Machine_is1" = Affiliate Pro Machine
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Ahriman's Prophecy" = Ahriman's Prophecy
"Airport Mania - First Flight" = Airport Mania - First Flight (remove only)
"Aveyond" = Aveyond (remove only)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BFG-Aveyond 2" = Aveyond 2
"BFGC" = Big Fish Games Client
"BFG-Cooking Academy" = Cooking Academy
"BFG-Go-Go Gourmet" = Go-Go Gourmet
"BFG-Hells Kitchen" = [bleep]'s Kitchen
"BFG-Home Sweet Home" = Home Sweet Home
"BFG-Jojo's Fashion Show" = Support Version - JFS
"BFG-Pet Pals - New Leash on Life" = Pet Pals: New Leash on Life
"BFG-Wild Thornberrys Australian Wildlife Rescue" = Wild Thornberrys Australian Wildlife Rescue
"BK ReplaceEm" = BK ReplaceEm 2.0
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"Build-a-lot" = Build-a-lot (remove only)
"Burger Island" = Burger Island (remove only)
"Burger Rush" = Burger Rush
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"Cake Mania" = Cake Mania (remove only)
"Cake Mania 2" = Cake Mania 2 (remove only)
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"CTMBDemo_Audigy" = Sound Blaster Audigy ADVANCED MB Demo
"CUEcards 2000" = CUEcards 2000
"Dairy Dash" = Dairy Dash (remove only)
"Delicious Deluxe" = Delicious Deluxe
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"Destiny Media Player" = Destiny Media Player
"Diner Dash - Flo on the Go" = Diner Dash - Flo on the Go (remove only)
"Diner Dash 2" = Diner Dash 2 (remove only)
"Directory Submitter_is1" = Directory Submitter 1.0.24
"Disney's Toontown Online" = Disney's Toontown Online
"Domain Name Analyzer v4_is1" = Domain Name Analyzer v4.1.022207
"Dr. Seuss Preschool" = Dr. Seuss Preschool
"EADM" = EA Download Manager
"Easy Ebook Creator " = Easy Ebook Creator
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EBookCreator" = EBookCreator
"ERUNT_is1" = ERUNT 1.1j
"EXPStudio Audio Editor FREE 4.0" = EXPStudio Audio Editor FREE 4.0
"Family Feud" = Family Feud (remove only)
"Feeding Frenzy" = Feeding Frenzy
"FLVPlayer" = FLV Player 1.3.3
"Free Cloaker_is1" = Free Cloaker
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.5.3
"FreeAccounting_1.0" = Free Accounting 2.0.0
"Game Booster_is1" = Game Booster
"GanttProject" = GanttProject
"Good Keywords v2.01_is1" = Good Keywords v2.01.100107
"Good Keywords v3_is1" = Good Keywords v3 072809
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GoogleAdwordsBuzz_is1" = GoogleAdwordsBuzz v2.0
"Graboid Video" = Graboid Video 1.5
"homeMessenger" = homeMessenger (remove only)
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HyperVRE_is1" = HyperVRE 1.8
"IBP10_is1" = IBP 10.3
"IBP9_is1" = IBP & ARELIS 9.5.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"igLoader" = igLoader
"Imation Disk Manager II Service" = Imation Disk Manager II Service
"iMesh" = iMesh
"Inbit Messenger" = Inbit Messenger (Remove Only)
"Indo Cleaner 2008_is1" = Indo Cleaner 2008
"InfraRecorder" = InfraRecorder
"Insaniquarium Deluxe 1.0" = Insaniquarium Deluxe 1.0
"InstallShield_{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5}" = Nokia Connectivity Cable Driver
"InstallShield_{6D3EED1C-F3DE-4A2E-B4D6-F9D22A3CF914}" = CWFREE
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"Instant Buzz" = Instant Buzz (remove only)
"IObit Security 360_is1" = IObit Security 360
"iOrgSoft Mod Converter" = iOrgSoft Mod Converter 3.3.8
"IrfanView" = IrfanView (remove only)
"Jezzball Deluxe" = Jezzball Deluxe
"Jojos Fashion Show 2 - Las Cruces" = Jojos Fashion Show 2 - Las Cruces (remove only)
"JPEG2000 Mozilla Plug In" = Morgan JPEG2000 Mozilla Plug In
"Jr. Astronaut_is1" = Jr. Astronaut 1.0
"Jr. Dinosaur Hunter_is1" = Jr. Dinosaur Hunter 1.0
"Jr. Fashion Designer_is1" = Jr. Fashion Designer 1.0
"Jr. Vet Demo_is1" = Jr. Vet Demo 1.0
"Jr. Vet_is1" = Jr. Vet 1.0
"Kea Coloring Book_is1" = Kea Coloring Book Version 2.3.2
"Kitty Luv_is1" = Kitty Luv
"Lemonade Tycoon 2" = Lemonade Tycoon 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mathematics Year 2 MyCD Part 1" = Mathematics Year 2 MyCD Part 1
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mind Pad_is1" = Mind Pad 2.6
"MIXERLITE" = Mixer
"Monopoly - SpongeBob SquarePants Edition" = Monopoly - SpongeBob SquarePants Edition
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"No Right Click_is1" = No Right Click version 1.01
"Nvu_is1" = Nvu 1.0
"Orb" = Winamp Remote
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"Pet Pals Animal Doctor" = Pet Pals Animal Doctor (remove only)
"PetzPlayer" = PetzPlayer
"PhotoFiltre" = PhotoFiltre
"Picasa2" = Picasa 2
"Ping Plotter Freeware" = Ping Plotter Freeware
"PingPlotter Standard" = PingPlotter Standard 3.30.0s
"Pixel Chix Desktop" = Pixel Chix Desktop 1.0
"Pizza Frenzy" = Pizza Frenzy
"Pokmon Edu Series" = Pokmon Edu Series
"Profit Protector_is1" = Profit Protector v1.0
"ProInst" = Intel® PROSet/Wireless Software
"Project Engine Personal_is1" = Project Engine Personal 2007:2
"Puppy Luv" = Puppy Luv (remove only)
"Puppy Luv a New Breed" = Puppy Luv a New Breed (remove only)
"Reader Rabbit Thinking Adventures Ages 4-6" = Reader Rabbit Thinking Adventures Ages 4-6
"RealPlayer 12.0" = RealPlayer
"RQ Search and Replace_is1" = RQ Search and Replace 1.82
"Rrirjw32.exe" = Reader Rabbit's Interactive Reading Journey 1
"SadMan Software: ConvertEasy_is1" = SadMan Software: ConvertEasy V1.0
"Sally's Salon" = Sally's Salon (remove only)
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"Security Task Manager" = Security Task Manager 1.7d
"SEOSurf_is1" = SEOSurf v 0.7.0
"Shop for HP Supplies" = Shop for HP Supplies
"Signature995" = Signature995
"SmartFTP Client 2.5 Setup Files" = SmartFTP Client 2.5 Setup Files (remove only)
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"Software Designer Pro_is1" = SoftwareDesignerPro 2.0
"Source Preview Handler_is1" = Source Preview Handler 1.0
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"ST6UNST #1" = #1 ACE
"ST6UNST #2" = MailsBroadcast
"ST6UNST #3" = Science Year 1 MyCD
"ST6UNST #6" = Online Shop Creator 5.1
"Supple" = Supple (remove only)
"Supple -- Episode 1" = Supple -- Episode 1 (remove only)
"SWiSH Max2" = SWiSH Max2
"Switch" = Switch Uninstall
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tales of Pirates Online_is1" = Tales of Pirates Online 1.37
"TBSB09144.TBSB09144Toolbar" = Free Traffic Bar by E-Business Tutor
"The Sims Online" = The Sims Online
"TheDeanReportCloaker_is1" = TheDeanReportCloaker
"TradeManager" = TradeManager
"Traffic Travis_is1" = Traffic Travis 3.1.12
"Turbo Pizza" = Turbo Pizza (remove only)
"TVUPlayer" = TVUPlayer 2.2.1.23 Beta
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"URLToysPerlSA" = URLToys For Perl SA (Remove only)
"VisualRoute Lite Edition" = VisualRoute Lite Edition
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VoipStunt_is1" = VoipStunt
"Volutive 1" = Volutive 1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCEO70_is1" = Web CEO 8.0
"WebColor 1.0_is1" = WebColor 1.0
"webwizard" = TheWebWizard
"Wedding Dash" = Wedding Dash (remove only)
"Wedding Dash 2 - Rings Around the World" = Wedding Dash 2 - Rings Around the World (remove only)
"WETCable" = Windows Easy Transfer
"Winamp" = Winamp
"WinASO Registry Optimizer 4.2_is1" = WinASO Registry Optimizer 4.2
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WinZip Self-Extractor" = WinZip Self-Extractor
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wondershare Flash to Zune Converter_is1" = Wondershare Flash to Zune Converter(Build 1.0.0.0)Trial Version
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Your SpongeBob Diner Dash 2 - Two Times the Trouble" = Your SpongeBob Diner Dash 2 - Two Times the Trouble
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"burn4free" =
"Google Chrome" = Google Chrome
"Pixie" = Pixie 3.1 (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/14/2010 9:56:12 PM | Computer Name = MOKHSEIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/14/2010 9:56:12 PM | Computer Name = MOKHSEIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/14/2010 9:56:23 PM | Computer Name = MOKHSEIN | Source = MSSQLSERVER | ID = 17055
Description = 19012 : SuperSocket Info: Bind failed on TCP port 1433.

Error - 2/14/2010 9:56:23 PM | Computer Name = MOKHSEIN | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

Error - 2/14/2010 10:02:15 PM | Computer Name = MOKHSEIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/14/2010 10:02:15 PM | Computer Name = MOKHSEIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/14/2010 10:02:15 PM | Computer Name = MOKHSEIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/14/2010 10:02:15 PM | Computer Name = MOKHSEIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/14/2010 10:02:33 PM | Computer Name = MOKHSEIN | Source = MSSQLSERVER | ID = 17055
Description = 19012 : SuperSocket Info: Bind failed on TCP port 1433.

Error - 2/14/2010 10:02:33 PM | Computer Name = MOKHSEIN | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

[ System Events ]
Error - 2/14/2010 10:04:17 PM | Computer Name = MOKHSEIN | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/14/2010 10:04:17 PM | Computer Name = MOKHSEIN | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/14/2010 10:04:17 PM | Computer Name = MOKHSEIN | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/14/2010 10:04:17 PM | Computer Name = MOKHSEIN | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/14/2010 10:04:17 PM | Computer Name = MOKHSEIN | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/14/2010 10:04:17 PM | Computer Name = MOKHSEIN | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/14/2010 10:07:06 PM | Computer Name = MOKHSEIN | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/14/2010 10:07:09 PM | Computer Name = MOKHSEIN | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/14/2010 10:13:09 PM | Computer Name = MOKHSEIN | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/14/2010 10:17:19 PM | Computer Name = MOKHSEIN | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >


Coincidentally I made the mistake of inserting a clean USB drive into my Laptop after MBAM had done its work, but immediately saw symptoms of the new USB drive also becoming infected as all images that I transferred from the Laptop to the USB drive immediately became shown as "Application" with some unknown icon.

Appreciate any help to solve this problem. Thank you.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,727 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************************************
reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f

**********************************************************************

Start, Run, cmd, OK to bring up a new Command Prompt window. Rightclick and select Paste and the above text should appear. Make sure you got it all and then hit Enter.

Close the Command Prompt window.

Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.


Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


Copy the text between the lines of stars by highlighting and Ctrl + c
***************************************************************************************************
:OTL
PRC - [2009/07/25 05:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/24 21:38:20 | 000,287,566 | RHS- | M] (1280 X 960) -- C:\Documents and Settings\Abah\Application Data\Java\ϝshimgvwʅ.exe
PRC - [2009/03/24 21:38:20 | 000,287,566 | RHS- | M] (1280 X 960) -- C:\Documents and Settings\Abah\Application Data\Java\ߙJviewʚ.exe
O3 - HKLM\..\Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Free Traffic Bar by E-Business Tutor) - {F275EF20-1E52-47B8-98D3-0537A2EB8223} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Free Traffic Bar by E-Business Tutor) - {F275EF20-1E52-47B8-98D3-0537A2EB8223} - Reg Error: Value error. File not found
O4 - HKCU..\Run: [jre͸] C:\Documents and Settings\Abah\Application Data\Java\ߙJviewʚ.exe (1280 X 960)
O4 - HKCU..\Run: [MOKHSEIN̉] C:\Documents and Settings\Abah\Application Data\Java\ϝshimgvwʅ.exe (1280 X 960)
O27 - HKLM IFEO\ansavgd: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\attrib.exe: Debugger - rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\autorunme.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\blastclnn.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\blastclnnn.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\cscript.exe: Debugger - rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\egui.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\EHttpSrv.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\ise32.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\Nbrowser.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\New Folder.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\Njeeves.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\nod32kui.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npc_login.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npc_tray.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npcsvc32.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npflgutl.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npfports.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npfrules.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npfsvc32.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npfuser.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\npfwiz.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\nprosec.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\nuaa.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\Nvcoa.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\nvcsched.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\nvoy.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\reg32.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\rtpsvc.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\scsaver.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\SSCVIHOST.exe: Debugger - cmd.exe /c del /f /q (Microsoft Corporation)
O27 - HKLM IFEO\wscript.exe: Debugger - rundll32.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0ca6b66a-55d3-11de-99e1-0015c56a9851}\Shell\AutoRun\command - "" = RCYCLER\thumbs.db ;i???????)AE?{cc???B??N?????u?Ao-?Iga???U_R??gi??LP?rMO'??n??FiW??g?-h?}AZA?????U?UhU?s??;??`???D?U?0#???Cc?O??!??U??il??jg??Coih??s'Uu??y??&??A?gY???GoUa????L????\>??qW?N??cuSU???nO?OU?l?E?E?o?
O33 - MountPoints2\{0ca6b66a-55d3-11de-99e1-0015c56a9851}\Shell\Explore\Command - "" = RCYCLER\thumbs.db ;i???????)AE?{cc???B??N?????u?Ao-?Iga???U_R??gi??LP?rMO'??n??FiW??g?-h?}AZA?????U?UhU?s??;??`???D?U?0#???Cc?O??!??U??il??jg??Coih??s'Uu??y??&??A?gY???GoUa????L????\>??qW?N??cuSU???nO?OU?l?E?E?o?
O33 - MountPoints2\{0ca6b66a-55d3-11de-99e1-0015c56a9851}\Shell\Open\Command - "" = RCYCLER\thumbs.db ;i???????)AE?{cc???B??N?????u?Ao-?Iga???U_R??gi??LP?rMO'??n??FiW??g?-h?}AZA?????U?UhU?s??;??`???D?U?0#???Cc?O??!??U??il??jg??Coih??s'Uu??y??&??A?gY???GoUa????L????\>??qW?N??cuSU???nO?OU?l?E?E?o?
O33 - MountPoints2\{19dc4525-5f0d-11dd-96bf-0018de6a1b61}\Shell\AutoRun\command - "" = 1.bat
O33 - MountPoints2\{19dc4525-5f0d-11dd-96bf-0018de6a1b61}\Shell\explore\Command - "" = 1.bat
O33 - MountPoints2\{19dc4525-5f0d-11dd-96bf-0018de6a1b61}\Shell\open\Command - "" = 1.bat
O33 - MountPoints2\{55df3ce0-3aa2-11de-9989-0015c56a9851}\Shell\Auto\command - "" = KONOHAx.exe
O33 - MountPoints2\{55df3ce0-3aa2-11de-9989-0015c56a9851}\Shell\AutoRun\command - "" = KONOHAx.exe
O33 - MountPoints2\{55df3ce0-3aa2-11de-9989-0015c56a9851}\Shell\command - "" = KONOHAx.exe
O33 - MountPoints2\{6c5270f4-8657-11de-9a5c-0015c56a9851}\Shell\AutoRun\command - "" = qr.exe
O33 - MountPoints2\{6c5270f4-8657-11de-9a5c-0015c56a9851}\Shell\open\Command - "" = qr.exe
O33 - MountPoints2\{6c6dd262-1f12-11dc-9222-0018de6a1b61}\Shell\AutoRun\command - "" = ie.exe
O33 - MountPoints2\{6c6dd262-1f12-11dc-9222-0018de6a1b61}\Shell\explore\Command - "" = ie.exe
O33 - MountPoints2\{6c6dd262-1f12-11dc-9222-0018de6a1b61}\Shell\open\Command - "" = ie.exe
O33 - MountPoints2\{74dbd0d6-86ea-11db-8fe7-0018de6a1b61}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{943bba20-313a-11de-9963-0015c56a9851}\Shell - "" = AutoRun
O33 - MountPoints2\{943bba20-313a-11de-9963-0015c56a9851}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ead2a2ae-6c02-11db-8f5b-454e45544531}\Shell\Auto\command - "" = E:\infrom.exe -- File not found
O33 - MountPoints2\{ead2a2ae-6c02-11db-8f5b-454e45544531}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f40fda9c-bce0-11db-90bb-0018de6a1b61}\Shell\Auto\command - "" = infrom.exe
O33 - MountPoints2\{f40fda9c-bce0-11db-90bb-0018de6a1b61}\Shell\AutoRun - "" = Auto&Play
[2010/02/05 18:30:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (MOKHSEIN-Shyazana).job

:Files
C:\Documents and Settings\Abah\Application Data\Java\ߙJviewʚ.exe
C:\Documents and Settings\Abah\Application Data\Java\ϝshimgvwʅ.exe

:Commands
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Reboot now, please :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log
MBAM log
Combofix log

Ron
  • 0

#3
mokhseinabd

mokhseinabd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Dear Mr Kinner,

Thanks very much for the instructions given. I have followed the steps as given by you and here are the results:

1. OTL log :

All processes killed
========== OTL ==========
No active process named jqs.exe was found!
No active process named ϝshimgvwʅ.exe was found!
No active process named ߙJviewʚ.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F275EF20-1E52-47B8-98D3-0537A2EB8223} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F275EF20-1E52-47B8-98D3-0537A2EB8223}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F275EF20-1E52-47B8-98D3-0537A2EB8223} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F275EF20-1E52-47B8-98D3-0537A2EB8223}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\jre͸ deleted successfully.
C:\Documents and Settings\Abah\Application Data\Java\ߙJviewʚ.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MOKHSEIN̉ deleted successfully.
C:\Documents and Settings\Abah\Application Data\Java\ϝshimgvwʅ.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansavgd\ deleted successfully.
C:\WINDOWS\System32\cmd.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\ deleted successfully.
C:\WINDOWS\System32\rundll32.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorunme.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blastclnn.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blastclnnn.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cscript.exe\ deleted successfully.
File rundll32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHttpSrv.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ise32.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe\ deleted successfully.
File rundll32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nbrowser.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\New Folder.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Njeeves.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npc_login.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npc_tray.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npcsvc32.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npflgutl.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfports.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfrules.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfsvc32.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfuser.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfwiz.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprosec.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nuaa.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcoa.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvcsched.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvoy.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reg32.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtpsvc.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scsaver.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SSCVIHOST.exe\ deleted successfully.
File cmd.exe /c del /f /q not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe\ deleted successfully.
File rundll32.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ca6b66a-55d3-11de-99e1-0015c56a9851}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ca6b66a-55d3-11de-99e1-0015c56a9851}\ not found.
File RCYCLER\thumbs.db ;i???????)AE?{cc???B??N?????u?Ao-?Iga???U_R??gi??LP?rMO'??n??FiW??g?-h?}AZA?????U?UhU?s??;??`???D?U?0#???Cc?O??!??U??il??jg??C oih??s'Uu??y??&??A?gY???GoUa????L????\>??qW?N??cuSU???nO?OU?l?E?E?o? not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ca6b66a-55d3-11de-99e1-0015c56a9851}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ca6b66a-55d3-11de-99e1-0015c56a9851}\ not found.
File RCYCLER\thumbs.db ;i???????)AE?{cc???B??N?????u?Ao-?Iga???U_R??gi??LP?rMO'??n??FiW??g?-h?}AZA?????U?UhU?s??;??`???D?U?0#???Cc?O??!??U??il??jg??C oih??s'Uu??y??&??A?gY???GoUa????L????\>??qW?N??cuSU???nO?OU?l?E?E?o? not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ca6b66a-55d3-11de-99e1-0015c56a9851}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ca6b66a-55d3-11de-99e1-0015c56a9851}\ not found.
File RCYCLER\thumbs.db ;i???????)AE?{cc???B??N?????u?Ao-?Iga???U_R??gi??LP?rMO'??n??FiW??g?-h?}AZA?????U?UhU?s??;??`???D?U?0#???Cc?O??!??U??il??jg??C oih??s'Uu??y??&??A?gY???GoUa????L????\>??qW?N??cuSU???nO?OU?l?E?E?o? not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19dc4525-5f0d-11dd-96bf-0018de6a1b61}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19dc4525-5f0d-11dd-96bf-0018de6a1b61}\ not found.
File 1.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19dc4525-5f0d-11dd-96bf-0018de6a1b61}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19dc4525-5f0d-11dd-96bf-0018de6a1b61}\ not found.
File 1.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19dc4525-5f0d-11dd-96bf-0018de6a1b61}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19dc4525-5f0d-11dd-96bf-0018de6a1b61}\ not found.
File 1.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55df3ce0-3aa2-11de-9989-0015c56a9851}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55df3ce0-3aa2-11de-9989-0015c56a9851}\ not found.
File KONOHAx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55df3ce0-3aa2-11de-9989-0015c56a9851}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55df3ce0-3aa2-11de-9989-0015c56a9851}\ not found.
File KONOHAx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55df3ce0-3aa2-11de-9989-0015c56a9851}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55df3ce0-3aa2-11de-9989-0015c56a9851}\ not found.
File KONOHAx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c5270f4-8657-11de-9a5c-0015c56a9851}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c5270f4-8657-11de-9a5c-0015c56a9851}\ not found.
File qr.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c5270f4-8657-11de-9a5c-0015c56a9851}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c5270f4-8657-11de-9a5c-0015c56a9851}\ not found.
File qr.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c6dd262-1f12-11dc-9222-0018de6a1b61}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c6dd262-1f12-11dc-9222-0018de6a1b61}\ not found.
File ie.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c6dd262-1f12-11dc-9222-0018de6a1b61}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c6dd262-1f12-11dc-9222-0018de6a1b61}\ not found.
File ie.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c6dd262-1f12-11dc-9222-0018de6a1b61}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c6dd262-1f12-11dc-9222-0018de6a1b61}\ not found.
File ie.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74dbd0d6-86ea-11db-8fe7-0018de6a1b61}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74dbd0d6-86ea-11db-8fe7-0018de6a1b61}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{943bba20-313a-11de-9963-0015c56a9851}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{943bba20-313a-11de-9963-0015c56a9851}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{943bba20-313a-11de-9963-0015c56a9851}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{943bba20-313a-11de-9963-0015c56a9851}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ead2a2ae-6c02-11db-8f5b-454e45544531}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead2a2ae-6c02-11db-8f5b-454e45544531}\ not found.
File E:\infrom.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ead2a2ae-6c02-11db-8f5b-454e45544531}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead2a2ae-6c02-11db-8f5b-454e45544531}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f40fda9c-bce0-11db-90bb-0018de6a1b61}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f40fda9c-bce0-11db-90bb-0018de6a1b61}\ not found.
File infrom.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f40fda9c-bce0-11db-90bb-0018de6a1b61}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f40fda9c-bce0-11db-90bb-0018de6a1b61}\ not found.
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (MOKHSEIN-Shyazana).job moved successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Abah\Application Data\Java\ߙJviewʚ.exe not found.
File\Folder C:\Documents and Settings\Abah\Application Data\Java\ϝshimgvwʅ.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Abah
->Temp folder emptied: 20895911 bytes
->Temporary Internet Files folder emptied: 5301664 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 51528789 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: ani
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Harits
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Nasleha
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Shyakina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Shyamimi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Shyazana
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 250516 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 74.00 mb


OTL by OldTimer - Version 3.1.28.0 log created on 02182010_084829

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


2. MBAM log :

Malwarebytes' Anti-Malware 1.44
Database version: 3753
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/18/2010 11:24:07 AM
mbam-log-2010-02-18 (11-24-07).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 445690
Time elapsed: 1 hour(s), 56 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 397

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\exefile\nevershowext (Trojan.Autorun) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Abah\Local Settings\Application Data\Microsoft\CD Burning\RCYCLER\thumbs.db (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\DG#3 Rpt.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\skid tank.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\sludge storage tank.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\Wartsila Documentation_Reports\Images_Melawa_26Jan2010\DG1 nozzle and valve failure.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\Wartsila Documentation_Reports\Images_Melawa_26Jan2010\Engine Oil leakages.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\Wartsila Documentation_Reports\Images_Melawa_26Jan2010\Engine view.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\Wartsila Documentation_Reports\Images_Melawa_26Jan2010\Exh Manifold Cracked.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\Wartsila Documentation_Reports\Images_Melawa_26Jan2010\HFO Purifier leakages.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\CI_MFO_Leakage_01.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\CI_MFO_Leakage_02.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\CI_MFO_Leakage_03.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\P6030037.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\P6030038.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\P6030039.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\P6030040.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\Visit 7 July 2009\Visit_to_ARL_on_7-7-09\CI Location.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\Visit 7 July 2009\Visit_to_ARL_on_7-7-09\Existing beams.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\Visit 7 July 2009\Visit_to_ARL_on_7-7-09\Pump Foundation1.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\Visit 7 July 2009\Visit_to_ARL_on_7-7-09\Pump Foundation2.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\Visit 7 July 2009\Visit_to_ARL_on_7-7-09\SR-IL floor beam support.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\Visit 7 July 2009\Visit_to_ARL_on_7-7-09\SR-IL floor beam support1.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\Visit 7 July 2009\Visit_to_ARL_on_7-7-09\SR-IL floor beam support2.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\Visit 7 July 2009\Visit_to_ARL_on_7-7-09\SR-IL floor beam support3.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\CI_AfterHeater_BeforeHomogenizer.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\CI_FromHeater_01.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\CI_OutletToEngine_ValvePosition.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\P6030037.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\P6030038.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\P6030039.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\P6030040.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\SR_Ready01.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\SR_Ready02.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Under Modification\IMG_0576.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Under Modification\IMG_0577.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Under Modification\IMG_0578.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Under Modification\IMG_0579.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Before\IMG_0241.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Before\IMG_0296.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Before\IMG_0297.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Before\IMG_0421.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Before\IMG_0425.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0584.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0585.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0586.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0587.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0588.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0590.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0591.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0592.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0596.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0597.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0598.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Serudong-Base Foundation\CD92-SRIL\IMG_0028.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Serudong-Base Foundation\CD92-CI\IMG_0022.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Serudong-Base Foundation\CD92-CI\IMG_0023.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\Re-installation\IMG_0566.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\Re-installation\IMG_0567.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\Re-installation\IMG_0568.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\Re-installation\IMG_0569.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\CD92-Dropped\Lifting.View-1(Single Sling).exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\CD92-Dropped\Lifting.View-2.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\CD92-Dropped\Lifting.View-3.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\CD92-Dropped\Lifting.View-4(CD92 Dropped on Concrete Flr).exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\CD92-Dropped\Lifting.View-5(Double Sling).exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\CD92-Dropped\Lifting.View-6.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\CD92-Dropped\Lifting.View-7.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\CD92-130-CI-Failure\P7010079.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\CD92-130-CI-Failure\P7010080.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\CD92-130-CI-Failure\P7010081.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\Drip Pan Was Not Mounted\Drip Pan not bolted to floor.View-1.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\Drip Pan Was Not Mounted\Drip Pan not bolted to floor.View-2.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\Drip Pan Was Not Mounted\Drip Pan not bolted to floor.View-3.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\2nd Comm-23-06-09\IMG_0751.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\2nd Comm-23-06-09\IMG_0754.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\2nd Comm-23-06-09\IMG_0757.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\2nd Comm-23-06-09\IMG_0770.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\2nd Comm-23-06-09\IMG_0980.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\2nd Comm-23-06-09\IMG_0982.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\2nd Comm-23-06-09\IMG_0985.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\1st Comm-15-06-09\IMG_0264.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\1st Comm-15-06-09\IMG_0603.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\1st Comm-15-06-09\IMG_0604.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\1st Comm-15-06-09\IMG_0605.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\1st Comm-15-06-09\IMG_0606.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\1st Comm-15-06-09\IMG_0607.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\1st Comm-15-06-09\IMG_0608.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-CI\IMG_0278.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-CI\IMG_0301.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-CI\IMG_0960.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-CI\IMG_0976.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\SESB_ARL_Dispatch_2008\Compilation for SESB Meeting\Plant Layout.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\Refinancing\REFINANCING 2009\Directors Resolution.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\Refinancing\REFINANCING 2009\Signature Scans\gmd_signature.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\Refinancing\REFINANCING 2009\Signature Scans\ma_signature.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Melawa ARL POWER PLANT\Refinancing\REFINANCING 2009\Agreements\NOTICES_OF_REASSIGNMENT_CLEAN COPIES\Notice of Reassignment - FSA, Fuel Oil Tank Agmt_17Dec2009.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\RCYCLER\thumbs.db (Net.Worm) -> Quarantined and deleted successfully.
E:\Chats\Y. Bhg. Datuk Hj Abdul Razak Latiff - chat_files\cleardot.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Computer\Putrajaya Office LAN\Lan setup 1.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Computer\Putrajaya Office LAN\Lan setup 2.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\FUEL EXPORT\Namecard-Tran.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\FUEL EXPORT\Namecard-Tran_sample.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\FUEL EXPORT\PETCO logo.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\FUEL EXPORT\petronas-jet-a1-500x300.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\FUEL EXPORT\SUPPLIERS\Serene Quest\Singapore Oil Office.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\FUEL EXPORT\SUPPLIERS\Omega Energy SCO\Official_Mandate_Certificate2008.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\FUEL EXPORT\PICS\Lake-Hanoi_01.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\FUEL EXPORT\PETCO\image001.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\FUEL EXPORT\International Trade Procedures\xxdiagram_itsi_719x934.exe (Net.Worm) -> Quarantined and deleted successfully.
E:\Geran Tanah\Geran Tanah - Norleha Posro 4.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\RCYCLER\thumbs.db (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\00000p1298844frontgk8.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\05-30-2007 10;25;38AM.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\05-30-2007 10;28;55AM.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\05-30-2007 10;30;15AM.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\07-19-2008 06;21;39PM.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\aik mane turtle tuuu.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\Amamah_Harits_Mimi_Kina.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\DSC00457.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\DSC00464.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\DSC00525.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\DSC00526.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\Harits Northumbria Details.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\IMAGE_00454.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\MA signature.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\ma_signature.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\Mimi_Abah_1993_HolidaySomewhere.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\Mimi_Abah_1993_WangsaMelawati.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\Mimi_Harits_1993_Kindergarten.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\Mimi_Harits_1994_WangsaMelawati.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\Mimi_Harits_1994_WangsaMelawati_02.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\Mimi_Mama_1993_HolidaySomewhere.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\tender_direct_payment.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\armanee\catalog01.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Scans\armanee\catalog02.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\Form_EM-R001.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\Quote_Ceiling_Alfred_Yap_14May2007.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\Tile_Code_for_ZL-170[1].exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\PIX\CassiusVilla_Paint.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\PIX\Floor_Trap_Defect.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\PIX\IMAGE_00707.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\PIX\IMAGE_00708.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\PIX\IMAGE_00709.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\PIX\IMAGE_00710.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\PIX\IMAGE_00711.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\PIX\IMAGE_00712.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\PIX\IMAGE_00713.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\PIX\IMAGE_00714.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\PIX\IMAGE_00715.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\PIX\IMAGE_00718.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\PIX\IMAGE_00719.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\New House_Drawings for MBSA\Front02.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\New House_Drawings for MBSA\left01.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\New House_Drawings for MBSA\Rear02.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\New House_Drawings for MBSA\Right01.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\House Plans\1st_Floor.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\House Plans\elevation.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\House Plans\elevation_2.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\House Plans\Grnd Floor.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\House Plans\planter dtl.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\House Plans\section.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\Defects\200712250902_00004.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\Defects\IMAGE_00902.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\Defects\IMAGE_00903.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\Contractor Forms\page-0001.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\Contractor Forms\page-0002.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Setia Ecopark_Cassius Villa\Contractor Forms\page-0003.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\TOGP\ASEAN_GAS_PIPELINE_2007.28545442_large.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\TOGP\workontransasean.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Chats\Y. Bhg. Datuk Hj Abdul Razak Latiff - chat_files\cleardot.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Computer\Putrajaya Office LAN\Lan setup 1.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Computer\Putrajaya Office LAN\Lan setup 2.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\FUEL EXPORT\Namecard-Tran.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\FUEL EXPORT\Namecard-Tran_sample.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\FUEL EXPORT\PETCO logo.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\FUEL EXPORT\petronas-jet-a1-500x300.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\FUEL EXPORT\SUPPLIERS\Serene Quest\Singapore Oil Office.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\FUEL EXPORT\SUPPLIERS\Omega Energy SCO\Official_Mandate_Certificate2008.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\FUEL EXPORT\PICS\Lake-Hanoi_01.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\FUEL EXPORT\PETCO\image001.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\FUEL EXPORT\International Trade Procedures\xxdiagram_itsi_719x934.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\VoIP Devt\HomeCall VoIp Project Plan.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\VoIP Devt\Images\ConnectionDiagram.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\VoIP Devt\Images\headset.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\VoIP Devt\Images\Mobile Phone.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\VoIP Devt\Images\PDA.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\VoIP Devt\Images\softphone.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\VoIP Devt\Images\WiFi Phone.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\VoIP Devt\HUTCHISON\AIMS_buterfly.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\VoIP Devt\DUE DILIGENCE REPORT\VoIP_Interface.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Technology_IP_Acquisition\For Submission\Project Timeline.Gnt.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\MBI e_education\smkts.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\MBI e_education\Ipoh Smart School\Ipoh Smart School1_raster.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\MBI e_education\Ipoh Smart School\lt_off.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\MBI e_education\Ipoh Smart School\lt_over.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\MBI e_education\Ipoh Smart School\rt_off.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\MBI e_education\Ipoh Smart School\rt_over.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\MBI e_education\Ipoh Smart Community\Ipoh Smart Community1_raster.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\MBI e_education\Ipoh Smart Community\lt_off.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\MBI e_education\Ipoh Smart Community\lt_over.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\MBI e_education\Ipoh Smart Community\rt_off.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\MBI e_education\Ipoh Smart Community\rt_over.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\0.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\2.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\7.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\82.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\9.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\arrow.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\attach.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\berita.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\bg.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\bullet.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\cari.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\click.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\colour.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\cuaca.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\dot.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\dotted.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\dotting.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\golf.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\greyarrow.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\hc_power.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\jawatankuasa.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\left_button.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\masuk.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\mpsj.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\pengumuman.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\redarrow.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\seruan.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\solat.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\spacer.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\tambah.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\top.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\top_bg.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\undian.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\zon1_files\viewbanner.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\0.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\2.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\7.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\82.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\9.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\arrow.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\bg.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\cari.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\click.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\colour.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\cuaca.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\dot.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\dotted.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\dotting.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\golf.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\hc_power.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\jawatankuasa.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\left_button.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\masuk.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\mpsj.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\redarrow.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\solat.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\spacer.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\tambah.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\top.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\top_bg.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\undian.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\carta_files\viewbanner.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\- Jawatan Kuasa Penduduk Majlis Perbandaran Subang Jaya_files\main.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\JKP\- Jawatan Kuasa Penduduk Majlis Perbandaran Subang Jaya_files\spacer.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\126.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\82.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\applikasi(1).exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\applikasi.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\bg_middle.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\bg_right.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\bg_tool.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\calendar1.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\chat1.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\date.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\forum1.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\header.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\l3.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\mail1.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\notice1.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\pengumuman.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\pengumuman_bg.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\postcard1.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\powered.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\HomeComm General\cyberschool\Sekolah Menengah Kebangsaan SS17, Subang Jaya_files\rite_curve.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\BB Bldg PLC\Broadband Bldg PLC1_raster.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\BB Bldg PLC\lt_off.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\BB Bldg PLC\lt_over.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\BB Bldg PLC\rt_off.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\BB Bldg PLC\rt_over.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\BB Bldg Ethernet LAN\BB Bldg1_raster.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\BB Bldg Ethernet LAN\lt_off.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\BB Bldg Ethernet LAN\lt_over.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\BB Bldg Ethernet LAN\rt_off.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\HomeComm Presentations\BB Bldg Ethernet LAN\rt_over.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\cyberscool_presentation\SMKSS17 Presentation\Cyberschool SMKSS17\INFO.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\cyberscool_presentation\SMKSS17 Presentation\Cyberschool SMKSS17\LAST.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\cyberscool_presentation\SMKSS17 Presentation\Cyberschool SMKSS17\NEXT.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\cyberscool_presentation\SMKSS17 Presentation\Cyberschool SMKSS17\PPTANI.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\cyberscool_presentation\SMKSS17 Presentation\Cyberschool SMKSS17\PREV.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\cyberscool_presentation\SMKSS17 Presentation\Cyberschool SMKSS17\SPACE.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\HOMECOMM\Presentations\cyberscool_presentation\SMKSS17 Presentation\Cyberschool SMKSS17\TEXT.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\DG#3 Rpt.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\skid tank.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\Wartsila Documentation_Reports\Images_Melawa_26Jan2010\DG1 nozzle and valve failure.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\Wartsila Documentation_Reports\Images_Melawa_26Jan2010\Engine Oil leakages.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\Wartsila Documentation_Reports\Images_Melawa_26Jan2010\Engine view.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\Wartsila Documentation_Reports\Images_Melawa_26Jan2010\Exh Manifold Cracked.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\Wartsila Documentation_Reports\Images_Melawa_26Jan2010\HFO Purifier leakages.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\CI_MFO_Leakage_01.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\CI_MFO_Leakage_02.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\CI_MFO_Leakage_03.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\P6030037.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\P6030038.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\P6030039.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\P6030040.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\Visit 7 July 2009\Visit_to_ARL_on_7-7-09\CI Location.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\Visit 7 July 2009\Visit_to_ARL_on_7-7-09\Existing beams.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\Visit 7 July 2009\Visit_to_ARL_on_7-7-09\Pump Foundation1.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\Visit 7 July 2009\Visit_to_ARL_on_7-7-09\Pump Foundation2.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\Visit 7 July 2009\Visit_to_ARL_on_7-7-09\SR-IL floor beam support.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\Visit 7 July 2009\Visit_to_ARL_on_7-7-09\SR-IL floor beam support1.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\Visit 7 July 2009\Visit_to_ARL_on_7-7-09\SR-IL floor beam support2.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Installation Pix\Visit 7 July 2009\Visit_to_ARL_on_7-7-09\SR-IL floor beam support3.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\CI_AfterHeater_BeforeHomogenizer.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\CI_FromHeater_01.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\CI_OutletToEngine_ValvePosition.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\P6030037.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\P6030038.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\P6030039.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\P6030040.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\SR_Ready01.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\Homogenizer Pix\SR_Ready02.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Under Modification\IMG_0576.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Under Modification\IMG_0577.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Under Modification\IMG_0578.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Under Modification\IMG_0579.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Before\IMG_0241.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Before\IMG_0296.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Before\IMG_0297.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Before\IMG_0421.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\Before\IMG_0425.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0584.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0585.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0586.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0587.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0588.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0590.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0591.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0592.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0596.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0597.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\SRIL-Pipe Support\After\IMG_0598.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Serudong-Base Foundation\CD92-SRIL\IMG_0028.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Serudong-Base Foundation\CD92-CI\IMG_0022.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Serudong-Base Foundation\CD92-CI\IMG_0023.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\Re-installation\IMG_0566.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\Re-installation\IMG_0567.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\Re-installation\IMG_0568.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\Re-installation\IMG_0569.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\CD92-Dropped\Lifting.View-1(Single Sling).exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\CD92-Dropped\Lifting.View-2.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\CD92-Dropped\Lifting.View-3.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\CD92-Dropped\Lifting.View-4(CD92 Dropped on Concrete Flr).exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\CD92-Dropped\Lifting.View-5(Double Sling).exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\CD92-Dropped\Lifting.View-6.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\Handling\CD92-Dropped\Lifting.View-7.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\CD92-130-CI-Failure\P7010079.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\CD92-130-CI-Failure\P7010080.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\CD92-130-CI-Failure\P7010081.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\Drip Pan Was Not Mounted\Drip Pan not bolted to floor.View-1.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\Drip Pan Was Not Mounted\Drip Pan not bolted to floor.View-2.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\Drip Pan Was Not Mounted\Drip Pan not bolted to floor.View-3.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\2nd Comm-23-06-09\IMG_0751.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\2nd Comm-23-06-09\IMG_0754.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\2nd Comm-23-06-09\IMG_0757.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\2nd Comm-23-06-09\IMG_0770.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\2nd Comm-23-06-09\IMG_0980.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\2nd Comm-23-06-09\IMG_0982.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\2nd Comm-23-06-09\IMG_0985.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\1st Comm-15-06-09\IMG_0264.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\1st Comm-15-06-09\IMG_0603.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\1st Comm-15-06-09\IMG_0604.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\1st Comm-15-06-09\IMG_0605.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\1st Comm-15-06-09\IMG_0606.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\1st Comm-15-06-09\IMG_0607.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-SRIL\1st Comm-15-06-09\IMG_0608.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-CI\IMG_0278.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-CI\IMG_0301.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-CI\IMG_0960.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\S_I_T_Heavy_Oil_Homogenizer\ARL Comparison\ARL-Base Foundation\CD92-CI\IMG_0976.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\SESB_ARL_Dispatch_2008\Compilation for SESB Meeting\Plant Layout.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\Refinancing\REFINANCING 2009\Directors Resolution.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\Refinancing\REFINANCING 2009\Signature Scans\gmd_signature.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\Refinancing\REFINANCING 2009\Signature Scans\ma_signature.exe (Net.Worm) -> Quarantined and deleted successfully.
F:\Melawa ARL POWER PLANT\Refinancing\REFINANCING 2009\Agreements\NOTICES_OF_REASSIGNMENT_CLEAN COPIES\Notice of Reassignment - FSA, Fuel Oil Tank Agmt_17Dec2009.exe (Net.Worm) -> Quarantined and deleted successfully.


3. Combofix log :

ComboFix 10-02-16.03 - Abah 02/18/2010 11:58:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.580 [GMT 8:00]
Running from: c:\documents and settings\Abah\Desktop\george.exe.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Abah\Local Settings\Application Data\Microsoft\CD Burning\AUTORUN.inF
c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\program files\Instant Buzz
c:\program files\Instant Buzz\.ibp
c:\program files\Instant Buzz\bugreport.txt
c:\program files\Instant Buzz\nashamiki.ibp
c:\program files\Instant Buzz\nashamiki.ibq
c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\command
c:\windows\command\wizard.lnk
c:\windows\config.ini
c:\windows\system\oeminfo.ini
c:\windows\system32\ARAudioCDGrabber2.dll
c:\windows\system32\ARAudioPlayer2.dll
c:\windows\system32\ARAudioTransform2.dll
c:\windows\system32\stacsv.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 )))))))))))))))))))))))))))))))
.

2010-02-18 03:47 . 2010-02-18 03:50 -------- d-----w- C:\george.exe
2010-02-18 01:22 . 2010-01-07 08:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-18 01:22 . 2010-02-18 01:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-18 01:22 . 2010-01-07 08:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 00:48 . 2010-02-18 00:48 -------- d-----w- C:\_OTL
2010-02-17 15:43 . 2010-02-17 15:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-17 13:23 . 2010-02-17 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-02-16 04:28 . 2010-02-16 04:28 -------- d-----w- c:\documents and settings\Abah\Local Settings\Application Data\VS Revo Group
2010-02-16 04:28 . 2009-12-30 03:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-16 04:28 . 2010-02-16 04:28 -------- d-----w- c:\program files\VS Revo Group
2010-02-16 01:12 . 2010-02-16 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-16 01:12 . 2010-02-17 15:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-16 01:12 . 2010-02-16 01:12 -------- d-----w- c:\documents and settings\Abah\Application Data\SUPERAntiSpyware.com
2010-02-16 00:23 . 2010-02-16 12:11 -------- d-----w- c:\windows\system32\NtmsData
2010-02-15 01:01 . 2010-02-15 01:01 -------- d-----w- c:\program files\ERUNT
2010-02-14 05:53 . 2010-02-14 05:59 -------- d-----w- C:\AV-CLS
2010-02-13 15:51 . 2010-02-13 15:51 54016 ----a-w- c:\windows\system32\drivers\btefynlw.sys
2010-02-12 22:38 . 2009-03-30 01:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-12 22:38 . 2009-02-13 03:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-02-12 22:38 . 2009-02-13 03:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-02-12 22:38 . 2010-02-12 22:38 -------- d-----w- c:\program files\Avira
2010-02-12 22:14 . 2010-02-14 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-12 21:18 . 2010-02-12 22:12 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-02-12 21:18 . 2010-02-12 21:18 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-02-12 21:18 . 2010-02-12 21:18 -------- d-----w- c:\program files\AVG
2010-02-12 20:45 . 2010-02-12 20:45 -------- d-----w- c:\documents and settings\Abah\Application Data\AVG8
2010-02-12 12:52 . 2010-02-12 12:52 -------- d-----w- c:\documents and settings\Abah\Application Data\Malwarebytes
2010-02-12 12:52 . 2010-02-12 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-11 21:39 . 2010-02-18 00:48 -------- d-sh--r- c:\documents and settings\Abah\Application Data\Java
2010-02-01 01:16 . 2010-02-01 01:16 -------- d-----w- c:\documents and settings\Abah\Application Data\Toolbar4
2010-02-01 01:16 . 2001-08-17 14:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-02-01 01:16 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-01-28 17:50 . 2010-01-28 17:50 150016 ----a-w- c:\windows\system32\mpegdll.dll
2010-01-27 09:56 . 2010-01-27 09:56 45056 ----a-w- c:\windows\NCUNINST.EXE
2010-01-27 09:49 . 2001-12-06 06:59 192512 ----a-w- c:\windows\system32\hptcpmon.dll
2010-01-27 09:49 . 2001-12-06 06:59 118784 ----a-w- c:\windows\system32\hptcpmib.dll
2010-01-27 09:49 . 2001-12-06 06:59 294912 ----a-w- c:\windows\system32\hptcpmui.dll
2010-01-27 09:41 . 2010-02-16 15:19 -------- d-----w- C:\lj1150_1300prnsys
2010-01-27 09:39 . 2010-01-27 09:40 -------- d-----w- C:\lj1150-1300
2010-01-25 23:10 . 2010-01-25 23:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2010-01-25 23:10 . 2010-01-25 23:10 -------- d-----w- c:\documents and settings\Abah\Application Data\Roxio
2010-01-25 16:34 . 2010-01-25 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-01-25 16:34 . 2010-01-25 16:35 -------- d-----w- c:\program files\Roxio
2010-01-25 15:30 . 2010-01-25 15:30 -------- d-----w- c:\documents and settings\Abah\Application Data\RIM Palm&PPC Upgrade Wizard
2010-01-24 16:57 . 2010-01-24 16:58 -------- d-----w- c:\program files\CCleaner
2010-01-24 09:31 . 2010-01-24 09:37 -------- d-----w- c:\program files\GoogleAdwordsBuzz
2010-01-20 10:16 . 2010-01-20 10:16 -------- d-----w- c:\documents and settings\Abah\Application Data\InstallShield
2010-01-19 12:19 . 2010-02-10 16:16 256 ----a-w- c:\windows\system32\pool.bin
2010-01-19 12:19 . 2010-01-19 12:19 -------- d-----w- c:\documents and settings\Abah\Application Data\Research In Motion
2010-01-19 12:17 . 2009-01-09 08:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2010-01-19 12:16 . 2010-01-19 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-01-19 12:15 . 2010-01-19 12:16 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-01-19 12:14 . 2010-01-19 12:18 -------- d-----w- c:\program files\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 15:44 . 2010-02-16 01:13 117760 ----a-w- c:\documents and settings\Abah\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-17 11:37 . 2008-11-04 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-16 08:23 . 2010-01-05 15:02 -------- d-----w- c:\program files\TheDeanReportCloaker
2010-02-16 05:39 . 2008-04-17 17:01 -------- d-----w- c:\documents and settings\Abah\Application Data\Uniblue
2010-02-16 05:37 . 2009-09-02 14:46 -------- d-----w- c:\program files\No Right Click
2010-02-16 05:36 . 2006-09-29 18:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-16 05:34 . 2009-04-27 13:34 -------- d-----w- c:\program files\Destiny
2010-02-16 05:34 . 2007-09-04 15:30 -------- d-----w- c:\program files\CUEcards 2000
2010-02-16 05:33 . 2007-02-15 14:37 -------- d-----w- c:\program files\Burn4Free Toolbar
2010-02-16 05:32 . 2009-09-02 14:15 -------- d-----w- c:\program files\Advanced HTML Optimizer
2010-02-16 05:09 . 2007-12-10 16:29 -------- d-----w- c:\program files\Canon
2010-02-16 05:08 . 2006-10-24 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-02-16 04:58 . 2010-02-16 04:58 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE.dll
2010-02-16 04:58 . 2010-02-16 04:58 139 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1FBBCDDC3072CB6439B8CB8CA1E1AEAA.dll
2010-02-16 04:58 . 2010-02-16 04:58 233 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_16E7FAE2E860FD1159C3000565084666.dll
2010-02-16 03:51 . 2009-09-08 10:10 -------- d-----w- c:\program files\Zylom Games
2010-02-16 03:33 . 2009-09-09 18:54 -------- d-----w- c:\program files\Free Accounting
2010-02-16 01:13 . 2010-02-16 01:13 52224 ----a-w- c:\documents and settings\Abah\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-13 06:35 . 2009-07-05 16:46 -------- d-----w- c:\program files\XMind
2010-02-13 05:39 . 2010-02-13 05:39 907 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3e43b73803c7c394f8a6b2f0402e19c2.dll
2010-02-12 22:38 . 2008-07-31 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-02-12 12:28 . 2010-02-12 12:28 2527 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DC7B5841DBC49304E8EAA52299D3F745.dll
2010-02-12 12:28 . 2010-02-12 12:28 6978 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C59EB89BF67E64248B6EEB8BEE97D160.dll
2010-02-12 12:28 . 2010-02-12 12:28 9777 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9323333151A05584EBBE2023AD5A7BAE.dll
2010-02-12 12:28 . 2010-02-12 12:28 568 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6F8CD9A7664240E4FB15EB94C9D520DB.dll
2010-02-12 12:28 . 2010-02-12 12:28 1795 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3BA0E9862B05A5E4D9ECD69A5FEB3141.dll
2010-02-12 11:23 . 2007-02-27 13:44 -------- d-----w- c:\documents and settings\Abah\Application Data\Apple Computer
2010-02-12 09:55 . 2006-10-03 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-02-12 09:55 . 2006-10-03 18:18 48 -c--a-w- c:\windows\wpd99.drv
2010-02-11 22:43 . 2009-11-10 17:47 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2010-02-07 03:51 . 2006-10-03 15:25 -------- d-----w- c:\program files\IrfanView
2010-02-04 17:29 . 2006-10-07 00:29 -------- d-----w- c:\program files\Google
2010-02-01 01:16 . 2009-11-10 17:47 -------- d-----w- c:\program files\SpeedBit Video Downloader
2010-01-28 13:40 . 2006-10-03 18:22 111040 ----a-w- c:\documents and settings\Abah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 09:48 . 2008-11-10 22:30 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-27 09:42 . 2007-05-07 10:23 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-01-26 15:08 . 2009-03-15 09:31 -------- d-----w- c:\documents and settings\Abah\Application Data\HPAppData
2010-01-25 16:38 . 2006-09-29 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-01-25 16:36 . 2006-09-29 18:46 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-01-25 16:34 . 2006-09-29 18:47 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-01-25 13:36 . 2006-09-29 18:49 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-20 00:53 . 2007-05-25 14:45 -------- d-----w- c:\program files\Dl_cats
2010-01-15 22:26 . 2006-10-09 17:58 -------- d-----w- c:\program files\CleanUp!
2010-01-15 19:54 . 2007-01-14 14:06 -------- d-----w- c:\documents and settings\Abah\Application Data\IBP
2010-01-06 18:28 . 2010-01-06 18:28 -------- d-----w- c:\documents and settings\Abah\Application Data\Canneverbe_Limited
2010-01-06 18:28 . 2010-01-06 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-01-06 18:27 . 2010-01-06 18:27 -------- d-----w- c:\program files\CDBurnerXP
2010-01-05 15:04 . 2010-01-05 04:33 -------- d-----w- c:\program files\Free Cloaker
2010-01-05 10:00 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2009-05-23 23:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-05 06:19 . 2010-01-05 06:19 -------- d-----w- c:\program files\pp
2010-01-03 17:32 . 2006-10-07 00:29 -------- d-----w- c:\program files\Common Files\Real
2010-01-03 17:32 . 2010-01-03 17:32 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-03 17:31 . 2006-10-07 00:29 -------- d-----w- c:\program files\Real
2009-12-31 16:50 . 2004-08-04 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 14:50 . 2009-12-30 14:50 64 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AEF80DC64C8D34545BC0BCD3D4434E0B.dll
2009-12-30 14:50 . 2009-12-30 14:50 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DC3BF90CC0D3D2F398A9A6D1762F70F3.dll
2009-12-30 14:50 . 2009-12-30 14:50 229 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_91E2A082CD005C34EA0133DEE86F7AD9.dll
2009-12-30 14:50 . 2009-12-30 14:50 30 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA706750000080000000030.dll
2009-12-30 14:50 . 2009-12-30 14:50 3568 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D.dll
2009-12-30 14:50 . 2009-12-30 14:50 233 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_16CB480C735EED116861000565084666.dll
2009-12-30 14:50 . 2009-12-30 14:50 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C.dll
2009-12-25 07:41 . 2007-11-12 13:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-24 04:34 . 2007-11-12 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-12-24 02:07 . 2009-12-24 02:06 -------- d-----w- c:\program files\Jojo's Fashion Show
2009-12-21 13:11 . 2009-12-21 13:11 -------- d-----w- c:\program files\MSBuild
2009-12-21 13:11 . 2009-12-21 13:11 -------- d-----w- c:\program files\Reference Assemblies
2009-12-14 07:08 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2005-03-30 01:21 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2005-03-30 01:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 10:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-29 05:45 . 2009-11-29 05:44 4151442 ----a-w- c:\documents and settings\Abah\Application Data\Affilorama\TrafficTravisv3\temp\traffic_travis.exe
2009-11-27 17:11 . 2004-08-04 10:00 1291776 ------w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-04 10:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 10:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 10:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-25 05:02 . 2010-02-14 15:50 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-11-23 11:13 . 2009-11-23 11:10 28408050 ----a-w- c:\program files\webceo.exe
2009-11-21 15:51 . 2004-08-04 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-06 09:15 . 2009-11-06 09:18 6097532 ----a-w- c:\program files\DRoster_setup.exe
2009-09-14 18:58 . 2009-09-14 18:58 212992 ----a-w- c:\program files\CrucialScan.exe
2009-06-20 15:01 . 2009-06-20 15:01 9577800 ----a-w- c:\program files\winzip121.exe
2009-06-08 00:58 . 2009-06-09 12:58 44 ---h--w- c:\program files\95256777.tmp
2008-02-28 22:32 . 2008-02-28 22:32 0 -c--a-w- c:\program files\temp01
2006-11-24 19:59 . 2006-11-24 19:59 600 -c--a-w- c:\program files\nvu.exe.lnk
2006-10-31 14:18 . 2006-10-31 14:18 30309 -c--a-w- c:\program files\adsense-deluxe_wp_plugin.zip
2006-10-13 18:39 . 2006-10-13 18:36 404480 -c--a-w- c:\program files\Dear_son_daughter.ppt.pps
2005-09-24 11:34 . 2006-10-09 11:00 318775 -c--a-w- c:\program files\CleanUp40.exe
2003-04-29 03:08 . 2003-04-29 03:08 1112526 -c--a-w- c:\program files\install.exe
2006-10-19 15:08 . 2006-10-07 00:29 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-08-12 22:32 . 2007-05-25 14:50 104 -csh--r- c:\windows\system32\C3C035E34F.sys
2009-08-12 22:32 . 2007-05-25 14:49 6216 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 05:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-20 2335880]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2010-02-11 1611368]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-04 2002160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-12 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-12 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-12 118784]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-20 2335880]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 06:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2006-10-06 11:56 11504 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Abah^Start Menu^Programs^Startup^homemsngr.lnk]
backup=c:\windows\pss\homemsngr.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jre?]
c:\documents and settings\Abah\Application Data\Java\?Jview?.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MOKHSEIN?]
c:\documents and settings\Abah\Application Data\Java\?shimgvw?.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TradeManager]
c:\progra~1\Alibaba\TRADEM~1\TradeManager -hideframe [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 17:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-11-20 05:51 2335880 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-19 14:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-07 21:20 122940 -c--a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
2007-01-12 16:57 292336 ----a-w- c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-04 19:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-02-06 18:17 3325952 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2006-11-22 13:10 151552 -c----w- c:\program files\CyberLink\PCM4Everio\EverioService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-11-03 22:09 312200 -c--a-w- c:\program files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2005-11-15 11:44 1200128 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 08:24 54840 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 08:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBP]
2005-11-15 11:44 1200128 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-03 21:00 44032 -c--a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-03 21:00 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2008-10-24 01:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2008-10-24 01:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-11-03 22:04 304008 ----a-w- c:\program files\Dell Photo AIO Printer 926\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 13:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 04:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 10:00 59392 -c--a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-01-07 20:02 495616 ----a-w- c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
2007-03-13 01:46 3610192 ----a-w- c:\program files\Pando Networks\Pando\pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 10:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 10:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-02-26 01:23 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 02:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 04:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
2007-10-29 08:43 662016 ----a-w- c:\program files\IObit\Advanced WindowsCare V2\MemCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-24 21:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-03 17:31 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
2003-03-31 10:28 155648 ----a-w- c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-01-15 22:54 37376 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-26 13:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"usnjsvc"=3 (0x3)
"UPS"=3 (0x3)
"TapiSrv"=3 (0x3)
"SQLSERVERAGENT"=3 (0x3)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"SCardSvr"=3 (0x3)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"NMSAccessU"=2 (0x2)
"Nla"=3 (0x3)
"Net3D"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQLSERVER"=2 (0x2)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"ImapiService"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Creative Labs Licensing Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"6to4"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"AntiVirusDisableNotify "=dword:00000001
"FirewallDisableNotify "=dword:00000001
"FirewallOverride "=dword:00000001
"UpdatesDisableNotify "=dword:00000001
"UacDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride "=dword:00000001
"AntiVirusDisableNotify "=dword:00000001
"FirewallDisableNotify "=dword:00000001
"FirewallOverride "=dword:00000001
"UpdatesDisableNotify "=dword:00000001
"UacDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\homeMessenger\\homemsngr.exe"=
"c:\\Program Files\\IBP 9\\IBP.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Documents and Settings\\Harits\\Desktop\\stuff\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\IBP 10\\IBP.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\AV-CLS\\WGET.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [1/12/2006 10:27 PM 13696]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [1/27/2010 7:38 AM 311568]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\rainfo.sys [10/6/2006 7:56 PM 11120]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm [?]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [1/12/2006 10:29 PM 13568]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/2/2009 7:17 AM 133104]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2/13/2010 5:18 AM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2/13/2010 5:18 AM 30104]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/16/2010 12:28 PM 27064]
S3 w900bus;Sony Ericsson 900i driver (WDM);c:\windows\system32\drivers\w900bus.sys [9/6/2005 5:46 PM 58256]
S3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter;c:\windows\system32\drivers\w900mdfl.sys [9/6/2005 5:48 PM 8336]
S3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers;c:\windows\system32\drivers\w900mdm.sys [9/6/2005 5:48 PM 94064]
S3 w900mgmt;Sony Ericsson 900i USB WMC Device Management Drivers;c:\windows\system32\drivers\w900mgmt.sys [9/6/2005 5:49 PM 85504]
S3 w900obex;Sony Ericsson 900i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\w900obex.sys [9/6/2005 5:50 PM 83440]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S4 Net3D;3D Network Service;c:\windows\system32\net3d.exe [8/4/2004 6:00 PM 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-02-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-10-10 15:25]

2010-02-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 15:32]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 23:17]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 23:17]

2010-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997004556-3902810429-2234385630-1011Core.job
- c:\documents and settings\Abah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-16 15:24]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997004556-3902810429-2234385630-1011UA.job
- c:\documents and settings\Abah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-16 15:24]

2010-02-18 c:\windows\Tasks\User_Feed_Synchronization-{4E09C448-5B89-456C-A96A-E05DDAAC3CA7}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\progra~1\SpeedBit Video Accelerator\sblsp.dll
TCP: {2C5C8E12-50A9-45AC-B934-94BBBED7D8E0} = 202.188.1.5,202.188.0.133
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game09.zylom.com/activex/zylomgamesplayer.cab
DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} - hxxps://www.hasil.org.my/efiling/dcCertUtils.cab
FF - ProfilePath - c:\documents and settings\Abah\Application Data\Mozilla\Firefox\Profiles\7erdy8i3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?site=tb&q=
FF - component: c:\documents and settings\Abah\Application Data\Mozilla\Firefox\Profiles\7erdy8i3.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\SpeedBit Video Downloader\SPFireFox\components\Engine.dll
FF - plugin: c:\documents and settings\Abah\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMySrch.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
BHO-{3017FB3E-9A77-4396-88C5-0EC9548FB42F} - c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
BHO-{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-DataLayer - c:\progra~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
MSConfigStartUp-Instant Buzz Daemon - c:\program files\Instant Buzz\IBDaemon.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MyWebSearch\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MyWebSearch\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-OpwareSE4 - c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
MSConfigStartUp-SSBkgdUpdate - c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
MSConfigStartUp-WildTangent CDA - c:\program files\WildTangent\Apps\CDA\cdaEngine0400.dll
AddRemove-Burger Rush - c:\progra~1\YAHOO!~1\BURGER~2\UNWISE.EXE
AddRemove-Delicious Deluxe - c:\progra~1\YAHOO!~1\DELICI~1\UNWISE.EXE
AddRemove-Feeding Frenzy - c:\progra~1\GAMEHO~1\FEEDIN~1\UNWISE.EXE
AddRemove-Insaniquarium Deluxe 1.0 - c:\program files\Yahoo! Games\Insaniquarium Deluxe\PopUninstall.exe
AddRemove-KB913433 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-Lemonade Tycoon 2 - c:\progra~1\YAHOO!~1\LEMONA~1\UNWISE.EXE
AddRemove-Monopoly - SpongeBob SquarePants Edition - c:\progra~1\NICKAR~1\MONOPO~1\UNWISE.EXE
AddRemove-Reader Rabbit Thinking Adventures Ages 4-6 - c:\program files\The Learning Company\Reader Rabbit Thinking Adventures Ages 4-6\Uninst.isu
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111322673} - c:\program files\Oberon Media\SpongeBob Diner Dash\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111438590} - c:\program files\Oberon Media\Virtual Villagers\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 12:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\system32\wbem\Performance\WmiApRpl_new.h 738 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Abah\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Abah\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'lsass.exe'(1148)
c:\progra~1\SpeedBit Video Accelerator\sblsp.dll
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\windows\system32\WININET.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll

- - - - - - - > 'explorer.exe'(3436)
c:\windows\system32\WININET.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\UStorSrv.exe
c:\progra~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
c:\progra~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\IObit\IObit Security 360\is360.exe
.
**************************************************************************
.
Completion time: 2010-02-18 12:20:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-18 04:20

Pre-Run: 14,596,653,056 bytes free
Post-Run: 14,357,106,688 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0C91705E813A95B13C18FAC478401F67


That's all there is of the 3 logs that you requested.

Thanks...Mokhsein
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,727 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c
***************************************************************************************************

:Files
c:\windows\system32\drivers\btefynlw.sys
c:\program files\95256777.tmp
c:\program files\temp01

:Commands
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

You do not have the latest Java. Get the latest at:

http://www.java.com/...nload/index.jsp


Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f

I think we got everything. Any signs of a problem left?

I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html

If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.



Ron
  • 0

#5
mokhseinabd

mokhseinabd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Dear Ron,

OK here is the latest OTL log :

All processes killed
========== FILES ==========
c:\windows\system32\drivers\btefynlw.sys moved successfully.
c:\program files\95256777.tmp moved successfully.
c:\program files\temp01 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Abah
->Temp folder emptied: 160961 bytes
->Temporary Internet Files folder emptied: 185115 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 21898957 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: ani
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Harits
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Nasleha
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Shyakina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Shyamimi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Shyazana
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15633 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 21.00 mb


OTL by OldTimer - Version 3.1.28.0 log created on 02182010_230351

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



The other things you recommended to be done is in progress. Meanwhile I will report here a little while later any other symptoms that may reappear, if any.

Thanks again for your help. Regards...Mokhsein
  • 0

#6
mokhseinabd

mokhseinabd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Dear Ron,

OK here is the rest of my response with regard to the additional things you asked me to do.

1. Java - downloaded and installed latest update, and all old versions have been uninstalled.

2. Adobe Reader - have disabled Javascript.

3. System Restore has been cleaned up.

4. Bitdefender online scan has been done. It did detect "2 infected files" as per the log. Please see below :

BitDefender QuickScan Beta 32-bit v0.9.9.0
------------------------------------------

Scan date: Fri Feb 19 19:40:18 2010
Machine ID: 9C269F48

Process winlogon.exe (1120) - Trojan.Generic.1423603


Found 2 infected files!
-------------------------
C:\WINDOWS\system32\LMIinit.dll - Virtool.903
C:\Program Files\LogMeIn\RaMaint.exe - Virtool.904


Processes
---------
<unsigned> Advanced SystemCare 3 1280 C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
<unsigned> Bluetooth Software 5.0.1.2609 252 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
<unsigned> Google Talk 1076 C:\Program Files\Google\Google Talk\googletalk.exe
<unsigned> Hewlett-Packard T-TR Status Client 1072 C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
<unsigned> Intel PROSet/Wireless 2792 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
<unsigned> Intel® PROSet/Wireless 4064 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
<unsigned> Intel® PROSet/Wireless Event Log 1560 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
<unsigned> Intel® PROSet/Wireless Registry Servi 924 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
<unsigned> Intel® PROSet/Wireless Service 1612 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
<unsigned> Microsoft ActiveSync 2996 C:\Program Files\Microsoft ActiveSync\rapimgr.exe
<unsigned> Microsoft ActiveSync 1576 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
<unsigned> OTi Content Service 460 C:\WINDOWS\system32\UStorSrv.exe
<unsigned> PortResolver Module 53176 C:\WINDOWS\system32\HPBPRO.EXE
<unsigned> SSO Service 1636 C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
<unsigned> Volume Control 1796 C:\Program Files\Creative\Mixer\CTSVolFE.exe
<unsigned> ZeroCfgSvc Application 4056 C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

<verified> Adobe Updater 32412 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
<verified> C-Major Audio 996 C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
<verified> Google Chrome 51548 C:\Documents and Settings\Abah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 51616 C:\Documents and Settings\Abah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 52640 C:\Documents and Settings\Abah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Chrome 52748 C:\Documents and Settings\Abah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
<verified> Google Update 46896 C:\Documents and Settings\Abah\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
<verified> HP DeskJet 904 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
<verified> Intel® Common User Interface 4080 C:\WINDOWS\system32\hkcmd.exe
<verified> Intel® Common User Interface 4088 C:\WINDOWS\system32\igfxpers.exe
<verified> Intel® Common User Interface 2032 C:\WINDOWS\system32\igfxsrvc.exe
<verified> IObit Security 360 2588 C:\Program Files\IObit\IObit Security 360\is360.exe
<verified> IObit Security 360 612 C:\Program Files\IObit\IObit Security 360\IS360srv.exe
<verified> IObit Security 360 1032 C:\Program Files\IObit\IObit Security 360\IS360tray.exe
<verified> Java™ Platform SE 6 U18 736 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Microsoft Visual Studio .NET 760 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
<verified> Microsoft Windows Operating System 2940 C:\WINDOWS\Explorer.EXE
<verified> Microsoft Windows Operating System 1096 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft Windows Operating System 1868 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft Windows Operating System 1176 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft Windows Operating System 1164 C:\WINDOWS\system32\services.exe
<verified> Microsoft Windows Operating System 1044 C:\WINDOWS\System32\smss.exe
<verified> Microsoft Windows Operating System 2008 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft Windows Operating System 1520 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft Windows Operating System 1828 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft Windows Operating System 1004 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft Windows Operating System 828 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft Windows Operating System 784 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft Windows Operating System 548 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft Windows Operating System 204 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft Windows Operating System 1480 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft Windows Operating System 1432 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft Windows Operating System 1368 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft Windows Operating System 53040 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft Windows Operating System 1696 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft Windows Operating System 1120 C:\WINDOWS\system32\winlogon.exe
<verified> Printer Communication System 268 C:\WINDOWS\system32\dlcxcoms.exe
<verified> Software Manager 1500 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
<verified> SpeedBit LTD VideoAccelerator 1568 C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
<verified> SpeedBit Stream Accelerator Engine 3296 C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
<verified> SpeedBit Video Accelerator Service 1312 C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
<verified> SUPERAntiSpyware 300 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
<verified> Synaptics Pointing Device Driver 4036 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


Network activity
----------------
Process googletalk.exe (1076) connected on port 5222 (XMPP/Jabber) - tx-in-f125.1e100.net
Process chrome.exe (51616) connected on port 80 (HTTP) - 118.214.92.20
Process chrome.exe (51616) connected on port 80 (HTTP) - ni-in-f101.1e100.net
Process chrome.exe (51616) connected on port 80 (HTTP) - 118.214.85.115
Process chrome.exe (51616) connected on port 80 (HTTP) - 118.214.88.100

Process dlcxcoms.exe (268) listens on ports: 10009
Process UStorSrv.exe (460) listens on ports: 32219
Process svchost.exe (1432) listens on ports: 135 (RPC)
Process svchost.exe (1828) listens on ports: 2869 (SSDP event notification, UPNP)
Process rapimgr.exe (2996) listens on ports: 990 (FTP over SSL)


Autoruns and critical files
---------------------------
<unsigned> Advanced SystemCare 3 C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
<unsigned> Google Talk C:\Program Files\Google\Google Talk\googletalk.exe
<unsigned> Hewlett-Packard T-TR Status Client C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
<unsigned> Intel® PROSet/Wireless C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
<unsigned> Microsoft ActiveSync C:\Program Files\Microsoft ActiveSync\wcescomm.exe
<unsigned> SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
<unsigned> SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
<unsigned> Volume Control C:\Program Files\Creative\Mixer\CTSVolFE.exe
<unsigned> Windows Live Toolbar C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
<unsigned> ZeroCfgSvc Application C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

<verified> C-Major Audio C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
<verified> Google Update C:\Documents and Settings\Abah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
<verified> Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
<verified> Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
<verified> HP DeskJet C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
<verified> Intel® Common User Interface C:\WINDOWS\system32\hkcmd.exe
<verified> Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll
<verified> Intel® Common User Interface C:\WINDOWS\system32\igfxpers.exe
<verified> Intel® Common User Interface C:\WINDOWS\system32\igfxtray.exe
<verified> IObit Security 360 C:\Program Files\IObit\IObit Security 360\IS360tray.exe
<verified> LogMeIn C:\WINDOWS\system32\LMIinit.dll
<verified> Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
<verified> Microsoft Windows Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft Windows Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft Windows Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft Windows Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft Windows Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft Windows Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft Windows Operating System C:\WINDOWS\system32\logonui.exe
<verified> Microsoft Windows Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft Windows Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft Windows Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft Windows Operating System c:\windows\system32\userinit.exe
<verified> Microsoft Windows Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft Windows Operating System C:\WINDOWS\system32\wpdshserviceobj.dll
<verified> Software Manager C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
<verified> SpeedBit LTD VideoAccelerator C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
<verified> SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
<verified> Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
<verified> Timer DLL C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll
<verified> Windows Internet Explorer C:\WINDOWS\system32\msfeedssync.exe
<verified> Windows Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
<unsigned> Akamai Download Manager ActiveX Control C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.ocx
<unsigned> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> dcSignX C:\WINDOWS\Downloaded Program Files\dcCertUtils.dll
<unsigned> DivX Web Player C:\Program Files\DivX\DivX Web Player\npdivx32.dll
<unsigned> DivX Web Player C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
<unsigned> DVC Download Control.ocx C:\WINDOWS\Downloaded Program Files\DVC Download Control.ocx
<unsigned> Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> igLoader C:\Program Files\Mozilla Firefox\plugins\npigl.dll
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> McAfee Clinic C:\Program Files\Mozilla Firefox\plugins\NPMGWRAP.DLL
<unsigned> Morgan Multimedia JPEG2000 Netscape/Moz C:\Program Files\Mozilla Firefox\plugins\npjp2.dll
<unsigned> Mozilla C:\Documents and Settings\Abah\Application Data\Mozilla\Firefox\Profiles/7erdy8i3.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
<unsigned> My Search Plugin Stub C:\Program Files\Mozilla Firefox\plugins\NPMySrch.dll
<unsigned> PF.Magic's Petz 3 Player Plug-in C:\Program Files\Internet Explorer\plugins\npPetz.dll
<unsigned> QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned> RealJukebox NS Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll
<unsigned> RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned> RealPlayer Version Plugin c:\program files\real\realplayer\Netscape6\nprpjplug.dll
<unsigned> Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
<unsigned> Toontown Installer Module C:\WINDOWS\Downloaded Program Files\ttinst.dll
<unsigned> Yahoo! activeX Plug-in Bridge C:\Program Files\Yahoo!\Common\npyaxmpb.dll

<verified> AcroIEHelper Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Akamai Download Manager ActiveX Control C:\WINDOWS\Downloaded Program Files\Manager.exe
<verified> AVG Security Toolbar c:\program files\avg\avg9\toolbar\ietoolbar.dll
<verified> Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx
<verified> Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
<verified> Google Update C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
<verified> Google Updater C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
<verified> GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
<verified> Groove Playback Control C:\WINDOWS\Downloaded Program Files\GrooveAX.dll
<verified> HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
<verified> HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
<verified> HPDEXAXO C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll
<verified> Java Deployment Toolkit 6.0.180.7 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Java™ Platform SE 6 U18 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Java™ Platform SE 6 U18 c:\program files\java\jre6\bin\ssv.dll
<verified> Java™ Platform SE 6 U18 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
<verified> Microsoft Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft Windows Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft Windows Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft Windows Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft Windows Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> MSN Games by Zone.com C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> NPWebSLLauncher.dll C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
<verified> RealPlayer Download and Record Plugin c:\program files\real\realplayer\rpbrowserrecordplugin.dll
<verified> RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<verified> RealPlayer™ G2 LiveConnect-Enabled P c:\program files\real\realplayer\Netscape6\nppl3260.dll
<verified> sblsp C:\Program Files\SpeedBit Video Accelerator\sblsp.dll
<verified> Software Manager C:\WINDOWS\Downloaded Program Files\isusweb.dll
<verified> SpeedBit Grab & Convert c:\program files\speedbit video downloader\toolbar\grabber.dll
<verified> Spybot - Search & Destroy c:\program files\spybot - search & destroy\sdhelper.dll
<verified> Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows Internet Explorer C:\WINDOWS\system32\ieframe.dll
<verified> Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
<verified> Yahoo! IE Services c:\program files\yahoo!\common\yiesrvc.dll
<verified> Yahoo! Single Instance for Mail c:\program files\yahoo!\companion\installs\cpn5\ytsingleinstance.dll
<verified> Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn5\yt.dll
<verified> Zylom Games Player C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll


Missing files
-------------
File not found: C:\Program Files\Java\jre6\bin\jusched.exe
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"SunJavaUpdateSched"

File not found: c:\program files\speedbit video downloader\toolbar\tbcore3.dll
referenced in: HKCR\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\InprocServer32\(default)


Scan
----
<unsigned> MD5: ab3e9f18aed16e0bd6a1dfdb503aa1f6 C:\Documents and Settings\Abah\Application Data\Mozilla\Firefox\Profiles/7erdy8i3.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
<unsigned> MD5: 031ccdff85a57172f3402cb99b3e9d46 C:\Documents and Settings\Abah\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
<unsigned> MD5: 11ab72d5d603db401c190b454fb935a7 C:\Documents and Settings\Abah\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
<unsigned> MD5: 318b0d2cf5470f724b217498553d36e6 C:\Program Files\Avira\AntiVir Desktop\shlext.dll
<unsigned> MD5: eddec321b128328bc370a5447f7f8d69 C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> MD5: cfd4c3352e29a8b729536648466e8df5 C:\Program Files\Bonjour\mDNSResponder.exe
<unsigned> MD5: 2094bc9a0fc9c0e15eea5f4a9581dd14 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
<unsigned> MD5: 7db5e3f44d797bd38b8e336ccc2e49d5 C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
<unsigned> MD5: 6f95324909b502e2651442c1548ab12f C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
<unsigned> MD5: 227846995afeefa70d328bf5334a86a5 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
<unsigned> MD5: 976d0d12423a75408c6362797d481413 C:\Program Files\Common Files\Microsoft Shared\INK\PENUSA.DLL
<unsigned> MD5: 350a59743cff24b94561602e4b238181 C:\Program Files\Creative\Mixer\CTSVolFE.crl
<unsigned> MD5: e6c210a5cc9211d077556d0c9891a977 C:\Program Files\Creative\Mixer\CTSVolFE.exe
<unsigned> MD5: 8084668d40e5eb157839c5519e533541 C:\Program Files\Creative\Shared Files\CTIniF.dll
<unsigned> MD5: 8b29a4110cda0dda453815094d5e993e C:\Program Files\Creative\Shared Files\CtrlSrc.dll
<unsigned> MD5: 28296742da636800ba2cabd00990502f C:\Program Files\Creative\Shared Files\CTTheme.dll
<unsigned> MD5: 5a42034f1a337f831d2275ebad223cc9 C:\Program Files\Creative\Shared Files\GDICtrl.skc
<unsigned> MD5: ecaf233ea2f9e47c2c4b4fd00351c3dc C:\Program Files\Creative\Shared Files\GDICtrl2.skc
<unsigned> MD5: b499c4b7fe828b7004aca72b459949e9 C:\Program Files\Creative\Shared Files\GDICtrl3.skc
<unsigned> MD5: 4dd881b1918d195682ea7e696000d342 C:\Program Files\Creative\Shared Files\MxLib.dll
<unsigned> MD5: c20f65eb34e29d80f655348a74c93953 C:\Program Files\Creative\Shared Files\RtxCtrl.skc
<unsigned> MD5: b216b03852df788c7e2afdf6c6e8a9b0 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
<unsigned> MD5: fcb4dcfde1eaf2189dfd2f016e1a27a1 C:\Program Files\Dell PC Fax\dlctrstr.dll
<unsigned> MD5: 6f0335cd580dad17eab0963a6c434cfe C:\Program Files\Dell PC Fax\ipcmt.dll
<unsigned> MD5: 2ac2372ffad9adc85672cc8e8ae14be9 C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
<unsigned> MD5: a13d7cd76e026ba041e9eba4eef1eba0 C:\Program Files\DivX\DivX Web Player\npdivx32.dll
<unsigned> MD5: f457996db06b3ef082fe1e8e5b22e64f C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll
<unsigned> MD5: 51f6ded792fbe75e8558badb5b5da66b C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
<unsigned> MD5: 2dc61f643534045b332d20cccd7a2b9d C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> MD5: bcd9cbf0621f9a6767276a2e0bf1dd15 C:\Program Files\Google\Google Talk\googletalk.exe
<unsigned> MD5: 6d557cab78e4d454e5fa49ec8782462a C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\hpptui0.dll
<unsigned> MD5: d6e32f50ccc40a0dcd4fbd9473382eae C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
<unsigned> MD5: f50f7984fdd151edd8a70a8dbd9e2a44 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
<unsigned> MD5: c83c0791fc7fa3cbe9be2825b8a47eaf C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll
<unsigned> MD5: df446ba625cc441617843e87798ce048 C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
<unsigned> MD5: def4d5f59e0b895224700ae4e79e41aa C:\Program Files\Intel\Wireless\Bin\DbEngine.dll
<unsigned> MD5: 1cc87053c28dca5cd94cac36dc56e7b4 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
<unsigned> MD5: f96e450937bad69fe4804d46829aa5c7 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
<unsigned> MD5: 56dacb14aee639ed35f1245eab127e1e C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll
<unsigned> MD5: da199948bdf65d2ef9109b60ec4621d0 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
<unsigned> MD5: 3a6b86ad3c58dd76121e3e3673bd0d9d C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
<unsigned> MD5: 9c7c91af5de920c0c0561b71b062690d C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
<unsigned> MD5: 91bee139f09b1845cfb7153c50f608cf C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
<unsigned> MD5: b18f93a3f6cb72dba5f177c35ac3646e C:\Program Files\Intel\Wireless\Bin\MurocApi.dll
<unsigned> MD5: 80bfe090178fff1243d320c825cdd3f6 C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll
<unsigned> MD5: 0060b94d389414d877544cb0b979110f C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll
<unsigned> MD5: 6210679582240d54cc7fcc6278ca8b04 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
<unsigned> MD5: 99647323602be0e77a9737e6eada65ba C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
<unsigned> MD5: 7ac599f4417fd0a4ebcd27ed091817df C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll
<unsigned> MD5: 3e3456a797cc4dce79b9556365caf1f0 C:\Program Files\Intel\Wireless\Bin\TraceAPI.dll
<unsigned> MD5: e876c33293aa5ffa81a1aa28d594712e C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
<unsigned> MD5: b8c80dccd4ce7cbf1fe8600b68418536 C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
<unsigned> MD5: 20e5f75d0a31bb54da70595d94829cd4 C:\Program Files\Internet Explorer\plugins\npPetz.dll
<unsigned> MD5: b04cda7a51b049a43cb7dbcc8fd0931c C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
<unsigned> MD5: bfcdb94d1b2db75a6ddf5ea3b954af87 C:\Program Files\IObit\Advanced SystemCare 3\CoolTrayIcon_D6plus.bpl
<unsigned> MD5: 0dcd17c9a3b135c61834c716a412a5bf C:\Program Files\IObit\Advanced SystemCare 3\rtl70.bpl
<unsigned> MD5: 4ea6455b7f9d7ce2094fc92877166af8 C:\Program Files\IObit\Advanced SystemCare 3\STFix.dll
<unsigned> MD5: 599dabd485b83b3ddbfcacfd60ac8774 C:\Program Files\IObit\Advanced SystemCare 3\vcl70.bpl
<unsigned> MD5: e12c66ffd510c78731d5400eddecd8c8 C:\Program Files\IObit\Advanced SystemCare 3\vclx70.bpl
<unsigned> MD5: 2a83670c1ddf4450160353cc78fb42c5 C:\Program Files\IObit\Advanced SystemCare 3\winSkinD7R.bpl
<unsigned> MD5: fb5200b314747963d1530d166755aa89 C:\Program Files\IObit\IObit Security 360\madbasic_.bpl
<unsigned> MD5: 155734ba4f8408328656f35269b9eb83 C:\Program Files\IObit\IObit Security 360\maddisAsm_.bpl
<unsigned> MD5: dd82eb68d97944b192c7803eb585b03c C:\Program Files\IObit\IObit Security 360\rtl120.bpl
<unsigned> MD5: 773ebd87010a6f644869a59d98792c9c C:\Program Files\IObit\IObit Security 360\vcl120.bpl
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Java\jre6\bin\msvcr71.dll
<unsigned> MD5: f168a041b1c8ac499b77b18b26d18e1f C:\Program Files\Microsoft ActiveSync\dtptdns.dll
<unsigned> MD5: 3649ea61aac1c48b7d282cb61421c15a C:\Program Files\Microsoft ActiveSync\rapimgr.exe
<unsigned> MD5: 88cf195c0a5a2af4b8c499c43c26b9ee C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll
<unsigned> MD5: 00c68f7743fc08914c3fe746d00da120 C:\Program Files\Microsoft ActiveSync\tcp2udp.dll
<unsigned> MD5: 0d667f8b21d7975c663f35d7af3c9bdb C:\Program Files\Microsoft ActiveSync\wcescomm.exe
<unsigned> MD5: 1d1b22613eab9287af902398867bc93c C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
<unsigned> MD5: 352e375ab298c23b0f9bc307652c7f50 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE
<unsigned> MD5: 751961e128dbcc7a32304339c4bdeff0 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
<unsigned> MD5: e3f974bdedc336490a2e6f3a703f016a C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
<unsigned> MD5: f80eec5e1d6cdf82cb974daada0c57dd C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
<unsigned> MD5: a13d7cd76e026ba041e9eba4eef1eba0 C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
<unsigned> MD5: 2a5569d1f70d1b8f134bb22a53f69092 C:\Program Files\Mozilla Firefox\plugins\npigl.dll
<unsigned> MD5: 0c7698a4e64dcd530133ab1dea5fd73b C:\Program Files\Mozilla Firefox\plugins\npjp2.dll
<unsigned> MD5: 249620c767d8f6a79a2b05d4172c366f C:\Program Files\Mozilla Firefox\plugins\NPMGWRAP.DLL
<unsigned> MD5: a1015d8ed5c7debe86ea44f27e4cee42 C:\Program Files\Mozilla Firefox\plugins\NPMySrch.dll
<unsigned> MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: dd33975dcfe8c020c07f6707f81a1d12 C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned> MD5: 01f0264937036bd962563f1adf35ce72 C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Pando Networks\Pando\msvcr71.dll
<unsigned> MD5: c4ffa3ed5c299c693e14fa63b1db03a3 C:\Program Files\Pando Networks\Pando\PandoShellExt.dll
<unsigned> MD5: dd33975dcfe8c020c07f6707f81a1d12 c:\program files\real\realplayer\Netscape6\nprjplug.dll
<unsigned> MD5: 01f0264937036bd962563f1adf35ce72 c:\program files\real\realplayer\Netscape6\nprpjplug.dll
<unsigned> MD5: 154d82889d567bb99e524c27ab6f0a9d C:\Program Files\SmartFTP Client\en-US\sfShellTools.dll.mui
<unsigned> MD5: 31a7aa2dedefbd3927b0cade051aac2c C:\Program Files\SUPERAntiSpyware\deupx.dll
<unsigned> MD5: d617404d119b1db10366692447d8a648 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
<unsigned> MD5: ecd5517a6633826057d4f050927ddf56 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
<unsigned> MD5: 482e8f6fd557d5a0df7363f72df145fe C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
<unsigned> MD5: 3a462eba453d84d036046772104cfbcb C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
<unsigned> MD5: 6046c5a886b3207bd17f1569db7a71b3 C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
<unsigned> MD5: 82f0e6886ad9774f4504fe24b4ee3a42 C:\Program Files\WinRAR\RarExt.dll
<unsigned> MD5: 6efe29f123e58a6333f50beca863da42 C:\Program Files\Yahoo!\Common\npyaxmpb.dll
<unsigned> MD5: 8b882a56fd7f009f31875a7182359d59 C:\Program Files\YouSendIt\Express\version2\YsiExt.dll
<unsigned> MD5: 529bc9b965eab1c21d9e4b51050cdeb9 C:\PROGRA~1\AVS4YOU\AVSVideoConverter6\AVSVideoConverterShExt.dll
<unsigned> MD5: 33661d553ad3c3d00c81dc3241b36583 C:\PROGRA~1\Intel\Wireless\Bin\acAuth.dll
<unsigned> MD5: f5b81298a10639a770e6789e56eb078b C:\PROGRA~1\Intel\Wireless\Bin\C1XStngs.dll
<unsigned> MD5: 1cc87053c28dca5cd94cac36dc56e7b4 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
<unsigned> MD5: 4839283d7625406e34c3df84142d8913 C:\PROGRA~1\Intel\Wireless\Bin\LSAWRAPI.DLL
<unsigned> MD5: 561fa2abb31dfa8fab762145f81667c2 C:\PROGRA~1\MI3AA1~1\msvcp71.dll
<unsigned> MD5: 3649ea61aac1c48b7d282cb61421c15a C:\PROGRA~1\MI3AA1~1\rapimgr.exe
<unsigned> MD5: 1f85eaa7d6b46b8a03aef81324a45143 C:\WINDOWS\Downloaded Program Files\dcCertUtils.dll
<unsigned> MD5: 8fdc3e87529429bb5fbc60cfc46e4e4a C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.ocx
<unsigned> MD5: b96d57455074ff5ab692e905a6d9edd1 C:\WINDOWS\Downloaded Program Files\DVC Download Control.ocx
<unsigned> MD5: 3fea9d2edf23b0283c7a66c8dea380bd C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<unsigned> MD5: cdbe35ea59bc9223e4f800bd1db82d27 C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> MD5: 75e63c8034e514537ca710b09c06894d C:\WINDOWS\Downloaded Program Files\ttinst.dll
<unsigned> MD5: e2cca1b3ba59949ae16ec587e89a09ba C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
<unsigned> MD5: 28c8d05684a001680467964be061a424 C:\WINDOWS\system32\bthcrp.dll
<unsigned> MD5: 6153cef278ae3f7cd6975213f7dbe44a C:\WINDOWS\system32\BTNCopy.dll
<unsigned> MD5: f9f3c89b00ca87dc48889759027f6945 C:\WINDOWS\system32\C3C035E34F.sys
<unsigned> MD5: 5a5cff37f1bd0f86b9bdaad7a9445882 C:\WINDOWS\system32\cdplayer.exe.manifest
<unsigned> MD5: 0d4e9e221ddd308fa50a7bfbb672fc57 C:\WINDOWS\system32\ceutil.dll
<unsigned> MD5: e2d0de31442390c35e3163c87cb6a9eb C:\WINDOWS\System32\DLA\DLABOIOM.SYS
<unsigned> MD5: 83545593e297f50a8e2524b4c071a153 C:\WINDOWS\System32\DLA\DLADResN.SYS
<unsigned> MD5: 96e01d901cdc98c7817155cc057001bf C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
<unsigned> MD5: 0a60a39cc5e767980a31ca5d7238dfa9 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
<unsigned> MD5: 9fe2b72558fc808357f427fd83314375 C:\WINDOWS\System32\DLA\DLAPoolM.SYS
<unsigned> MD5: e7d105ed1e694449d444a9933df8e060 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
<unsigned> MD5: f08e1dafac457893399e03430a6a1397 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
<unsigned> MD5: 6048e9c383f1807187abb4517abc8ba5 C:\WINDOWS\system32\DLPRMON.DLL
<unsigned> MD5: 91f3df93f40a74d222cd166fe95db633 C:\WINDOWS\system32\DRIVERS\AegisP.sys
<unsigned> MD5: 8893ae0b6b9b60e0521a60e8b2160216 C:\WINDOWS\system32\drivers\btaudio.sys
<unsigned> MD5: 9c3c8b9e2eda516eb44b51dab81dbd68 C:\WINDOWS\system32\DRIVERS\btkrnl.sys
<unsigned> MD5: fde318e3569f57264af74b7e431f60ae C:\WINDOWS\system32\DRIVERS\btport.sys
<unsigned> MD5: 089f7526ff41c17b0a43896d0553d5a2 C:\WINDOWS\system32\drivers\btserial.sys
<unsigned> MD5: 28531ab3183f498e58d93d585e6a6b70 C:\WINDOWS\system32\DRIVERS\btwdndis.sys
<unsigned> MD5: c5c0e21c67089f053b964e0a8b8adbac C:\WINDOWS\system32\DRIVERS\btwhid.sys
<unsigned> MD5: 7d295223c172ab4d61dc256721b2f09e C:\WINDOWS\system32\DRIVERS\btwmodem.sys
<unsigned> MD5: 56c701580f2891952761362ba7594b3d C:\WINDOWS\System32\Drivers\btwusb.sys
<unsigned> MD5: d979bebcf7edcc9c9ee1857d1a68c67b C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
<unsigned> MD5: 7ee0852ae8907689df25049dcd2342e8 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
<unsigned> MD5: fd0f95981fef9073659d8ec58e40aa3c C:\WINDOWS\System32\Drivers\DRVMCDB.SYS
<unsigned> MD5: b4869d320428cdc5ec4d7f5e808e99b5 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
<unsigned> MD5: cabba915f11ff2013c550bb1a9b977df C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys
<unsigned> MD5: c9c784ef93df0af20e523bf1fc8a674b C:\WINDOWS\system32\drivers\nmwcd.sys
<unsigned> MD5: 6f7e18b70364fd4eb9a868b8599b5a62 C:\WINDOWS\system32\drivers\nmwcdc.sys
<unsigned> MD5: f2febba70b0cd61b1d933c727de1f20b C:\WINDOWS\system32\drivers\nmwcdcm.sys
<unsigned> MD5: ec0d523b492764b15b3b6b1e17172201 C:\WINDOWS\system32\DRIVERS\packet.sys
<unsigned> MD5: 2c0e9e777ab1849b43494626c1f308b5 C:\WINDOWS\system32\DRIVERS\s24trans.sys
<unsigned> MD5: 22068dca607f93bf5fd5926390fb478f C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys
<unsigned> MD5: 0eccfd4c8f90d1542c9f72784ad8b2e4 C:\WINDOWS\system32\hpbmmjno.dll
<unsigned> MD5: b46ef59f21767c2516cc9e05556f03f8 C:\WINDOWS\system32\HPBPRO.EXE
<unsigned> MD5: a7e14b1c12948a25769478e1d2bd0697 C:\WINDOWS\system32\hptcpmib.dll
<unsigned> MD5: 817e370bd7cd674b4860302f63d97cd1 C:\WINDOWS\system32\hptcpmon.dll
<unsigned> MD5: 2969d26eee289be7422aa46fc55f4e38 C:\WINDOWS\system32\HPZinw12.dll
<unsigned> MD5: bafc9706bdf425a02b66468ab2605c59 C:\WINDOWS\system32\HPZipm12.dll
<unsigned> MD5: ce9b98ee57685cf61abaef078ba0c704 C:\WINDOWS\system32\hpzll5mu.dll
<unsigned> MD5: 9f22e3ce1639917eb07dcc730cd0d410 C:\WINDOWS\system32\IM31IMG.DIL
<unsigned> MD5: 86c5aac31ea7909121327701045f74bd C:\WINDOWS\system32\IMGMAN32.DLL
<unsigned> MD5: e6aa1af618037ff73a38b042e4a8a047 C:\WINDOWS\system32\KGyGaAvL.sys
<unsigned> MD5: 5d76c3fb736514e1d7c88791e7322784 C:\WINDOWS\system32\logonui.exe.manifest
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\WINDOWS\system32\msvcr71.dll
<unsigned> MD5: 5a5cff37f1bd0f86b9bdaad7a9445882 C:\WINDOWS\system32\ncpa.cpl.manifest
<unsigned> MD5: 8a4dc82dae40a041d00aa3367f2e6e23 C:\WINDOWS\system32\net3d.exe
<unsigned> MD5: 5a5cff37f1bd0f86b9bdaad7a9445882 C:\WINDOWS\system32\nwc.cpl.manifest
<unsigned> MD5: 3cfda37939e6b96c7f142e13c2ec3fa0 C:\WINDOWS\system32\OPDSL.DLL
<unsigned> MD5: af238673651efc0226ea74239b502a6f C:\WINDOWS\system32\pdf995mon.dll
<unsigned> MD5: b897c8009849458229f5e56aaafe8909 C:\WINDOWS\system32\rapi.dll
<unsigned> MD5: 5a5cff37f1bd0f86b9bdaad7a9445882 C:\WINDOWS\system32\sapi.cpl.manifest
<unsigned> MD5: d4eebf6e9559689034bb628b437be7e4 C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
<unsigned> MD5: b97cee113444789be94fb38ce4621ac3 C:\WINDOWS\system32\UStorSrv.exe
<unsigned> MD5: 9d18e9cd91c3461a3b7c744c24ea6a50 C:\WINDOWS\system32\wbtapi.dll
<unsigned> MD5: b65127736e37f638b576c82abf980c68 C:\WINDOWS\system32\WidcommSdk.dll
<unsigned> MD5: 5d76c3fb736514e1d7c88791e7322784 C:\WINDOWS\system32\WindowsLogon.manifest
<unsigned> MD5: 5a5cff37f1bd0f86b9bdaad7a9445882 C:\WINDOWS\system32\wuaucpl.cpl.manifest
<unsigned> MD5: 5a5cff37f1bd0f86b9bdaad7a9445882 C:\WINDOWS\WindowsShell.Manifest

The following file(s) must be uploaded for server-side scanning:
C:\WINDOWS\system32\net3d.exe

Upload started - 1 file(s)
C:\WINDOWS\system32\net3d.exe (167936)
Upload speed - 18 KB/s
Upload finished - 1 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 13 sec
Total traffic - 0.23 MB sent, 3.65 KB recvd
Scanned 1332 files and modules - 1170 seconds

Lastly I still do keep getting a message every now and then from the system tray saying that "You have files waiting to be written to the CD. To see the files now click this balloon". When I click the balloon I see the D drive is empty. Don't know what to make of it.

Thanks/Regards...Mokhsein
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,727 posts
  • MVP
The files BitDefender found are just from logmein. If you didn't install logmein then that would be a bad thing but if you know about logmein then that's OK.

The files that are waiting to be burned could be hidden or system files.

You could try adding a file to the burn list then delete it and see if that resets the flag. Otherwise add a file then sacrifice a CD and tell it to burn the files.

Ron
  • 0

#8
mokhseinabd

mokhseinabd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Dear Ron,

Okay, yes I must have installed Logmein sometime ago, and never got around to actually making good use of the program. Since I have never once used the program in the past 6 months I have gone ahead and uninstalled it.

Also did as you recommended for the "burn list" and everything has worked out fine.

I have reformatted my USB drives and loaded up all my files from a backup.

So far everything works fine.

Thank you very much for your help and guidance. I think it would be OK for you to close this topic now.

Warmest Regards...Mokhsein
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP