Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help ... Infected with zusudupe.dll or pikekise.dll


  • This topic is locked This topic is locked
18 replies to this topic

#1 eivac

eivac

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 11 February 2010 - 01:29 AM

Hi,

A few days back, I noticed that my system has slowed down significantly. My BlackIce application has done a wonderful job of detecting "weird stuff" and I notice that it keeps prompting to allow certain application through eg SearchProtocolHost.exe, svchost.exe but upon closer look, it seems that it was all prompted by either zusudupe.dll or pikekise.dll. See below for the screenshots.



Going through your forums seemed to suggest I have a virus, trojan, malware??

I followed in the instructions in Preparation Guide http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

- CD Emulation Software disabled successfully
- Run DDS successfully (See file below)
- Run GMER unsuccessfully twice. It finished running the scan in both situation but I am unable to save the log nor copy the results to a text file. It hung my computer to the point that I had to cold boot.

Now my computer has slowed down to the point that opening a word documents takes 14.5 secs.

If I terminate all the BlackIce prompts by either zusudupe.dll or pikekise.dll, my computer crawl to a standstill.

Please help because anything I do seem to make matter worse!!!!



DDS.txt file below from running DDS
@@@@@@@@@@@@
DDS (Ver_09-12-01.01) - NTFSx86
Run by Woei Yu Choo at 18:25:28.25 on Tue 02/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1235 [GMT -5:00]

AV: ZoneAlarm Extreme Security Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Extreme Security Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Belkin\F5D8053\v6\WifiSvc.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server 2005\90\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\ISS\BlackICE\rapapp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ZoneAlarmBackup\ZABackupWebM.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe
C:\DOCUME~1\WOEIYU~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\F5D8053\v6\BelkinWCUI.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\ZoneAlarmBackup\ZABackupBackground.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Woei Yu Choo\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: {c4657ef0-ccac-4270-ad8e-1ccec7fb7171} - fujigayu.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PestPatrol Control Center] c:\progra~1\pestpa~1\PPControl.exe
mRun: [PPMemCheck] c:\progra~1\pestpa~1\PPMemCheck.exe
mRun: [CookiePatrol] c:\progra~1\pestpa~1\CookiePatrol.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [tubedokut] Rundll32.exe "c:\windows\system32\pikekise.dll",a
StartupFolder: c:\docume~1\woeiyu~1\startm~1\programs\startup\zoneal~1.lnk - c:\program files\zonealarmbackup\ZABackupReg2ini.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8053\v6\BelkinWCUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blacki~1.lnk - c:\program files\iss\blackice\blackice.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - {8C85E2EE-9FD6-11D5-B770-504D54C10000} - c:\program files\visualroute\vrie.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: aol.com
Trusted Zone: microsoft.com
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261160137437
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258991308046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: zusudupe.dll c:\windows\system32\pikekise.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: zujahivuk - {3cc7e42d-9735-4de1-a140-a4b266e0842b} - c:\windows\system32\pikekise.dll
STS: kupuhivus: {3cc7e42d-9735-4de1-a140-a4b266e0842b} - c:\windows\system32\pikekise.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli kabunabo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\woeiyu~1\applic~1\mozilla\firefox\profiles\ym4753pa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================


==================== Find3M ====================

1601-01-01 00:03:52 52224 --sha-w- c:\windows\system32\fujigayu.dll
1601-01-01 00:03:52 52224 --sha-w- c:\windows\system32\kabunabo.dll
1601-01-01 00:03:28 51720 --sha-w- c:\windows\system32\nanehutu.exe
1601-01-01 00:03:28 93184 --sha-w- c:\windows\system32\pikekise.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\yizimife.dll
1601-01-01 00:03:52 52224 --sha-w- c:\windows\system32\zusudupe.dll

============= FINISH: 18:29:42.82 ===============




Attach.txt file below from running DDS
@@@@@@@@@@@


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/29/2006 9:32:02 PM
System Uptime: 2/9/2010 6:15:28 PM (0 hours ago)

Motherboard: Dell Inc. | |
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | Microprocessor | 1662/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 69 GiB total, 13.801 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10208086&REV_02\4&360A6DE&0&00E1
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10208086&REV_02\4&360A6DE&0&00E1
Service: w39n51

==== System Restore Points ===================

RP1119: 1/2/2010 1:02:15 AM - System Checkpoint
RP1120: 1/3/2010 9:36:39 AM - System Checkpoint
RP1121: 1/3/2010 8:31:51 PM - Software Distribution Service 3.0
RP1122: 1/4/2010 1:13:05 PM - Configured Maxtor Central Axis Manager
RP1123: 1/5/2010 1:13:25 PM - System Checkpoint
RP1124: 1/6/2010 6:21:33 PM - System Checkpoint
RP1125: 1/7/2010 11:11:25 PM - Software Distribution Service 3.0
RP1126: 1/9/2010 12:47:14 PM - System Checkpoint
RP1127: 1/11/2010 2:47:38 AM - System Checkpoint
RP1128: 1/12/2010 3:10:06 AM - System Checkpoint
RP1129: 1/13/2010 3:58:01 AM - System Checkpoint
RP1130: 1/14/2010 1:19:55 PM - System Checkpoint
RP1131: 1/15/2010 5:23:04 PM - System Checkpoint
RP1132: 1/16/2010 6:38:42 PM - System Checkpoint
RP1133: 1/17/2010 7:18:24 PM - System Checkpoint
RP1134: 1/19/2010 3:07:17 PM - System Checkpoint
RP1135: 1/20/2010 4:45:26 PM - System Checkpoint
RP1136: 1/22/2010 2:14:27 AM - System Checkpoint
RP1137: 1/23/2010 12:55:03 PM - System Checkpoint
RP1138: 1/25/2010 2:38:18 PM - System Checkpoint
RP1139: 1/26/2010 5:17:21 PM - System Checkpoint
RP1140: 1/27/2010 11:51:38 AM - Software Distribution Service 3.0
RP1141: 1/27/2010 7:26:22 PM - Installed Java™ 6 Update 18
RP1142: 1/28/2010 11:09:06 PM - System Checkpoint
RP1143: 1/29/2010 3:42:40 PM - Installed Flash
RP1144: 1/31/2010 9:27:06 PM - System Checkpoint
RP1145: 2/2/2010 1:06:07 PM - Installed WD SmartWare
RP1146: 2/3/2010 4:03:43 PM - System Checkpoint
RP1147: 2/4/2010 4:57:19 PM - System Checkpoint
RP1148: 2/7/2010 3:17:42 AM - System Checkpoint
RP1149: 2/8/2010 10:32:42 PM - System Checkpoint

==== Installed Programs ======================


==== Event Viewer Messages From Past Week ========


==== End Of File ===========================

Edited by eivac, 11 February 2010 - 01:32 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:06 PM

Posted 17 February 2010 - 05:19 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
[We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 eivac

eivac
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 17 February 2010 - 02:26 PM

Here is OTL.Txt
==========

OTL logfile created on: 2/17/2010 12:40:47 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Woei Yu Choo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.47 Gb Total Space | 12.57 Gb Free Space | 18.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INSPIRON-640M
Current User Name: Woei Yu Choo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/17 12:10:05 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Woei Yu Choo\Local Settings\temp\clclean.0001
PRC - [2010/02/17 12:01:46 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Woei Yu Choo\Desktop\OTL.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/05 08:44:16 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/09/23 19:06:22 | 002,383,728 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/09/23 19:05:04 | 001,011,080 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/09/23 09:51:48 | 000,439,664 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/09/23 09:51:42 | 000,722,288 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/09/10 10:15:42 | 000,870,672 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/06/04 17:04:02 | 001,898,000 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\ZoneAlarmBackup\ZABackupTray.exe
PRC - [2009/06/04 17:02:04 | 000,042,512 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\ZoneAlarmBackup\ZABackupBackground.exe
PRC - [2009/06/04 17:01:30 | 000,149,008 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2009/06/02 14:23:34 | 001,232,896 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\F5D8053\v6\Belkinwcui.exe
PRC - [2009/06/02 09:38:38 | 000,112,144 | ---- | M] ( Pro-Softnet) -- C:\Program Files\ZoneAlarmBackup\ZABackupWebM.exe
PRC - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/27 02:26:42 | 000,202,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server 2005\90\DTS\Binn\MsDtsSrvr.exe
PRC - [2009/04/29 13:53:32 | 000,274,432 | ---- | M] () -- C:\Program Files\Belkin\F5D8053\v6\WifiSvc.exe
PRC - [2009/01/21 12:08:06 | 001,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/01/07 11:40:56 | 000,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/12/08 12:33:48 | 001,173,384 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/22 08:22:56 | 000,095,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
PRC - [2006/06/22 02:20:10 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/08 11:48:02 | 000,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/12/28 12:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2005/12/28 11:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/12/28 11:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/12/28 11:45:02 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/12/28 11:44:24 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/12/13 02:45:00 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/12/13 02:41:08 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/12/13 02:41:00 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2005/10/31 10:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2005/10/05 02:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/05/04 09:14:00 | 000,778,240 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\ISS\BlackICE\blackice.exe
PRC - [2005/02/16 15:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/01/10 08:35:16 | 000,073,728 | ---- | M] (Computer Associates International) -- C:\Program Files\PestPatrol\CookiePatrol.exe
PRC - [2004/11/15 10:49:54 | 000,098,304 | ---- | M] (Computer Associates International) -- C:\Program Files\PestPatrol\PPControl.exe
PRC - [2004/10/13 00:10:53 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
PRC - [2004/09/09 12:38:04 | 001,229,430 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\ISS\BlackICE\blackd.exe
PRC - [2004/04/14 14:46:50 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2004/04/02 14:11:54 | 000,148,480 | ---- | M] () -- C:\Program Files\PestPatrol\PPMemCheck.exe
PRC - [2003/02/25 18:25:58 | 000,684,032 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\ISS\BlackICE\RapApp.exe


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 000,093,184 | -HS- | M] () -- C:\WINDOWS\system32\pikekise.dll
MOD - [2099/01/01 12:00:00 | 000,053,760 | -HS- | M] () -- C:\WINDOWS\system32\miliyepa.dll
MOD - [2010/02/17 12:01:46 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Woei Yu Choo\Desktop\OTL.exe
MOD - [2009/09/23 09:52:04 | 000,603,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/09/23 09:51:40 | 000,525,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll
MOD - [2009/09/10 10:15:48 | 000,013,072 | ---- | M] () -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\MlfHook.dll
MOD - [2009/07/12 00:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 00:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2009/02/13 13:11:44 | 000,100,864 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\klg.dat
MOD - [2008/11/13 13:19:40 | 000,148,944 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2005/12/13 02:39:58 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Fipsp6rv)
SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/17 16:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/11/05 08:44:16 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/09/23 19:06:22 | 002,383,728 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/09/23 09:51:48 | 000,439,664 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/04 17:01:30 | 000,149,008 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
SRV - [2009/06/02 09:38:38 | 000,112,144 | ---- | M] ( Pro-Softnet) [Auto | Running] -- C:\Program Files\ZoneAlarmBackup\ZABackupWebM.exe -- (ZABackupWebM)
SRV - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$WIS_SQLS2005) SQL Server (WIS_SQLS2005)
SRV - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/05/27 02:26:50 | 000,013,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe -- (ReportServer$WIS_SQLS2005) SQL Server Reporting Services (WIS_SQLS2005)
SRV - [2009/05/27 02:26:46 | 014,950,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe -- (MSOLAP$WIS_SQLS2005) SQL Server Analysis Services (WIS_SQLS2005)
SRV - [2009/05/27 02:26:42 | 000,202,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server 2005\90\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer)
SRV - [2009/04/29 13:53:32 | 000,274,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\F5D8053\v6\WifiSvc.exe -- (Belkin Wifi Service)
SRV - [2009/01/21 12:08:06 | 001,095,560 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 11:40:56 | 000,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/12/18 09:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$WIS_SQLS2K\Binn\sqlservr.exe -- (MSSQL$WIS_SQLS2K)
SRV - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 000,346,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE -- (SQLAgent$WIS_SQLS2005) SQL Server Agent (WIS_SQLS2005)
SRV - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/03/30 09:36:30 | 000,504,104 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/09/06 12:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/06/22 08:22:56 | 000,095,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql$WIS_SQLS2005) SQL Server FullText Search (WIS_SQLS2005)
SRV - [2007/06/09 23:20:40 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/12/02 05:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/11/09 18:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/07/03 12:36:48 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006/07/03 11:17:04 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/06/22 02:20:10 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/12/28 12:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2005/12/28 11:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/12/28 11:45:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/12/28 11:44:24 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/08/30 17:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)
SRV - [2005/05/03 20:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$WIS_SQLS2K\binn\sqlagent.exe -- (SQLAgent$WIS_SQLS2K)
SRV - [2004/10/13 00:10:53 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)
SRV - [2004/09/09 12:38:04 | 001,229,430 | ---- | M] (Internet Security Systems, Inc.) [Auto | Running] -- C:\Program Files\ISS\BlackICE\blackd.exe -- (BlackICE)
SRV - [2003/07/28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/02/25 18:25:58 | 000,684,032 | ---- | M] (Internet Security Systems, Inc.) [Auto | Running] -- C:\Program Files\ISS\BlackICE\rapapp.exe -- (RapApp)


========== Driver Services (SafeList) ==========

DRV - [2009/12/16 09:41:00 | 000,592,000 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/09/23 19:05:06 | 000,482,696 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/09/23 09:51:34 | 000,035,448 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2009/09/23 09:51:34 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/04/03 10:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/29 11:01:28 | 000,016,168 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/15 17:18:30 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2006/12/02 02:10:00 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys -- (VSPerfDrv)
DRV - [2006/11/08 02:02:34 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32)
DRV - [2006/11/06 17:04:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/06/22 02:14:22 | 000,021,275 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 11:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/02/09 20:31:00 | 000,039,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/01/20 16:08:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/11 16:29:42 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/12/28 13:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/13 03:09:34 | 001,364,574 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/12/04 09:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 00:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 00:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 00:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/10/04 21:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/09/20 16:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/04 20:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/08/01 14:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/14 03:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 02:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 04:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/05/25 02:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/03/30 09:40:42 | 000,229,331 | ---- | M] (Internet Security Systems, Inc.) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\blackdrv.sys -- (black)
DRV - [2005/01/26 02:03:00 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/01/10 03:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 03:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/10/19 09:07:22 | 000,009,728 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFModNT.sys -- (PfModNT)
DRV - [2004/08/04 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/10/24 15:57:04 | 000,104,968 | ---- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RapDrv.sys -- (RapDrv)
DRV - [2003/02/25 18:26:44 | 000,024,344 | ---- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RapNet.sys -- (RapNet)
DRV - [2003/02/25 18:26:28 | 000,036,644 | ---- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RapFile.sys -- (RapFile)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2001/08/17 12:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1643994713-333915741-387064995-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\S-1-5-21-1643994713-333915741-387064995-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1643994713-333915741-387064995-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1643994713-333915741-387064995-1005\S-1-5-21-1643994713-333915741-387064995-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.36.15
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.5
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/01/13 13:11:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components [2010/01/06 17:37:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/01/06 17:37:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/12 09:22:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/12 09:22:57 | 000,000,000 | ---D | M]

[2009/01/30 16:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Woei Yu Choo\Application Data\Mozilla\Extensions
[2009/01/30 16:29:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Woei Yu Choo\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010/02/12 12:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Woei Yu Choo\Application Data\Mozilla\Firefox\Profiles\ym4753pa.default\extensions
[2009/11/12 00:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Woei Yu Choo\Application Data\Mozilla\Firefox\Profiles\ym4753pa.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/01/20 09:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Woei Yu Choo\Application Data\Mozilla\Firefox\Profiles\ym4753pa.default\extensions\firebug@software.joehewitt.com
[2010/01/14 09:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Woei Yu Choo\Application Data\Mozilla\Firefox\Profiles\ym4753pa.default\extensions\lazarus@interclue.com
[2007/05/13 22:32:24 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Woei Yu Choo\Application Data\Mozilla\Firefox\Profiles\ym4753pa.default\searchplugins\siteadvisor.xml
[2010/02/12 12:38:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/21 16:01:27 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2008/02/25 09:52:33 | 000,125,328 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2007/12/21 16:01:29 | 000,097,680 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2008/02/25 09:53:30 | 000,099,656 | ---- | M] (WebEx Communications, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\mwmcli.dll
[2007/12/21 16:01:23 | 000,060,304 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

O1 HOSTS File: ([2009/01/26 22:36:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1643994713-333915741-387064995-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1643994713-333915741-387064995-1005\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CookiePatrol] c:\Program Files\PestPatrol\CookiePatrol.exe (Computer Associates International)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe File not found
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe File not found
O4 - HKLM..\Run: [PestPatrol Control Center] c:\Program Files\PestPatrol\PPControl.exe (Computer Associates International)
O4 - HKLM..\Run: [PPMemCheck] c:\Program Files\PestPatrol\PPMemCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [tubedokut] C:\WINDOWS\System32\pikekise.DLL ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe File not found
O4 - HKLM..\Run: [VSOCheckTask] C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1643994713-333915741-387064995-1005..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe File not found
O4 - HKU\S-1-5-21-1643994713-333915741-387064995-1005..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F5D8053\v6\Belkinwcui.exe (Belkin International, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe (Internet Security Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Woei Yu Choo\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk = C:\Program Files\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1643994713-333915741-387064995-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1643994713-333915741-387064995-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1643994713-333915741-387064995-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (VisualWare)
O9 - Extra 'Tools' menuitem : VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (VisualWare)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1643994713-333915741-387064995-1005\..Trusted Domains: aol.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1643994713-333915741-387064995-1005\..Trusted Domains: internet ([]about in Internet)
O15 - HKU\S-1-5-21-1643994713-333915741-387064995-1005\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1643994713-333915741-387064995-1005\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1643994713-333915741-387064995-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1261160137437 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1258991308046 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\windows\system32\pikekise.dll) - C:\WINDOWS\system32\pikekise.dll ()
O20 - AppInit_DLLs: (miliyepa.dll) - C:\WINDOWS\System32\miliyepa.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: zujahivuk - {3cc7e42d-9735-4de1-a140-a4b266e0842b} - C:\WINDOWS\system32\pikekise.dll ()
O22 - SharedTaskScheduler: {3cc7e42d-9735-4de1-a140-a4b266e0842b} - kupuhivus - C:\WINDOWS\system32\pikekise.dll ()
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##Dell700#Drive_H\Shell - "" = AutoRun
O33 - MountPoints2\##Dell700#Drive_H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##Dell700#Drive_H\Shell\AutoRun\command - "" = Z:\Install FreeAgent Tools.exe -- File not found
O33 - MountPoints2\{0aad6e3a-8cd8-11de-80af-0015c57abe35}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{1c3c8c6e-1025-11df-8168-0015c57abe35}\Shell - "" = AutoRun
O33 - MountPoints2\{1c3c8c6e-1025-11df-8168-0015c57abe35}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1c3c8c6e-1025-11df-8168-0015c57abe35}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{31c14d74-e324-11dd-9f9f-0015c57abe35}\Shell\AutoRun\command - "" = E:\Launch.exe -- File not found
O33 - MountPoints2\{6186a14d-3a6f-11de-a009-0015c57abe35}\Shell\AutoRun\command - "" = F:\DPF_V211.exe -- File not found
O33 - MountPoints2\{8b398f7a-4757-11db-9a41-001422ae52d2}\Shell\AutoRun\command - "" = E:\Launch.exe -- File not found
O33 - MountPoints2\{b260a840-2179-11db-99f8-001422ae52d2}\Shell\AutoRun\command - "" = E:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 17:02:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "TapiSrv"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SQL Prompt.lnk - C:\Program Files\Red Gate\SQL Prompt\RedGate.SQLPrompt.exe - (Red Gate Software Ltd)
MsConfig - StartUpFolder: C:^Documents and Settings^Woei Yu Choo^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: CTSysVol - hkey= - key= - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
MsConfig - StartUpReg: Dell QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: ECenter - hkey= - key= - c:\dell\E-Center\gtb.exe File not found
MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: IntelWireless - hkey= - key= - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
MsConfig - StartUpReg: IntelZeroConfig - hkey= - key= - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MimBoot - hkey= - key= - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\Media Experience\PCMService.exe File not found
MsConfig - StartUpReg: QBReminderFlash - hkey= - key= - C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: VoiceCenter - hkey= - key= - C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {66DA9ADD-B1C4-4891-84D6-706E216B411B} - Security Update for Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU (KB947738)
ActiveX: {6803DF8A-43CE-4E52-B455-0B9B09D6E2D1} - Security Update for Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU (KB971023)
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {94E2AAC1-CAE5-4F73-B0D1-C471BA1F8E2A} - Security Update for Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU (KB937061)
ActiveX: {964C8238-245C-4475-BB6E-D19D2C1220F2} - Security Update for Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU (KB973673)
ActiveX: {983F92EB-899B-0BD5-2A42-D2D21CD50B70} - Viewpoint Media Player
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BECB938C-6BC2-48C6-A0A6-4B61E85F584C} - Security Update for Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU (KB971090)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDBADC37-C1E6-383E-CE1A-01499A621CD3} - DirectAnimation
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} - Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU Service Pack 1 (KB926601)
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FE494EDB-EA76-4684-39A5-2D3D7D523EB6} - Viewpoint Media Player
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: aux4 - wdmaud.sys File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CSCD - C:\WINDOWS\System32\camcodec.dll (RenderSoft Software.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/17 12:36:29 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Woei Yu Choo\Desktop\OTL.exe
[2010/02/12 23:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woei Yu Choo\Desktop\Outlook
[2010/02/12 12:37:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/12 12:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/12 12:37:35 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/12 12:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/09 17:21:46 | 000,000,000 | ---D | C] -- C:\Lop SD
[2010/02/09 17:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/09 16:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woei Yu Choo\Desktop\SecTools
[2010/02/09 15:45:16 | 027,386,256 | ---- | C] ( ) -- C:\Documents and Settings\Woei Yu Choo\Desktop\AdbeRdr930_en_US.exe
[2010/02/09 15:37:00 | 016,254,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Woei Yu Choo\Desktop\jre-6u18-windows-i586.exe
[2010/02/03 20:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Artisteer 2
[2010/02/03 15:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ServiceTest
[2010/02/02 13:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woei Yu Choo\Local Settings\Application Data\Western_Digital
[2010/02/02 13:38:32 | 000,011,520 | ---- | C] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys
[2010/02/02 13:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/02/02 13:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woei Yu Choo\Local Settings\Application Data\Western DigitalTemp
[2010/02/02 13:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woei Yu Choo\Application Data\Western DigitalTemp
[2010/02/02 13:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/02/02 13:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woei Yu Choo\Application Data\Western Digital
[2010/02/02 13:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/02/02 13:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woei Yu Choo\Local Settings\Application Data\Western Digital
[2010/01/27 19:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/01/27 19:27:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/27 19:27:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/27 19:27:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/06 15:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/12/18 13:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SACore
[2008/10/25 11:29:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/06/05 12:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2008/06/05 00:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2007/09/20 14:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/09/02 23:57:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/07/26 20:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Intuit
[2007/05/24 21:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/03/18 22:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intuit
[2006/09/06 18:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\GTek
[2006/08/27 20:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2006/08/04 17:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/07/18 11:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/07/10 12:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2006/06/29 20:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2006/06/29 20:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Woei Yu Choo\My Documents\*.tmp files -> C:\Documents and Settings\Woei Yu Choo\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,093,184 | -HS- | M] () -- C:\WINDOWS\System32\pikekise.dll
[2099/01/01 12:00:00 | 000,093,184 | -HS- | M] () -- C:\WINDOWS\System32\godobovo.dll
[2099/01/01 12:00:00 | 000,093,184 | -HS- | M] () -- C:\WINDOWS\System32\finegefo.dll
[2099/01/01 12:00:00 | 000,062,464 | -HS- | M] () -- C:\WINDOWS\System32\zozefebe.dll
[2099/01/01 12:00:00 | 000,053,760 | -HS- | M] () -- C:\WINDOWS\System32\yuhisona.dll
[2099/01/01 12:00:00 | 000,053,760 | -HS- | M] () -- C:\WINDOWS\System32\wunipilo.dll
[2099/01/01 12:00:00 | 000,053,760 | -HS- | M] () -- C:\WINDOWS\System32\tebudati.dll
[2099/01/01 12:00:00 | 000,053,760 | -HS- | M] () -- C:\WINDOWS\System32\miliyepa.dll
[2099/01/01 12:00:00 | 000,052,224 | -HS- | M] () -- C:\WINDOWS\System32\zusudupe.dll
[2099/01/01 12:00:00 | 000,051,720 | -HS- | M] () -- C:\WINDOWS\System32\nanehutu.exe
[2099/01/01 12:00:00 | 000,051,200 | -HS- | M] () -- C:\WINDOWS\System32\tukideka.exe
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\yizimife.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\yeyozoda.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\marokeru.dll
[2010/02/17 12:42:30 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\kozasuru
[2010/02/17 12:11:49 | 000,000,144 | ---- | M] () -- C:\WINDOWS\System32\pdfl.dat
[2010/02/17 12:11:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/17 12:08:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/17 12:08:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/17 12:08:11 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/17 12:01:46 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Woei Yu Choo\Desktop\OTL.exe
[2010/02/16 03:17:36 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Woei Yu Choo\ntuser.ini
[2010/02/16 03:17:35 | 022,020,096 | -H-- | M] () -- C:\Documents and Settings\Woei Yu Choo\NTUSER.DAT
[2010/02/16 03:16:53 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\vpsuxmtm.job
[2010/02/16 02:01:31 | 004,821,432 | -H-- | M] () -- C:\Documents and Settings\Woei Yu Choo\Local Settings\Application Data\IconCache.db
[2010/02/12 23:37:49 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\wavokeju.dll
[2010/02/12 23:26:30 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/02/11 00:57:27 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Woei Yu Choo\Desktop\SmitfraudFix.exe
[2010/02/09 18:32:53 | 000,001,268 | ---- | M] () -- C:\Documents and Settings\Woei Yu Choo\Desktop\Attach.zip
[2010/02/09 18:23:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Woei Yu Choo\defogger_reenable
[2010/02/09 15:47:00 | 027,386,256 | ---- | M] ( ) -- C:\Documents and Settings\Woei Yu Choo\Desktop\AdbeRdr930_en_US.exe
[2010/02/09 15:37:49 | 016,254,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Woei Yu Choo\Desktop\jre-6u18-windows-i586.exe
[2010/02/09 09:00:04 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\{C0E49200-9214-41ED-B6D6-A5D6CB76C8DB}_INSPIRON-640M_Woei Yu Choo.job
[2010/02/08 19:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/08 02:06:00 | 000,000,099 | ---- | M] () -- C:\WINDOWS\Library.ini
[2010/02/06 00:52:32 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Woei Yu Choo\Desktop\MyPoints.xls
[2010/01/27 11:53:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/23 10:09:39 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Woei Yu Choo\Desktop\Schedule.xls
[2010/01/19 09:43:49 | 000,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/18 22:40:17 | 000,230,808 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/01/18 18:30:36 | 000,088,168 | ---- | M] () -- C:\Documents and Settings\Woei Yu Choo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Woei Yu Choo\My Documents\*.tmp files -> C:\Documents and Settings\Woei Yu Choo\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\pikekise.dll
[2099/01/01 12:00:00 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\godobovo.dll
[2099/01/01 12:00:00 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\finegefo.dll
[2099/01/01 12:00:00 | 000,062,464 | -HS- | C] () -- C:\WINDOWS\System32\zozefebe.dll
[2099/01/01 12:00:00 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\yuhisona.dll
[2099/01/01 12:00:00 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\wunipilo.dll
[2099/01/01 12:00:00 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\tebudati.dll
[2099/01/01 12:00:00 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\miliyepa.dll
[2099/01/01 12:00:00 | 000,052,224 | -HS- | C] () -- C:\WINDOWS\System32\zusudupe.dll
[2099/01/01 12:00:00 | 000,051,720 | -HS- | C] () -- C:\WINDOWS\System32\nanehutu.exe
[2099/01/01 12:00:00 | 000,051,200 | -HS- | C] () -- C:\WINDOWS\System32\tukideka.exe
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yizimife.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yeyozoda.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\marokeru.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\kozasuru
[2010/02/12 23:37:49 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\wavokeju.dll
[2010/02/11 01:27:37 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\vpsuxmtm.job
[2010/02/11 00:57:54 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Woei Yu Choo\Desktop\SmitfraudFix.exe
[2010/02/09 18:32:53 | 000,001,268 | ---- | C] () -- C:\Documents and Settings\Woei Yu Choo\Desktop\Attach.zip
[2010/02/09 18:23:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Woei Yu Choo\defogger_reenable
[2010/01/23 10:09:39 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Woei Yu Choo\Desktop\Schedule.xls
[2009/12/17 12:51:33 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/10/08 17:02:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2009/10/07 13:50:41 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/10/07 13:50:40 | 000,441,705 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/09/17 12:16:53 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\SSLSVC.DLL
[2009/09/17 12:16:53 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009/09/17 12:16:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2009/09/17 12:16:53 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009/09/17 12:16:50 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lang_cfml.dll
[2009/09/17 12:16:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\xml_datagrove.dll
[2009/08/04 23:06:47 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Library.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/23 14:35:25 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/05/19 21:03:17 | 000,000,118 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI
[2008/04/09 17:42:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\ContentCheckup.ini
[2008/02/21 00:39:16 | 000,010,650 | ---- | C] () -- C:\Documents and Settings\Woei Yu Choo\Application Data\DPG_firefox_test.html
[2007/11/04 12:19:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/16 15:12:14 | 000,581,590 | ---- | C] () -- C:\Documents and Settings\Woei Yu Choo\Application Data\fontlst2.opf
[2007/06/28 01:38:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/05/21 19:08:15 | 000,013,010 | ---- | C] () -- C:\Documents and Settings\Woei Yu Choo\Application Data\Comma Separated Values (Windows).CAL
[2007/04/23 20:23:00 | 000,003,139 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/06 12:49:51 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/02/06 12:49:51 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2007/01/25 21:18:47 | 000,399,872 | ---- | C] () -- C:\WINDOWS\c4dstand.dll
[2007/01/25 21:18:29 | 000,003,170 | ---- | C] () -- C:\WINDOWS\AppDev.ini
[2007/01/18 19:17:16 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\$_hpcst$.hpc
[2007/01/17 12:14:25 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Woei Yu Choo\Application Data\PFP120JPR.{PB
[2007/01/17 12:14:25 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Woei Yu Choo\Application Data\PFP120JCM.{PB
[2006/12/29 20:54:53 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Woei Yu Choo\Application Data\$_hpcst$.hpc
[2006/12/29 20:30:47 | 000,000,410 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/12/29 20:30:47 | 000,000,211 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/12/29 20:30:47 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/12/29 20:30:47 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/12/29 20:29:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2006/12/29 20:26:31 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/12/27 18:06:59 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2006/12/06 13:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/03 01:49:51 | 000,000,218 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/05 00:08:35 | 000,196,096 | ---- | C] () -- C:\Documents and Settings\Woei Yu Choo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/05 16:31:08 | 000,327,680 | R--- | C] () -- C:\WINDOWS\System32\psctsnmp.dll
[2006/07/03 23:16:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Woei Yu Choo\Application Data\dvd.bmk
[2006/07/02 01:50:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2006/07/02 01:48:45 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/07/02 01:48:44 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/07/02 01:46:55 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/07/02 01:46:55 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/07/02 01:46:54 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/07/02 00:16:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/01 16:59:09 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmbi.sys
[2006/06/29 20:48:25 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Woei Yu Choo\Local Settings\Application Data\fusioncache.dat
[2006/06/29 20:43:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/22 02:37:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/22 02:33:44 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/22 02:21:15 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/06/22 02:19:54 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/06/22 02:19:30 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/06/22 01:55:06 | 001,355,938 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/06/22 01:54:40 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/06/22 01:52:32 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/02 17:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2005/09/01 21:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/02/06 16:04:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\TRMPRO.DLL
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2003/03/11 08:29:10 | 001,388,544 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\MSVBVM60.DLL
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/06/18 15:24:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/06/18 15:24:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/18 15:24:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/06/18 15:24:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4
< End of report >


Here is Extras.Txt
============

OTL Extras logfile created on: 2/17/2010 12:40:47 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Woei Yu Choo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.47 Gb Total Space | 12.57 Gb Free Space | 18.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INSPIRON-640M
Current User Name: Woei Yu Choo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1643994713-333915741-387064995-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)
"C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe" = C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Disabled:Fireworks MX -- (Macromedia Inc.)
"C:\Program Files\Maxtor\ManagerApp\MaxUtilities.exe" = C:\Program Files\Maxtor\ManagerApp\MaxUtilities.exe:*:Enabled:Maxtor EasyManage™ -- File not found
"C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe" = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Program Files\McAfee\MSC\mcuimgr.exe" = C:\Program Files\McAfee\MSC\mcuimgr.exe:*:Disabled:McAfee User Interface Manager -- File not found
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0D61D68B-DF5E-4635-82C7-B0C53F0A581B}" = Microsoft SQL Server 2005 Backward compatibility
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{17F6CD67-0E9D-4C4B-8F49-17F081092AE2}" = Better Homes and Gardens Interior Designer 7.0
"{1B041548-33BC-4174-8B97-ADC9B7948488}" = Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU
"{1BC21146-767D-427D-BC91-2AB88B5ECE73}" = eReader
"{1EE4800E-D7D9-40AA-81AE-3B257E3AD3EF}" = Vidpass Encoder
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{2373A92B-1C1C-4E71-B494-5CA97F96AA19}" = Microsoft SQL Server 2005 (WIS_SQLS2005)
"{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 18
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3BDB182E-8371-46BD-AC39-C14A91D5EEF8}" = Microsoft SQL Server 2005 Reporting Services (WIS_SQLS2005)
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin N Wireless USB Adapter Setup
"{4EFB800B-4BD5-4B10-AE72-03DA31834146}" = Infragistics NetAdvantage 2004 Vol. 2
"{51729BDF-5ED6-41ED-9CC6-5BFC7F4A4C18}" = Better Homes and Gardens Landscaping and Deck Designer 7.0
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5757AE1A-1DB4-4898-9806-09F77FBD5E57}" = MSDN Library for Visual Studio .NET 2003
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5E0E7843-AD3F-4B59-A653-1A51EE2EDDC3}" = Better Homes and Gardens Interior Designer 7.0 Training Videos
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{64658686-0CD4-4CF6-983D-0A6BE32007DB}" = Business Complete Care Services Agreement
"{67A5D171-4C74-4075-A492-0E480FA4B944}" = Brother BRAdmin Professional 2.49
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A743C22-18A5-4839-A8F3-B7E420445241}" = Smtp.NET 3
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6E86E4B2-479F-48ED-8B98-76D500D071D2}" = RadControls Q1 2007
"{6FDD4688-E063-401D-B6BE-7234E20B9173}" = Microsoft SQL Server 2005 Books Online (English) (September 2007)
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76542EE3-5849-11D2-9C18-00609707C0FF}" = BlackICE
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{8415F660-5FDC-4601-97DD-43A783600F4B}" = SQLXML4
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6CBEF0-7F31-4B83-B30E-8F2EF8AF0FA6}" = Better Homes and Gardens Landscaping and Deck Designer 7.0 Training Videos
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A8F4EF8-160C-4E0F-B32D-92E2313E039B}" = Microsoft Baseline Security Analyzer 2.0
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}" = Macromedia HomeSite+
"{8E55813F-2FA3-47E8-9AF9-31DC0B4AE3ED}" = Mindjet MindManager Viewer 7
"{90032DD0-ABEE-4424-AC1E-B076BDD4E350}" = Microsoft SQL Server 2005 Tools
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90550409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio for Enterprise Architects
"{90A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
"{982DB00A-9C4E-436B-8707-18E113BAA44C}" = Microsoft SQL Server 2005 Analysis Services (WIS_SQLS2005)
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FAEB5B2-4548-45AB-AC5B-510176BED53D}" = SQL Prompt
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{C7EA29FC-78F2-4680-9D9B-22CA8191E63C}" = Microsoft Visual SourceSafe 2005 - ENU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{DE12AC99-F988-4EE5-BDE9-62623EE42E3B}" = MyAttorney Home And Business
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E05F0409-0E9A-48A1-AC04-E35E3033604A}" = Visual Studio .NET Enterprise Architect 2003 - English
"{E0A41F96-7231-4AE8-A654-EEB34F935462}" = Microsoft SQL Server 2005 Integration Services
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Applian FLV Player2.0.24" = Applian FLV Player
"Artisteer" = Artisteer
"Artisteer 2" = Artisteer 2
"BurnInTest_is1" = BurnInTest v2.3 Standard
"camcodec" = CamStudio Lossless Codec
"CD - DVD Publishing Service" = CD - DVD Publishing Service
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"getPlus®_dll" = getPlus®_dll
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"IisUrlScan" = IIS UrlScan Tool 2.0 (Uninstall)
"Impact Web Audio_is1" = Impact Web Audio Light
"InstallShield_{DE12AC99-F988-4EE5-BDE9-62623EE42E3B}" = MyAttorney Home And Business
"InterActual Player" = InterActual Player
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2000 (WIS_SQLS2K)" = Microsoft SQL Server 2000 (WIS_SQLS2K)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual SourceSafe 2005 - ENU" = Microsoft Visual SourceSafe 2005 - ENU
"Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU" = Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
"ProInst" = Intel® PROSet/Wireless Software
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"Spyware Doctor" = Spyware Doctor 6.0
"Squeeze Buzz_is1" = Squeeze Buzz v2.0
"SqueezePageCreator_is1" = SqueezePageCreator v2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TopStyle Lite (Version 2)" = TopStyle Lite (Version 2)
"TurboTax Business 2006" = TurboTax Business 2006
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual SourceSafe 6.0" = Microsoft Visual SourceSafe 6.0
"Visual Studio .NET Enterprise Architect 2003 - English" = Microsoft Visual Studio .NET Enterprise Architect 2003 - English
"VisualRoute" = VisualRoute
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xerox Phaser 860" = Xerox Phaser 860
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoneAlarm Backup Powered by IDrive_is1" = ZoneAlarm Backup Powered by IDrive version 1.0.4 June 04, 2009
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1643994713-333915741-387064995-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/12/2010 1:34:20 PM | Computer Name = INSPIRON-640M | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
This
operation returned because the timeout period expired. (0x800705b4)

Error - 2/16/2010 2:57:45 AM | Computer Name = INSPIRON-640M | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)


Error - 2/16/2010 2:57:45 AM | Computer Name = INSPIRON-640M | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)

Error - 2/16/2010 2:57:45 AM | Computer Name = INSPIRON-640M | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 2/16/2010 2:57:45 AM | Computer Name = INSPIRON-640M | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

Error - 2/16/2010 3:11:47 AM | Computer Name = INSPIRON-640M | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)


Error - 2/16/2010 3:11:48 AM | Computer Name = INSPIRON-640M | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)

Error - 2/16/2010 3:11:48 AM | Computer Name = INSPIRON-640M | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 2/16/2010 3:11:48 AM | Computer Name = INSPIRON-640M | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

Error - 2/17/2010 1:12:30 PM | Computer Name = INSPIRON-640M | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ System Events ]
Error - 2/16/2010 4:07:08 AM | Computer Name = INSPIRON-640M | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/16/2010 4:07:11 AM | Computer Name = INSPIRON-640M | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/16/2010 4:07:12 AM | Computer Name = INSPIRON-640M | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/16/2010 4:07:13 AM | Computer Name = INSPIRON-640M | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/16/2010 4:07:13 AM | Computer Name = INSPIRON-640M | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/16/2010 4:07:19 AM | Computer Name = INSPIRON-640M | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/16/2010 4:07:23 AM | Computer Name = INSPIRON-640M | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/16/2010 4:07:30 AM | Computer Name = INSPIRON-640M | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/16/2010 4:07:33 AM | Computer Name = INSPIRON-640M | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/16/2010 4:07:33 AM | Computer Name = INSPIRON-640M | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >


Thank you very much!

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:06 PM

Posted 17 February 2010 - 02:44 PM

Hi,

please run Malwarebytes:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

As well as a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 eivac

eivac
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 17 February 2010 - 05:28 PM

Hi,

I encountered a problem when installing Malwarebytes Anti-Malware.

I download it and click on the mbam-setup.exe. I followed all the prompts faithfulling including selecting the language and accepting the agreement. But at the end of the installation, I got 2 pop up windows error message.

+++++++++++++++
Unable to execute file:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

CreateProcess failed; code 2.
The system cannot find the file specified.
+++++++++++++++

Clicking Okay in both situation, leads me to the final screen where there is a "Finish" button. Clicking on that "Finish" button gave me another 2 more pop up windows error message.

+++++++++++++++
Unable to execute file:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

CreateProcess failed; code 2.
The system cannot find the file specified.
+++++++++++++++

The MBAM did not automatically start. And when I click on the short cut link created on my desktop, it says it couldn't find mbam.exe file.

I download the Malwarebytes Anti-Malware from the second mirror site and the same problems as describe above happened.

Help?

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:06 PM

Posted 17 February 2010 - 05:43 PM

Hi,

Once you have installed Malwarebytes and get the error again, please download the following file: link
When your browser prompts you where to save it to, please save it to the C:\program files\Malwarebytes' Anti-Malware\ folder. When downloading the file, it will have a random filename. Please leave the filename the way it is as it is important that it is not changed. You may want to write down the name of the file as you will need to know the name in the next step.

Once the file has been downloaded, open the C:\program files\Malwarebytes' Anti-Malware\ folder and double-click on the file you downloaded. Malwarebytes will now start.

Please follow the instructions from my previous post from here on.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 eivac

eivac
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 20 February 2010 - 01:57 AM

The file you gave me above works. I can now scan Malwarebytes.

It finished the scan successful and found about 20 malware. There was no error when I click on "Remove Selected".

I was prompted to reboot to complete the removal of malware which I did so immediately. Again no problems whatsoever.

I download the gmer file from the main mirror site. Disabled all active protection including BlackIce, ZoneAlarm and PestPatrol before running the application. There was no warning about any rootkit activity. It took about 5 to 7 hours to finished scanning.

When I click on the "Save" button to save the scan results, it seemed to hang. At first I thought it was slow but after leaving it for 3 hours, the computer still did not respond.

I did a cold boot. I rerun the scan again and this time, I click on the "Copy button" hoping to copy the results and save it in a text file. Again the same problem occurred. The computer did not respond.

Next time I ran the gmer file in Safe mode. The first time it ran, the scan finished successfully. Unfortunately, since it was in Safe mode, the resolution of the screen was defaults to 800by600. I cannot click on the "Save" button. While I was trying to hook up the screen to a bigger monitor so I can the "Save" button, the gmer window closed without warning.

So once again I tried t run the gmer file in Safe mode but for the past 6 hours, it stop at cdfs.sys and never proceed further. I seemed to be stuck and unable to proceed further.

Below is the MBAM log file
==================

Malwarebytes' Anti-Malware 1.44
Database version: 3753
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/17/2010 7:08:50 PM
mbam-log-2010-02-17 (19-08-50).txt

Scan type: Quick Scan
Objects scanned: 161793
Time elapsed: 9 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\miliyepa.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\pikekise.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wunipilo.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{3cc7e42d-9735-4de1-a140-a4b266e0842b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tubedokut (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{3cc7e42d-9735-4de1-a140-a4b266e0842b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\zujahivuk (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: wunipilo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\pikekise.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\pikekise.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\finegefo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\godobovo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\marokeru.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\miliyepa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pikekise.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tebudati.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wavokeju.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wunipilo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yeyozoda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yizimife.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yuhisona.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zozefebe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zusudupe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nanehutu.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Woei Yu Choo\Local Settings\temp\n.exn (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Woei Yu Choo\Local Settings\Temporary Internet Files\Content.IE5\3YFFVLBQ\load[1].php (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Woei Yu Choo\Local Settings\Temporary Internet Files\Content.IE5\TWLJ648R\default[1].htm (Trojan.Vundo.H) -> Quarantined and deleted successfully.






Thank you so much for your help.

Cheers,

Edited by eivac, 20 February 2010 - 01:58 AM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:06 PM

Posted 20 February 2010 - 07:55 AM

Hi,

please try running RootRepeal isntead:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

How is your PC doing? Are you getting redirected? Popups?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 eivac

eivac
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 22 February 2010 - 05:20 PM

Hi,

Thanks for such prompt reply.

I have downloaded the RootRepeal and click on the application.

Unfortunately, all I see is a window with the words "Initiating, please wait".

After waiting for 3 hours, I have a pop up message from windows ...

==========
Windows - Virtual Memory Minimum Too Low
Your system is low on virtual memory. Windows is increeasing the size of your virtual paginc file.
During this process, memory requests for some applications may be denied. For more information, see Help.
==========


I reboot my machine and the same problem occurred.

Your questions about how my PC is doing got me thinking.

My computer never had the problem of redirection but I did get a lot of pop up from BlackIce and slows down my computer to a standstill. Now I am happy to say I don't.

I have been running other scans and see if everything is okay. So far everything is clear.

I also ran the Malwarebytes' Anti-Malware scan and found another 10 malware. I removed the Malware via the button and ran the application once again. So far, I am clean.

I like to think my computer is clean. But the fact that I was unable to initialize RootRepeal application and neither was I able to successful run GMER program have me quite concerned. Is this normal? Below is the logs file I have for the Malwarebytes' Anti-Malware.

Should I take it that everything is okay and move on?

Thank you so much for your help!!!!






Below the is the log for the first Malware scan
++++++++
Malwarebytes' Anti-Malware 1.44
Database version: 3770
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/21/2010 4:27:17 PM
mbam-log-2010-02-21 (16-27-17).txt

Scan type: Full Scan (C:\|)
Objects scanned: 426243
Time elapsed: 4 hour(s), 50 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1149\A0337234.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1149\A0337235.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1149\A0338243.dll (Trojan.Vundo.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1154\A0338527.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1154\A0338528.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1154\A0338532.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1154\A0338534.dll (Trojan.Vundo.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1154\A0338535.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1154\A0338536.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1154\A0338547.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

++++++++++++


Below the is the log for the second Malware scan
++++++++
Malwarebytes' Anti-Malware 1.44
Database version: 3772
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/22/2010 12:37:38 AM
mbam-log-2010-02-22 (00-37-38).txt

Scan type: Full Scan (C:\|)
Objects scanned: 426526
Time elapsed: 2 hour(s), 53 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:06 PM

Posted 22 February 2010 - 06:29 PM

Hi,

have you tried running gmer in safe mode? Do you ever see the menu bar of rootrepeal or does it stop initializing before that?

Rootkitscanners have to be very sensitive, sometimes they will not like a given (legit) program or some hardware configuration and won't run. If both rootrepeal and gmer won't run, we'll try different scanners. Right now it hasn't worry me too much.


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 eivac

eivac
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 22 February 2010 - 07:00 PM

Yes, I did tried to run GMER in safe mode twice but alas both time the computer stalled.

No, I did even get a chance to see the menu bar of rootrepeal. It just show the initializing window and that is it.


I would be happy to run another scan if it means it could root out more hidden pest. Could you suggest another scanner?

Thanks ...

Cheers,

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:06 PM

Posted 22 February 2010 - 07:06 PM

Hi,

then please try running Sophos ARK:
lease download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes.
  • Make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 eivac

eivac
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 22 February 2010 - 10:28 PM

I had successfully completed the Sophos Anti-rootkit.

It turns out there was no file recommended to be removed.

Below is the log file.

Do I take it that my computer passed with flying colors???

Cheers



Sophos Log file
+++++++++++++
Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 2/22/2010 at 19:58:40 PM
User "Woei Yu Choo" on computer "INSPIRON-640M"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\i386\btpanui.dll
Hidden: file C:\i386\camocx.dll
Hidden: file C:\i386\capesnpn.dll
Hidden: file C:\WINDOWS\RS9_KB933508_ENU\1043\sqlse.rll
Hidden: file C:\WINDOWS\RS9_KB933508_ENU\1046\eula.txt
Hidden: file C:\WINDOWS\RS9_KB933508_ENU\1046\finalsql2005information.rtf
Hidden: file C:\WINDOWS\RS9_KB933508_ENU\1046\hotfix.rll
Hidden: file C:\WINDOWS\RS9_KB933508_ENU\1046\sqlhotfix.chm
Hidden: file C:\WINDOWS\RS9_KB933508_ENU\1046\sqlse.rll
Hidden: file C:\Documents and Settings\Woei Yu Choo\Favorites\Old Business\Real Estate\Mississippi \Norstreet Lending and Financial Services.URL
Hidden: file C:\Documents and Settings\Woei Yu Choo\Favorites\Old Business\Real Estate\Mississippi \Envision Lending Group Learn.URL
Hidden: file C:\Documents and Settings\Woei Yu Choo\Favorites\Old Business\Real Estate\Mississippi \Norstreet Lending & Financial Services, Inc.URL
Hidden: file C:\Documents and Settings\Woei Yu Choo\Favorites\Old Business\Real Estate\Mississippi \National Registered Agents, Inc.URL
Hidden: file C:\Documents and Settings\Woei Yu Choo\Favorites\Old Business\Real Estate\Mississippi \Mississippi Development Authority.URL
Hidden: file C:\Documents and Settings\Woei Yu Choo\Favorites\Old Business\Real Estate\Mississippi \Registered Agent List.URL
Hidden: file C:\Documents and Settings\Woei Yu Choo\Favorites\Old Business\Real Estate\Mississippi \Limited Liability Company (LLC) - Form an LLC - Incorporating a Business LLC.com.URL
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Bonus-Ecourses\Home-Biz-Newsletter-Course.zip
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Buttons\flat-close-black.bmp
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Buttons\flat-close-white.bmp
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\BMP\card-envelope.bmp
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\BMP\corkboard.bmp
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\BMP\coupon.bmp
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\BMP\money.bmp
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\BMP\paper.bmp
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\BMP\post-it.bmp
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\BMP\taped-up-paper.bmp
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\GIF\card-envelope.gif
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\GIF\corkboard.gif
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\GIF\coupon.gif
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\GIF\money.gif
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\GIF\paper.gif
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\GIF\post-it.gif
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\GIF\taped-up-paper.gif
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\PSD\card-envelope.psd
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\PSD\corkboard.psd
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\PSD\coupon.psd
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\PSD\money.psd
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\PSD\paper.psd
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\PSD\post-it.psd
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\PSD\taped-up-paper.psd
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\PictoPopup-Pics\PictoPopup-Pics\PictoPopupsPics\GIF\Thumbs.db
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Templates\Popup-Templates\click-me.dpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Templates\Popup-Templates\close-btn.psd
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Templates\Popup-Templates\in-a-hurry.dpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Templates\Popup-Templates\insie-outsie.dpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Templates\Popup-Templates\now-you-see-me.dpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Templates\Popup-Templates\opening-auto-pop.dpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Templates\Popup-Templates\picto-with-optin-btns.dpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Templates\Popup-Templates\postit-close-btn.bmp
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Templates\Popup-Templates\post-it-example.gif
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Templates\Popup-Templates\simple-but-effective.dpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Templates\Popup-Templates\simple-white-dashed.dpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Templates\Popup-Templates\soccer-ball-with-close-link.dpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Templates\Popup-Templates\soccer-ball-with-close-link-Tutorial.txt
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Templates\Popup-Templates\the-classic.dpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Templates\Popup-Templates\ultra-pressure.dpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Templates\Popup-Templates\ultra-pressure-Tutorial.txt
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\DynamicPopupGenerator\DynamicPopupGenerator3-Complete-Package\DynamicPopupGenerator3-Complete-Package\DPG-Core-Files\Popup-Templates\Popup-Templates\postit.dpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedchecks\bullet-roundedchecks-aqua.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedchecks\bullet-roundedchecks-black.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedchecks\bullet-roundedchecks-blue.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedchecks\bullet-roundedchecks-lime.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedchecks\bullet-roundedchecks-orange.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedchecks\bullet-roundedchecks-pink.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedchecks\bullet-roundedchecks-purple.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedchecks\bullet-roundedchecks-red.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedchecks\bullet-roundedchecks-silver.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedchecks\bullet-roundedchecks-yellow.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedplain\bullet-roundedplain-aqua.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedplain\bullet-roundedplain-black.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedplain\bullet-roundedplain-blue.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedplain\bullet-roundedplain-lime.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedplain\bullet-roundedplain-orange.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedplain\bullet-roundedplain-pink.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedplain\bullet-roundedplain-purple.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedplain\bullet-roundedplain-red.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedplain\bullet-roundedplain-silver.jpg
Hidden: file C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\GraphicsMavericks-UltimateGraphicsPack\GraphicsMavericks-UltimateGraphicsPack\graphicspack\bullets (90)\rounded-bullets (50)\roundedplain\bullet-roundedplain-yellow.jpg
Hidden: file C:\Documents and Settings\All Users\Start Menu\Programs\Belkin\Wireless USB Adapter \Belkin Wireless Networking Utility.lnk
Stopped logging on 2/22/2010 at 21:31:00 PM

Edited by eivac, 22 February 2010 - 10:29 PM.


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:06 PM

Posted 26 February 2010 - 03:54 AM

Hi,

this is looking good, how is your PC doing? It indeed looks like you are not infected with a rootkit! thumbup2.gif

Please run a scan with Eset:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 eivac

eivac
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 02 March 2010 - 05:46 PM

Hi,

I ran Eset successfully.

Below is the log file for threats removed. But the first 18 files are my own personal files which I am very sure are safe.

Once again, thank you so much for helping

Cheers,
WY

C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\AutoYahooSetup.exe probably a variant of Win32/Agent trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\AutoYahooSetup.zip probably a variant of Win32/Agent trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\B2EBloggerSetup.exe probably a variant of Win32/TrojanDownloader.Agent trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\B2EBloggerSetup.zip probably a variant of Win32/TrojanDownloader.Agent trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\CraigsListGeniusSetup.exe probably a variant of Win32/Agent trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\CraigsListGeniusSetup.zip probably a variant of Win32/Agent trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\DrupalBloggerSetup.exe probably a variant of Win32/TrojanDownloader.Agent trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\DrupalBloggerSetup.zip probably a variant of Win32/TrojanDownloader.Agent trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\ProxyGeniusSetup.exe probably a variant of Win32/PSW.OnLineGames trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\ProxyGeniusSetup.zip probably a variant of Win32/PSW.OnLineGames trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\ShoutBoxSubmitterSetup.exe probably a variant of Win32/TrojanDownloader.Agent trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\ShoutBoxSubmitterSetup.zip probably a variant of Win32/TrojanDownloader.Agent trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\StealthAdvertiserSetup.exe probably a variant of Win32/PSW.OnLineGames trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\StealthAdvertiserSetup.zip probably a variant of Win32/PSW.OnLineGames trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\WordPressBloggerSetup.exe probably a variant of Win32/TrojanDownloader.Agent trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\WordPressBloggerSetup.zip probably a variant of Win32/TrojanDownloader.Agent trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\YouTubeGeniusSetup.exe probably a variant of Win32/Agent trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Desktop\Graphics\Graphics To Be Filed\Rights_Download\Non_Graphics\CloakerBuzz\YouTubeGeniusSetup.zip probably a variant of Win32/Agent trojan deleted - quarantined
C:\Documents and Settings\Woei Yu Choo\Local Settings\temp\ibTH.exe a variant of Win32/Kryptik.CSB trojan cleaned by deleting - quarantined
C:\Documents and Settings\Woei Yu Choo\Local Settings\Temporary Internet Files\Content.IE5\TWLJ648R\z002102807r0409R4a7a48c4X9a73f3eaYd1fb6cd8Z03008f35316P000001070[1] a variant of Win32/Kryptik.CSB trojan cleaned by deleting - quarantined
C:\Installation Disks\Pest Patrol\Pest Patrol.zip probably unknown NewHeur_PE virus deleted - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\HgQsBJjl.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\HgQsBJjl.ini2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users