newcomer_egy
2009-01-30, 23:15
I think that D:\Mail_Amal\19-9-2006.pst is a file that was created for my Outlook emails from my previous job. Nothing that needs to be saved now.
So are those two viruses harmless then?
The missing files was unbelievable...I was saving all my documents to back them up when all these funny things started to happen and did some housekeeping too. I have now found the missing files somewhere else :oops: But the formatting change is a fact; I have been saving files with part of the text in Arial 10 and the rest in Times Roman in larger fonts, and when I open them the parts that were in Arial are in Times New Roman 10! The ones I did today seem to have opened as I saved them.
Here are the OTS scan results:
OTScanIt2 logfile created on: 30/01/2009 22:36:34 - Run 2
OTScanIt2 by OldTimer - Version 1.0.7.1 Folder = C:\Documents and Settings\Amal\Desktop\Malware problem\OTScanIt2
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
495.48 Mb Total Physical Memory | 107.32 Mb Available Physical Memory | 21.66% Memory free
1.13 Gb Paging File | 0.73 Gb Available in Paging File | 64.98% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 13.03 Gb Free Space | 66.72% Space Free | Partition Type: NTFS
Drive D: | 27.83 Gb Total Space | 16.96 Gb Free Space | 60.95% Space Free | Partition Type: NTFS
Drive E: | 27.13 Gb Total Space | 24.57 Gb Free Space | 90.55% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AMAL
Current User Name: Amal
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
[Processes - Safe List]
athan.exe -> %ProgramFiles%\Athan\Athan.exe -> [2008/08/18 04:03:39 | 01,069,056 | ---- | M] (www.IslamicFinder.org)
avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH)
avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/25 22:47:19 | 00,151,297 | ---- | M] (Avira GmbH)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/12/23 18:02:02 | 00,307,704 | ---- | M] (Mozilla Corporation)
gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> [2005/07/15 23:48:33 | 00,479,232 | ---- | M] (Google Inc.)
groovemonitor.exe -> %ProgramFiles%\Microsoft Office\Office12\GrooveMonitor.exe -> [2006/10/26 23:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation)
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> [2004/10/08 02:27:22 | 00,126,976 | R--- | M] (Intel Corporation)
igfxtray.exe -> %SystemRoot%\system32\igfxtray.exe -> [2004/10/08 02:31:26 | 00,155,648 | R--- | M] (Intel Corporation)
lclock.exe -> %ProgramFiles%\LClock\LClock.exe -> [2004/09/20 00:27:46 | 00,065,536 | ---- | M] ()
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2003/12/08 14:38:52 | 00,245,760 | ---- | M] (Networks Associates Technology, Inc)
msscli.exe -> %ProgramFiles%\McAfee\McAfee AntiSpyware\Msscli.exe -> [2004/01/16 00:00:00 | 00,114,688 | ---- | M] (Network Associates, Inc.)
msssrv.exe -> %ProgramFiles%\McAfee\McAfee AntiSpyware\Msssrv.exe -> [2004/01/16 00:00:00 | 00,090,112 | ---- | M] (Network Associates, Inc.)
otscanit2.exe -> %UserProfile%\Desktop\Malware problem\OTScanIt2\OTScanIt2.exe -> [2009/01/26 12:13:22 | 00,485,376 | ---- | M] (OldTimer Tools)
pronomgr.exe -> %ProgramFiles%\Intel\NCS\PROSet\PRONoMgr.exe -> [2003/03/11 15:24:40 | 00,086,016 | ---- | M] (Intel(R) Corporation)
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2008/11/27 09:15:11 | 00,180,269 | ---- | M] (RealNetworks, Inc.)
sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/25 22:47:27 | 00,068,865 | ---- | M] (Avira GmbH)
starwindservice.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> [2005/04/02 00:51:48 | 00,217,600 | ---- | M] (Rocket Division Software)
winampa.exe -> %ProgramFiles%\Winamp\winampa.exe -> [2008/08/04 01:02:20 | 00,036,352 | ---- | M] ()
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2004/08/14 14:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation)
yahoomessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> [2009/01/08 19:38:10 | 04,363,504 | ---- | M] (Yahoo! Inc.)
[Win32 Services - Safe List]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2008/06/24 23:39:59 | 00,069,632 | ---- | M] (Adobe Systems)
(AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/25 22:47:27 | 00,068,865 | ---- | M] (Avira GmbH)
(AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/25 22:47:19 | 00,151,297 | ---- | M] (Avira GmbH)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2005/09/23 06:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2005/09/23 06:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation)
(McAfeeAntiSpyware) McAfee AntiSpyware Real-Time Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\McAfee AntiSpyware\Msssrv.exe -> [2004/01/16 00:00:00 | 00,090,112 | ---- | M] (Network Associates, Inc.)
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee.com\Agent\mcupdmgr.exe -> [2003/08/21 17:06:56 | 00,245,760 | ---- | M] (Networks Associates Technology, Inc)
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Microsoft Office\Office12\GrooveAuditService.exe -> [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation)
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> [2003/03/03 12:33:40 | 00,143,360 | ---- | M] (Intel(R) Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> [2005/04/02 00:51:48 | 00,217,600 | ---- | M] (Rocket Division Software)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/05/09 20:03:00 | 00,823,808 | ---- | M] (Microsoft Corporation)
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/04/11 13:26:56 | 00,054,272 | ---- | M] (Microsoft Corporation)
[Driver Services - Safe List]
(AFS2K) AFS2K [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AFS2K.SYS -> [2008/06/24 20:45:04 | 00,082,380 | ---- | M] (Oak Technology Inc.)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcxwdm.sys -> [2005/12/16 12:50:30 | 03,842,560 | R--- | M] (Realtek Semiconductor Corp.)
(avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> [2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> [2008/05/20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avipbb.sys -> [2008/11/26 09:53:56 | 00,075,072 | ---- | M] (Avira GmbH)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2003/03/04 05:56:26 | 00,145,408 | R--- | M] (Intel Corporation)
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> [2004/10/08 02:54:56 | 00,752,093 | R--- | M] (Intel Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/14 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> [2007/03/08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2004/08/14 14:00:00 | 00,027,440 | ---- | M] ()
(ssmdrv) ssmdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ssmdrv.sys -> [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH)
(Vax347b) Vax347b [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Vax347b.sys -> [2005/04/25 09:43:58 | 00,159,616 | ---- | M] ( )
(Vax347s) Vax347s [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Vax347s.sys -> [2004/04/30 08:33:00 | 00,005,248 | ---- | M] ( )
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2004/08/14 14:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.islamonline.com/ ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/keyword/%s ->
HKEY_CURRENT_USER\: SearchURL\\" " -> + ->
HKEY_CURRENT_USER\: SearchURL\\"#" -> %23 ->
HKEY_CURRENT_USER\: SearchURL\\"&" -> %26 ->
HKEY_CURRENT_USER\: SearchURL\\"?" -> %3F ->
HKEY_CURRENT_USER\: SearchURL\\"+" -> %2B ->
HKEY_CURRENT_USER\: SearchURL\\"provider" -> ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 12:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Amal\Application Data\Mozilla\FireFox\Profiles\5jit80nb.default\prefs.js ->
browser.search.defaultenginename -> "Google" ->
browser.search.defaulturl -> "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" ->
browser.search.selectedEngine -> "Google" ->
browser.startup.homepage -> "http://my.yahoo.com" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.5" ->
extensions.enabledItems -> filtersetg@updater:0.3.1.3 ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1 ->
extensions.enabledItems -> uploader@adblockfilters.mozdev.org:1.5+ ->
extensions.enabledItems -> ar@dictionaries.addons.mozilla.org:2.0.20080110 ->
extensions.enabledItems -> en-GB@dictionaries.addons.mozilla.org:1.19 ->
extensions.enabledItems -> {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5 ->
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{0000CC75-ACF3-4cac-A0A9-DD3868E06852} [HKLM] -> %ProgramFiles%\DAP\DAPBHO.dll [DAPHelper Class] -> [2008/08/23 07:15:26 | 00,098,304 | ---- | M] (Speedbit Ltd.)
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/07/28 12:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2006/12/18 03:16:41 | 00,059,032 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> [2005/05/31 01:04:00 | 00,853,672 | ---- | M] (Safer Networking Limited)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2006/10/26 23:48:42 | 02,210,608 | ---- | M] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 03:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2008/07/28 12:47:42 | 00,160,496 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
"{62999427-33FC-4baf-9C9C-BCE6BD127F08}" [HKLM] -> %ProgramFiles%\DAP\DAPIEBar.dll [DAP Bar] -> [2008/08/23 07:15:26 | 00,405,504 | ---- | M] ()
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 12:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 12:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"_AntiSpyware" -> %ProgramFiles%\McAfee\McAfee AntiSpyware\Msscli.exe [C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe] -> [2004/01/16 00:00:00 | 00,114,688 | ---- | M] (Network Associates, Inc.)
"Athan" -> %ProgramFiles%\Athan\Athan.exe [C:\Program Files\Athan\Athan.exe] -> [2008/08/18 04:03:39 | 01,069,056 | ---- | M] (www.IslamicFinder.org)
"avgnt" -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH)
"GrooveMonitor" -> %ProgramFiles%\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2006/10/26 23:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation)
"HotKeysCmds" -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2004/10/08 02:27:22 | 00,126,976 | R--- | M] (Intel Corporation)
"IgfxTray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2004/10/08 02:31:26 | 00,155,648 | R--- | M] (Intel Corporation)
"LClock" -> %ProgramFiles%\LClock\LClock.exe [C:\Program Files\LClock\LClock.exe] -> [2004/09/20 00:27:46 | 00,065,536 | ---- | M] ()
"MCAgentExe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [c:\PROGRA~1\mcafee.com\agent\mcagent.exe] -> [2003/12/08 14:38:52 | 00,245,760 | ---- | M] (Networks Associates Technology, Inc)
"MCUpdateExe" -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe [C:\PROGRA~1\mcafee.com\agent\McUpdate.exe] -> [2003/11/20 19:04:30 | 00,180,224 | ---- | M] (Networks Associates Technology, Inc)
"NeroFilterCheck" -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2001/07/09 11:50:42 | 00,155,648 | R--- | M] (Ahead Software Gmbh)
"PRONoMgr.exe" -> %ProgramFiles%\Intel\NCS\PROSet\PRONoMgr.exe [C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe] -> [2003/03/11 15:24:40 | 00,086,016 | ---- | M] (Intel(R) Corporation)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/01/05 16:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
"TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2008/11/27 09:15:11 | 00,180,269 | ---- | M] (RealNetworks, Inc.)
"WinampAgent" -> %ProgramFiles%\Winamp\winampa.exe ["C:\Program Files\Winamp\winampa.exe"] -> [2008/08/04 01:02:20 | 00,036,352 | ---- | M] ()
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Messenger (Yahoo!)" -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2009/01/08 19:38:10 | 04,363,504 | ---- | M] (Yahoo! Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Amal Startup Folder > -> C:\Documents and Settings\Amal\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 00,038,912 | ---- | M] ()
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoRemoteRecursiveEvents" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"NoInternetOpenWith" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"NoLowDiskSpaceChecks" -> [1] -> File not found
\\"ClearRecentDocsOnExit" -> [1] -> File not found
\\"NoSMBalloonTip" -> [0] -> File not found
\\"NoSaveSettings" -> [0] -> File not found
\\"NoSMHelp" -> [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Download with &DAP -> %ProgramFiles%\DAP\dapextie.htm [C:\PROGRA~1\DAP\dapextie.htm] -> [2008/08/23 07:15:26 | 00,001,132 | ---- | M] ()
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Download &all with DAP -> %ProgramFiles%\DAP\dapextie2.htm [C:\PROGRA~1\DAP\dapextie2.htm] -> [2008/08/23 07:15:26 | 00,000,347 | ---- | M] ()
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000] -> [2006/10/27 14:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2006/10/26 19:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2006/10/26 19:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{669695BC-A811-4A9D-8CDF-BA8C795F261C}:Exec [HKLM] -> %ProgramFiles%\DAP\DAP.exe [Button: Run DAP] -> [2008/08/23 07:15:26 | 01,254,400 | ---- | M] (Speedbit Ltd.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Button: Yahoo! Messenger] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Menu: Yahoo! Messenger] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2006/10/26 19:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{669695BC-A811-4A9D-8CDF-BA8C795F261C}" [HKLM] -> %ProgramFiles%\DAP\DAP.exe [Run DAP] -> [2008/08/23 07:15:26 | 01,254,400 | ---- | M] (Speedbit Ltd.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{A75C6120-9B36-11d4-A3F0-009027427750}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2009/01/08 19:38:10 | 04,363,504 | ---- | M] (Yahoo! Inc.)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5325 domain(s) found. ->
internet .[about] -> Trusted sites ->
mcafee.com .[http] -> Trusted sites ->
mcafee.com .[https] -> Trusted sites ->
114 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{966BD168-1E47-446C-B30B-EA5C6E5D6A8E} -> (Intel(R) PRO/100 VE Network Connection) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> [2006/07/05 08:04:16 | 01,707,008 | ---- | M] (Stacey Reid Concepts)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> [2004/10/08 02:27:00 | 00,344,064 | R--- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2006/10/26 23:48:42 | 02,210,608 | ---- | M] (Microsoft Corporation)
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}" [HKLM] -> %ProgramFiles%\McAfee\McAfee AntiSpyware\MssShell.dll [McAfee AntiSpyware Shell Extension] -> [2004/01/16 00:00:00 | 00,086,016 | ---- | M] (Network Associates, Inc.)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/14 14:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe" -> C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe [C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe:*:Enabled:Start Avira AntiVir Personal] -> [2008/06/26 09:55:59 | 00,356,609 | ---- | M] (Avira GmbH)
"C:\Program Files\Grisoft\AVG7\avgemc.exe" -> C:\Program Files\Grisoft\AVG7\avgemc.exe [C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe] -> File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> File not found
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2006/10/27 14:37:44 | 00,338,216 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2006/10/27 14:03:04 | 01,018,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook] -> [2006/10/27 14:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/05/30 14:54:14 | 21,718,312 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy] -> [2005/05/31 01:04:00 | 04,393,096 | ---- | M] (Safer Networking Limited)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2009/01/08 19:38:10 | 04,363,504 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" -> C:\Program Files\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found
"C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2004/08/14 14:00:00 | 00,083,456 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" -> C:\WINDOWS\system32\rundll32.exe [C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App] -> [2004/08/14 14:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> [2004/08/14 14:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2004/08/14 14:00:00 | 00,049,536 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2008/06/24 19:21:05 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
[Files/Folders - Created Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
Recent -> %UserProfile%\Recent -> [2009/01/30 22:07:05 | 00,000,000 | RH-D | C]
MCQ Files -> %UserProfile%\Desktop\MCQ Files -> [2009/01/28 21:28:47 | 00,000,000 | ---D | C]
rsit -> %SystemDrive%\rsit -> [2009/01/28 13:32:01 | 00,000,000 | ---D | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2009/01/28 11:06:39 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/01/28 11:06:25 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/01/28 11:06:22 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/01/28 11:06:12 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/01/28 11:06:11 | 00,000,000 | ---D | C]
Latest Mobile files (2).lnk -> %UserProfile%\Desktop\Latest Mobile files (2).lnk -> [2009/01/25 10:14:16 | 00,000,657 | ---- | C] ()
Readiris.DUS -> %UserProfile%\My Documents\Readiris.DUS -> [2009/01/24 20:26:45 | 00,235,110 | ---- | C] ()
Post 22.1.09.lnk -> %UserProfile%\Desktop\Post 22.1.09.lnk -> [2009/01/22 20:15:57 | 00,000,476 | ---- | C] ()
QuickTime -> %ProgramFiles%\QuickTime -> [2009/01/22 10:18:59 | 00,000,000 | ---D | C]
Malware problem -> %UserProfile%\Desktop\Malware problem -> [2009/01/21 21:53:58 | 00,000,000 | ---D | C]
Trend Micro -> %ProgramFiles%\Trend Micro -> [2009/01/21 21:25:09 | 00,000,000 | ---D | C]
ERDNT -> %SystemRoot%\ERDNT -> [2009/01/21 21:05:34 | 00,000,000 | ---D | C]
ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/01/21 21:04:49 | 00,000,767 | ---- | C] ()
ERUNT -> %ProgramFiles%\ERUNT -> [2009/01/21 21:03:40 | 00,000,000 | ---D | C]
Talkback -> %AppData%\Talkback -> [2009/01/21 11:45:01 | 00,000,000 | ---D | C]
DllCache -> %SystemRoot%\System32\DllCache -> [2009/01/21 06:53:57 | 00,000,000 | ---D | C]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [2009/01/20 20:01:35 | 00,000,000 | -H-D | C]
netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2009/01/20 20:00:29 | 00,332,800 | ---- | C] (Microsoft Corporation)
Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion -> [2009/01/20 15:44:52 | 00,000,000 | ---D | C]
Yahoo! -> %AppData%\Yahoo! -> [2009/01/20 15:44:52 | 00,000,000 | ---D | C]
DIC32 -> %ProgramFiles%\DIC32 -> [2009/01/20 10:51:36 | 00,000,000 | ---D | C]
Ahead -> %AppData%\Ahead -> [2009/01/20 09:54:02 | 00,000,000 | ---D | C]
TwnLib20.dll -> %SystemRoot%\System32\TwnLib20.dll -> [2009/01/20 09:49:51 | 00,106,496 | R--- | C] (Pegasus Software)
picn20.dll -> %SystemRoot%\System32\picn20.dll -> [2009/01/20 09:49:39 | 00,038,912 | ---- | C] (Pegasus Imaging Corp.)
imagr5.dll -> %SystemRoot%\System32\imagr5.dll -> [2009/01/20 09:49:35 | 00,569,344 | ---- | C] (Pegasus Software,LLC)
imagx5.dll -> %SystemRoot%\System32\imagx5.dll -> [2009/01/20 09:49:35 | 00,544,768 | ---- | C] (Pegasus Software, LLC)
ImagXpr5.dll -> %SystemRoot%\System32\ImagXpr5.dll -> [2009/01/20 09:49:34 | 00,283,920 | ---- | C] (Pegasus Software, LLC)
NeroCheck.exe -> %SystemRoot%\System32\NeroCheck.exe -> [2009/01/20 09:49:30 | 00,155,648 | R--- | C] (Ahead Software Gmbh)
Ahead -> %CommonProgramFiles%\Ahead -> [2009/01/20 09:49:30 | 00,000,000 | ---D | C]
Ahead -> %ProgramFiles%\Ahead -> [2009/01/20 09:49:23 | 00,000,000 | ---D | C]
Coaching.lnk -> %UserProfile%\Desktop\Coaching.lnk -> [2009/01/19 19:39:17 | 00,000,432 | ---- | C] ()
CoachAmal.xmind.lnk -> %UserProfile%\Desktop\CoachAmal.xmind.lnk -> [2009/01/19 19:38:34 | 00,000,646 | ---- | C] ()
UK resettlement.lnk -> %UserProfile%\Desktop\UK resettlement.lnk -> [2009/01/19 19:20:19 | 00,000,541 | ---- | C] ()
Misc. Support Library (Spybot - Search & Destroy) -> %ProgramFiles%\Misc. Support Library (Spybot - Search & Destroy) -> [2009/01/19 13:16:07 | 00,000,000 | ---D | C]
File Scanner Library (Spybot - Search & Destroy) -> %ProgramFiles%\File Scanner Library (Spybot - Search & Destroy) -> [2009/01/19 13:16:07 | 00,000,000 | ---D | C]
McAfee.com Update Check (AMAL-Amal).job -> %SystemRoot%\tasks\McAfee.com Update Check (AMAL-Amal).job -> [2009/01/19 09:51:48 | 00,000,492 | ---- | C] ()
McAfee -> %ProgramFiles%\McAfee -> [2009/01/19 09:48:14 | 00,000,000 | ---D | C]
McAfee -> %CommonProgramFiles%\McAfee -> [2009/01/19 09:48:14 | 00,000,000 | ---D | C]
why coaching.doc -> %UserProfile%\Desktop\why coaching.doc -> [2009/01/17 15:56:50 | 00,028,672 | ---- | C] ()
mcafee antispyware.job -> %SystemRoot%\tasks\mcafee antispyware.job -> [2009/01/17 13:23:33 | 00,000,360 | ---- | C] ()
McAfee(2) -> %ProgramFiles%\McAfee(2) -> [2009/01/17 13:23:06 | 00,000,000 | ---D | C]
Config.Msi -> %SystemDrive%\Config.Msi -> [2009/01/17 13:22:56 | 00,000,000 | -HSD | C]
XMind -> %AppData%\XMind -> [2009/01/16 17:03:00 | 00,000,000 | ---D | C]
XMind -> %ProgramFiles%\XMind -> [2009/01/16 16:57:15 | 00,000,000 | ---D | C]
SBSolutions -> %CommonProgramFiles%\SBSolutions -> [2009/01/09 09:10:51 | 00,000,000 | ---D | C]
eWriterPro -> %ProgramFiles%\eWriterPro -> [2009/01/09 09:03:13 | 00,000,000 | ---D | C]
ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/01/09 09:01:55 | 04,718,592 | ---- | C] ()
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [2009/01/09 09:01:33 | 00,000,000 | ---D | C]
eBookPro6 -> %AppData%\eBookPro6 -> [2009/01/04 22:45:57 | 00,000,000 | ---D | C]
[Files/Folders - Modified Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
74 C:\Documents and Settings\Amal\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Amal\Local Settings\Temp\*.tmp ->
74 C:\Documents and Settings\Amal\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Amal\Local Settings\Temp\*.tmp ->
McAfee.com Update Check (AMAL-Amal).job -> %SystemRoot%\tasks\McAfee.com Update Check (AMAL-Amal).job -> [2009/01/30 22:37:00 | 00,000,492 | ---- | M] ()
Perflib_Perfdata_7e4.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_7e4.dat -> [2009/01/30 22:07:21 | 00,016,384 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/01/30 22:07:05 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/01/30 22:07:01 | 00,002,048 | --S- | M] ()
ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/01/30 18:07:33 | 04,718,592 | ---- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/01/30 18:07:20 | 00,000,178 | -HS- | M] ()
sfdb.dat -> %UserProfile%\Local Settings\Temp\jkos-Amal\engine\bases\sfdb.dat -> [2009/01/29 17:08:11 | 00,000,084 | ---- | M] ()
kosglue-7.0.25.0.dll -> %UserProfile%\Local Settings\Temp\jkos-Amal\binaries\kosglue-7.0.25.0.dll -> [2009/01/29 15:31:32 | 00,729,152 | ---- | M] (Kaspersky Lab)
prLoader.dll -> %UserProfile%\Local Settings\Temp\jkos-Amal\binaries\prLoader.dll -> [2009/01/29 15:31:31 | 00,184,320 | ---- | M] (Kaspersky Lab)
prremote.dll -> %UserProfile%\Local Settings\Temp\jkos-Amal\binaries\prremote.dll -> [2009/01/29 15:31:31 | 00,090,112 | ---- | M] (Kaspersky Lab)
msvcr80.dll -> %UserProfile%\Local Settings\Temp\jkos-Amal\binaries\msvcr80.dll -> [2009/01/29 15:31:30 | 00,626,688 | ---- | M] (Microsoft Corporation)
msvcp80.dll -> %UserProfile%\Local Settings\Temp\jkos-Amal\binaries\msvcp80.dll -> [2009/01/29 15:31:30 | 00,548,864 | ---- | M] (Microsoft Corporation)
kave.dll -> %UserProfile%\Local Settings\Temp\jkos-Amal\binaries\kave.dll -> [2009/01/29 15:31:29 | 00,282,624 | ---- | M] (Kaspersky Lab.)
ikave.dll -> %UserProfile%\Local Settings\Temp\jkos-Amal\binaries\ikave.dll -> [2009/01/29 15:31:29 | 00,065,536 | ---- | M] ()
ScanningProcess.exe -> %UserProfile%\Local Settings\Temp\jkos-Amal\binaries\ScanningProcess.exe -> [2009/01/29 15:31:26 | 00,139,264 | ---- | M] (Kaspersky Lab.)
FSSync.dll -> %UserProfile%\Local Settings\Temp\jkos-Amal\binaries\FSSync.dll -> [2009/01/29 15:31:25 | 00,038,400 | ---- | M] (Kaspersky Lab)
msvcm80.dll -> %UserProfile%\Local Settings\Temp\jkos-Amal\binaries\msvcm80.dll -> [2009/01/29 15:31:24 | 00,479,232 | ---- | M] (Microsoft Corporation)
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/01/29 09:45:20 | 00,000,284 | ---- | M] ()
Latest Mobile files (2).lnk -> %UserProfile%\Desktop\Latest Mobile files (2).lnk -> [2009/01/25 10:14:16 | 00,000,657 | ---- | M] ()
Readiris.DUS -> %UserProfile%\My Documents\Readiris.DUS -> [2009/01/24 23:51:04 | 00,235,110 | ---- | M] ()
Post 22.1.09.lnk -> %UserProfile%\Desktop\Post 22.1.09.lnk -> [2009/01/22 20:15:57 | 00,000,476 | ---- | M] ()
ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/01/21 21:04:49 | 00,000,767 | ---- | M] ()
Coaching.lnk -> %UserProfile%\Desktop\Coaching.lnk -> [2009/01/20 15:39:01 | 00,000,432 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/01/20 15:17:59 | 00,009,728 | ---- | M] ()
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [2009/01/20 15:07:55 | 00,000,075 | ---- | M] ()
CoachAmal.xmind.lnk -> %UserProfile%\Desktop\CoachAmal.xmind.lnk -> [2009/01/19 19:38:34 | 00,000,646 | ---- | M] ()
UK resettlement.lnk -> %UserProfile%\Desktop\UK resettlement.lnk -> [2009/01/19 19:20:19 | 00,000,541 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/01/19 09:29:37 | 00,002,206 | ---- | M] ()
why coaching.doc -> %UserProfile%\Desktop\why coaching.doc -> [2009/01/17 15:56:36 | 00,028,672 | ---- | M] ()
mcafee antispyware.job -> %SystemRoot%\tasks\mcafee antispyware.job -> [2009/01/17 13:23:36 | 00,000,360 | ---- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
opa12.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [2008/06/25 08:58:01 | 00,008,206 | ---- | M] ()
OSETUPUI.DLL -> %UserProfile%\Local Settings\Temp\Setup000008d4\OSETUPUI.DLL -> [2006/10/28 01:14:30 | 00,184,632 | R--- | M] (Microsoft Corporation)
OSETUPUI.DLL -> %UserProfile%\Local Settings\Temp\Setup00000170\OSETUPUI.DLL -> [2006/10/28 01:14:30 | 00,184,632 | R--- | M] (Microsoft Corporation)
ose00000.exe -> %UserProfile%\Local Settings\Temp\ose00000.exe -> [2006/10/28 01:14:30 | 00,145,184 | R--- | M] (Microsoft Corporation)
hpuninstaller.exe -> %UserProfile%\Local Settings\Temp\hpuninstaller.exe -> [2006/01/30 18:00:00 | 00,217,088 | R--- | M] ()
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
scan completed successfully
hidden files: 5
< End of report >
Anything there?