Malwarebytes Forum > Hard drive space decreasing

Full Version: Hard drive space decreasing

Malwarebytes Forum > Computer Help > Malware Removal - HijackThis Logs

Azlan

Apr 22 2009, 10:11 AM

OK, I have 67GB of hard drive space on my C Drive, I used until 17 GB left, then day after day, it keeps decreasing.. I did not download anything... until 7 GB left.. So i use my TuneUp Utilities 2009 and defragged C drive.. After defragged. C drive left with 16GB... then, today i turn on my computer its 13GB.. Why does it decrease?

MBAM log

Malwarebytes' Anti-Malware 1.36
Database version: 2024
Windows 6.0.6001 Service Pack 1

22/4/2009 6:09:42 PM
mbam-log-2009-04-22 (18-09-33).txt

Scan type: Quick Scan
Objects scanned: 64286
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:48 PM, on 22/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9208 bytes

AdvancedSetup

Apr 24 2009, 09:35 AM

You need to tell MBAM to fix it. The log shows you chose not to allow MBAM to fix it.

There are a lot of dynamic things going on that use space, but that may be excessive.

Please run the following.

Please download to your Desktop: Dr.Web CureIt

After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
Once the short scan has finished, Click on the Complete scan radio button.
Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
On the File types tab ensure you select All files
Click on the Actions tab and set the following:
- Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
- Infected packages Archive = Move, E-mails = Report, Containers = Move
- Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
- Do not change the Rename extension - default is: #??
- Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
- Leave prompt on Action checked
On the Log file tab leave the Log to file checked.
Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log
Log mode = Append
Encoding = ANSI
Details Leave Names of file packers and Statistics checked.
Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.
On the General tab leave the Scan Priority on High
Click the Apply button at the bottom, and then the OK button.
On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.
In this mode it will scan Boot sectors of all disks, All removable media, and all local drives
The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.
When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.
Click 'Yes to all' if it asks if you want to cure/move the files.
This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your Desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.

Azlan

Apr 24 2009, 01:00 PM

Ok, ill let MBAM do that..

and im going to download cureit

Azlan

Apr 24 2009, 02:09 PM

Dr.WEB did not detect anything

I already deleted the vundo from Malwarebytes

And suddenly i lost 1GB (from 13 GB to 12 GB)

Malwarebytes' Anti-Malware 1.36
Database version: 2036
Windows 6.0.6001 Service Pack 1

24/4/2009 9:05:28 PM
mbam-log-2009-04-24 (21-05-28).txt

Scan type: Quick Scan
Objects scanned: 66667
Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

The SAVE REPORT LIST is grayed out. i cant click it..

LATEST HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:20 PM, on 24/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe
C:\Program Files\TechSmith\Camtasia Studio 6\TscHelp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9133 bytes

What do i do next?

Azlan

Apr 25 2009, 01:51 AM

Anyway, i somehow founded the log on MY COMPUTER

Its text document is 8.05 mb large..

its too long to paste it here so i uploaded it to rapidshare

I cant use the ATTACHMENTS coz max upload is 500K

CURE IT LOG

AdvancedSetup

Apr 25 2009, 02:09 AM

STEP 01

Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

STEP 02

Please create a BOOTLOG

If the following file exists please delete it: C:\Windows\ntbtlog.txt
Restart the computer and press F8 when Windows start booting. This will bring up the startup options.
Select "Enable Boot Logging" option and press enter.
Windows prompts you to select a Windows Installation (even if there is only one windows installation)
This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows

If you're already running inside Windows you can enable it the following way.
Click on START - RUN and type in MSCONFIG go to the BOOT.INI tab and place a check mark by /BOOTLOG
Click on OK and you will be prompted to RESTART Windows. Please do restart now.
After Windows restarts open the file C:\Windows\ntbtlog.txt with Notepad
From the Edit menu choose Select All then Edit, COPY and post that back on your next reply.
NOTE: If the file is over about 150 lines or so then DELETE the C:\Windows\ntbtlog.txt file and restart the computer and post the NEW one it creates.
NOTE: Vista users can type in the Search and it will show on the menu, then Right click and choose Run as Adminsitrator
The tab is called BOOT on Vista. Then choose Boot log

STEP 03
RootRepeal - Rootkit Detector

Please download the following tool: RootRepeal - Rootkit Detector
Direct download link is here: RootRepeal.rar
If you don't already have a program to open a .RAR compressed file you can download a trial version from here: WinRAR
Extract the program file to a new folder such as C:\RootRepeal
Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button
Select ALL of the checkboxes and then click OK and it will start scanning your system.
If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
When done, click on Save Report
Save it to the same location where you ran it from, such as C:\RootRepeal
Save it as your_name_rootrepeal.txt - where your_name is your forum name
This makes it more easy to track who the log belongs to.
Then open that log and select all and copy/paste it back on your next reply please.
Quit the RootRepeal program.

Azlan

Apr 25 2009, 03:22 AM

STEP 1 DONE.. Here's the log

ComboFix 09-04-25.03 - Mahmud65 25/04/2009 11:12.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.60.1033.18.2551.1437 [GMT 8:00]
Running from: c:\users\Mahmud65\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.

2009-04-24 13:10 . 2009-04-24 13:10 -------- d-----w c:\users\Mahmud65\DoctorWeb
2009-04-22 10:04 . 2009-04-06 07:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-22 10:04 . 2009-04-06 07:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 01:25 . 2009-04-19 01:25 -------- d-----w c:\users\Mahmud65\AppData\Roaming\GTek
2009-04-16 07:21 . 2009-04-16 07:21 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-04-16 07:21 . 2009-04-16 07:21 56 ---ha-w c:\programdata\ezsidmv.dat
2009-04-16 07:21 . 2009-04-16 07:21 -------- d-----w c:\users\Mahmud65\AppData\Roaming\skypePM
2009-04-16 07:18 . 2009-04-16 07:32 -------- d-----w c:\users\All Users\Skype
2009-04-16 07:18 . 2009-04-16 07:32 -------- d-----w c:\programdata\Skype
2009-04-16 06:04 . 2009-04-07 13:25 100944 ----a-w c:\windows\system32\drivers\VBoxDrv.sys
2009-04-16 06:03 . 2009-04-07 13:25 41424 ----a-w c:\windows\system32\drivers\VBoxUSBMon.sys
2009-04-07 13:25 . 2009-04-07 13:25 79888 ----a-w c:\windows\system32\drivers\VBoxNetAdp.sys
2009-03-30 02:16 . 2009-03-30 02:16 -------- d-----w c:\users\Mahmud65\AppData\Local\Turbo_Tube
2009-03-28 04:54 . 2009-03-28 04:54 -------- d-----w c:\users\Mahmud65\AppData\Roaming\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 03:16 . 2008-09-11 06:41 -------- d-----w c:\users\Mahmud65\AppData\Roaming\Free Download Manager
2009-04-25 01:20 . 2008-09-11 06:15 -------- d-----w c:\programdata\Kaspersky Lab
2009-04-24 14:20 . 2008-09-11 06:15 4312 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-24 14:20 . 2008-09-11 06:15 647200 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-24 14:20 . 2008-09-11 06:15 4691488 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-24 14:20 . 2008-09-11 06:15 39828 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-24 13:30 . 2008-09-25 13:34 -------- d-----w c:\programdata\Google Updater
2009-04-22 11:16 . 2008-10-24 14:31 -------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 1
2009-04-22 10:04 . 2009-04-22 10:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 01:25 . 2007-04-13 13:26 -------- d-----w c:\program files\Hp
2009-04-19 01:24 . 2007-04-13 13:05 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-19 01:23 . 2007-04-13 12:51 -------- d-----w c:\program files\Hewlett-Packard
2009-04-16 06:17 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-16 06:17 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-16 06:17 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-16 03:17 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 03:13 . 2008-09-11 11:33 -------- d-----w c:\programdata\Microsoft Help
2009-03-30 07:41 . 2008-09-30 08:24 -------- d-----w c:\users\Mahmud65\AppData\Roaming\ZoomBrowser EX
2009-03-30 07:41 . 2008-09-30 08:22 -------- d-----w c:\programdata\ZoomBrowser
2009-03-30 04:46 . 2009-03-30 04:46 -------- d-----w c:\program files\Turbo Tube
2009-03-28 04:51 . 2008-01-29 10:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-28 04:51 . 2008-09-11 06:16 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-28 04:51 . 2008-09-11 06:16 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-28 02:37 . 2008-11-19 13:41 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-28 02:36 . 2009-03-28 02:36 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-25 07:06 . 2007-04-13 13:19 -------- d-----w c:\program files\Java
2009-03-21 11:08 . 2009-03-21 11:07 -------- d-----w c:\users\Mahmud65\AppData\Roaming\ManyCam
2009-03-18 09:36 . 2008-12-23 04:22 -------- d-----w c:\program files\McAfee
2009-03-17 03:38 . 2009-04-16 03:10 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 03:10 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 03:10 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-10 12:41 . 2008-09-11 06:40 -------- d-----w c:\program files\Free Download Manager
2009-03-10 12:40 . 2009-03-10 12:40 -------- d-----w c:\programdata\FreeDownloadManager.ORG
2009-03-08 21:19 . 2008-12-06 04:25 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-05 07:48 . 2009-03-05 07:48 53248 ----a-w c:\users\Mahmud65\lametritonus_en.dll
2009-03-05 07:48 . 2009-03-05 07:48 162304 ----a-w c:\users\Mahmud65\lame_enc_en.dll
2009-03-04 13:14 . 2008-10-21 09:26 680 ----a-w c:\users\Mahmud65\AppData\Local\d3d9caps.dat
2009-03-03 04:46 . 2009-04-16 03:10 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 03:10 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 03:10 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-16 03:10 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 03:10 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 03:10 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 03:10 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 03:10 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 03:10 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-16 03:10 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 03:10 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 03:10 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-16 03:10 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-16 03:10 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-16 03:10 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 06:24 2033152 ----a-w c:\windows\System32\win32k.sys
2009-01-30 09:24 . 2009-02-15 01:09 14600 ----a-w c:\windows\Help\OEM\scripts\HC_InstallHPHC.exe
2009-01-29 01:49 . 2008-11-10 07:54 1024 ----a-w C:\.rnd
2008-10-18 04:49 . 2008-10-18 04:49 96 ----a-w c:\users\Mahmud65\AppData\Local\fusioncache.dat
2008-10-15 05:47 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2008-09-17 10:41 . 2008-09-17 10:41 9 ----a-w c:\program files\CD04.txt
2008-09-12 02:21 . 2008-09-10 04:26 101560 ----a-w c:\users\Mahmud65\AppData\Local\GDIPFONTCACHEV1.DAT
2008-09-22 21:39 . 2008-09-15 23:26 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-09-22 21:39 . 2008-09-15 23:26 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-09-22 21:39 . 2008-09-15 23:26 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-12-15 13:45 . 2008-12-15 13:45 22 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-30 3399727]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-03-28 206088]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-07 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-08 75008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-9-10 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 04:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SnagIt 9.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 9.lnk
backup=c:\windows\pss\SnagIt 9.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3758004346-2321403008-2544184651-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8E4BFA68-A479-466C-A313-93869D446458}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1E0EF0F6-53D1-4D97-AEA3-EDBC3E64C682}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{C4A74342-DAF8-4BF6-9D1A-A3B6E23FB78A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{243A8785-FBF1-4D79-8645-A0EB1F967F78}c:\\users\\mahmud65\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:c:\users\mahmud65\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"UDP Query User{C478EF36-5A65-4D9F-B555-41D43BC07F9A}c:\\users\\mahmud65\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:c:\users\mahmud65\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"{B1C0EDE9-326F-429F-8369-98BD944138CC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9CCF7EE9-1973-4094-B1F6-509E5F09F2A7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{4ED24D8C-8442-478B-97A9-022DCC431EDA}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{04CA93A3-0D73-4AF1-B71D-7DD3F7C635E3}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"TCP Query User{3A84168A-2002-4AD4-A408-CD68792EDDEB}c:\\users\\mahmud65\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:c:\users\mahmud65\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"UDP Query User{2CEC087A-FFEC-4AC1-904C-30D89DBFC756}c:\\users\\mahmud65\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:c:\users\mahmud65\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"TCP Query User{67F4C26C-71D0-4F64-9703-42DFFA3A4DC4}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{AE2F070C-84A5-4D9D-963F-F38C26715D53}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-12-10 7808]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-04-07 79888]
R3 VBoxNetFlt;VBoxNetFlt Service; [x]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-03-28 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-14 603904]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-04-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2009-04-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-10 13:22]

2009-04-25 c:\windows\Tasks\User_Feed_Synchronization-{A3972AAF-9960-4D4B-AFC1-B460C4F5BDE2}.job
- c:\windows\system32\msfeedssync.exe [2008-09-22 07:33]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mahmud65\AppData\Roaming\Mozilla\Firefox\Profiles\upc0u9a0.default\
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npOGAPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-connections-per-server - 8
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 11:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-04-25 11:18
ComboFix-quarantined-files.txt 2009-04-25 03:18

Pre-Run: 12,839,059,456 bytes free
Post-Run: 13,013,438,464 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
249 --- E O F --- 2009-04-24 07:45

HJT Log after running combofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:37 AM, on 25/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8247 bytes

Azlan

Apr 25 2009, 03:39 AM

Its too large, cant be uploaded here, so i uploaded to RAPIDSHARE

BOOTLOG

running RootReapeal

Azlan

Apr 25 2009, 04:04 AM

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/04/25 11:44
Program Version: Version 1.2.3.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8FB6D000 Size: 45056 File Visible: No
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x8FB78000 Size: 40960 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA8F6F000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{04bc782c-3137-11de-b8b2-001b383561aa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0555c5bc-2e3c-11de-aa19-001b383561aa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2faa1e81-30a0-11de-95e5-001b383561aa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\sqlite_8uOqfuhgtd9Ssl3
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\sqlite_dqbiyVrM2OvI8gB
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\sqlite_tZMqHGUcChXrX7a
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\System32\migration\WININE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\spool\SpoolerETW.etl
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\System32\wfp\wfpdiag.etl
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: C:\WINDOWS\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\inf\.NET CLR Networking\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.c
at
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d
131.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e2
0e9863b4.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a898
0e994a5d.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053
e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df5
6e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c
0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949
b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8d
d7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c
.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed
.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc
0ea08098.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a
620671dde41.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365
.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8
.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cd
a6db.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16762_none_c7e05da6c10537b1\$$DeleteMe.sortkey.nlp.01c989b1eb48450d.0007
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16762_none_c7e05da6c10537b1\$$DeleteMe.sorttbls.nlp.01c989b1eb3c5e2d.0006
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_3fd0636ec44d63f6\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_408173e9dd4c5e75\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18000_none_42004f0ec13d017b\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_41c472dec16924fb\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_4231a10dda9b7df4\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\WININE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_en-us_0186d9b7953a1394\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_en-us_0186d9b7953a1394\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_en-us_01d297d8ae85a709\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_en-us_01d297d8ae85a709\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_0382b64f92506f7c\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_0382b64f92506f7c\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18111_en-us_0378e8939257a1eb\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18111_en-us_0378e8939257a1eb\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.22230_en-us_03ebe53cab866040\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.22230_en-us_03ebe53cab866040\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_b9851a92245b1b73\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_b9851a92245b1b73\TRACKI~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_b9c9d6ad3dacfd87\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_b9c9d6ad3dacfd87\TRACKI~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_bb6355022188e485\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_bb6355022188e485\TRACKI~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_bb08077221cc7808\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_bb08077221cc7808\TRACKI~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_bbf4f6033a9f4c2e\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_bbf4f6033a9f4c2e\TRACKI~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.18111_none_9b0ca09d90c9622c\GroupedProviders.xml
Status: Allocation size mismatch (API: 4096, Raw: 320)

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_config_b03f5f7f11d50a3a_6.0.6000.16386_none_d1129ede7c0334a0\Aspnet.config
Status: Allocation size mismatch (API: 4096, Raw: 328)

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.16720_none_62b207ce0c996d96\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.20883_none_4bea1e72263bb289\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.18111_none_628cec840ceb7a37\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.22230_none_4bc15d202690f34a\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.16720_none_c39efe8a3f927437\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.20883_none_acd7152e5934b92a\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.18111_none_c379e3403fe480d8\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.22230_none_acae53dc5989f9eb\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-config_files_.._regsvcs_exe_config_31bf3856ad364e35_6.0.6000.16386_none_573a9d45
8bd09583\regsvcs.exe.config
Status: Allocation size mismatch (API: 4096, Raw: 360)

Path: C:\WINDOWS\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_f49cbb9015dc43b3\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ddd4d2342f7e88a6\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_f477a046162e5054\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ddac10e22fd3c967\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18000_none_f54adc8015a95fda\MACHIN~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18000_none_f54adc8015a95fda\MACHIN~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18111_none_f54bc5de15a89323\MACHIN~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18111_none_f54bc5de15a89323\MACHIN~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.22230_none_de80367a2f4e0c36\MACHIN~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.22230_none_de80367a2f4e0c36\MACHIN~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.16720_none_7081409dee51e2d7\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.20883_none_59b9574207f427ca\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.18111_none_705c2553eea3ef78\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6001.18111_none_fbec0de7b7901200\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6001.18111_none_fbec0de7b7901200\GLOBAL~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7b4eba45cecd6936\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.20883_none_6486d0e9e86fae29\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7b299efbcf1f75d7\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.22230_none_645e0f97e8c4eeea\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.1638
6_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6000.16708_none_c29392a082f7409d\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6000.20864_none_c2d84ebb9c4922b1\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6001.18000_none_c471cd10802509af\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6001.18096_none_c4167f8080689d32\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6001.22208_none_c5036e11993b7158\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6000.16708_none_4c6d3f4bfe5170cb\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6000.20864_none_4cb1fb6717a352df\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6001.18096_none_4df02c2bfbc2cd60\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6001.22208_none_4edd1abd1495a186\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6000.16708_none_319b7f14a2b4f78c\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6000.20864_none_31e03b2fbc06d9a0\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6001.18096_none_331e6bf4a0265421\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.16708_none_7fdeb5cb1f6006f4\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.20864_none_802371e638b1e908\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18000_none_0b69c31f4f19b995\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6000.16720_none_6bfcb0a8ef8c6f2e\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6000.20883_none_5534c74d092eb421\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6001.18000_none_6bd6ac00efdf4886\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6001.18111_none_6bd7955eefde7bcf\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6001.22230_none_550c05fb0983f4e2\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16386_none_c7e203aac103cf9f\$$DeleteMe.sortkey.nlp.01c989b1eb48450d.0007
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16386_none_c7e203aac103cf9f\$$DeleteMe.sorttbls.nlp.01c989b1eb3c5e2d.0006
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16720_none_c7dc8a0ec1089f13\$$DeleteMe.sortkey.nlp.01c989b1eb48450d.0007
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16720_none_c7dc8a0ec1089f13\$$DeleteMe.sorttbls.nlp.01c989b1eb3c5e2d.0006
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\WININE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.18096_none_8161a2ab1cd16389\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6000.16720_none_c214589825a8fd4b\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6000.20883_none_ab4c6f3c3f4b423e\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6001.18000_none_c1ee53f025fbd6a3\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6001.18111_none_c1ef3d4e25fb09ec\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6001.22230_none_ab23adea3fa082ff\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6001.22230_none_e5207e83d1358b13\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6001.22230_none_e5207e83d1358b13\GLOBAL~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16386_none_aeeac68618bdfb0e\headerGRADIENT_Tall.gif
Status: Allocation size mismatch (API: 4096, Raw: 328)

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16386_none_aeeac68618bdfb0e\image2.gif
Status: Allocation size mismatch (API: 4096, Raw: 592)

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\headerGRADIENT_Tall.gif
Status: Allocation size mismatch (API: 4096, Raw: 328)

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\image2.gif
Status: Allocation size mismatch (API: 4096, Raw: 592)

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16386_none_9b37358390728617\GroupedProviders.xml
Status: Allocation size mismatch (API: 4096, Raw: 320)

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_config_b03f5f7f11d50a3a_6.0.6000.20883_none_ba453be695aa4907\Aspnet.config
Status: Allocation size mismatch (API: 4096, Raw: 328)

Path: C:\WINDOWS\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6000.16720_none_96e889a4e6710a32\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6000.20883_none_8020a04900134f25\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6001.18000_none_96c284fce6c3e38a\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6001.18111_none_96c36e5ae6c316d3\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6001.22230_none_7ff7def700688fe6\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7cb07809421da431\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.20883_none_65e88ead5bbfe924\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7c8b5cbf426fb0d2\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.22230_none_65bfcd5b5c1529e5\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\CHOOSE~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\PROVID~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\CHOOSE~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\PROVID~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\CHOOSE~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\PROVIProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\audiodg.exe
PID: 1256 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: winlogon.exe]
Process: svchost.exe (PID: 1080) Address: 0x00970000 Size: 323584

Object: Hidden Module [Name: winlogon.exe]
Process: svchost.exe (PID: 1080) Address: 0x00ef0000 Size: 323584

Object: Hidden Module [Name: WinMgmtR.dll]
Process: svchost.exe (PID: 1080) Address: 0x72260000 Size: 8192

Object: Hidden Module [Name: tquery.dll]
Process: svchost.exe (PID: 1080) Address: 0x72660000 Size: 1589248

Object: Hidden Module [Name: profsvc.dll]
Process: svchost.exe (PID: 1080) Address: 0x74560000 Size: 163840

Object: Hidden Module [Name: schedsvc.dll]
Process: svchost.exe (PID: 1080) Address: 0x73d40000 Size: 606208

Object: Hidden Module [Name: wevtapi.dll]
Process: svchost.exe (PID: 1080) Address: 0x75bc0000 Size: 258048

Object: Hidden Module [Name: HP.ActiveSupportLibrary.dll]
Process: hphc_service.exe (PID: 3796) Address: 0x009c0000 Size: 110592

Object: Hidden Code [ETHREAD: 0x84bcf5f8]
Process: System Address: 0x8a261c38 Size: -

Object: Hidden Code [ETHREAD: 0x84bf42d8]
Process: System Address: 0x816efa70 Size: -

Object: Hidden Code [ETHREAD: 0x84bf5d78]
Process: System Address: 0x84bf5f6c Size: -

Object: Hidden Code [ETHREAD: 0x84bf5ad0]
Process: System Address: 0xc8330360 Size: -

Object: Hidden Code [ETHREAD: 0x84bf5828]
Process: System Address: 0x8be9a8a0 Size: -

Object: Hidden Code [ETHREAD: 0x84bf5580]
Process: System Address: 0x84bf5774 Size: -

AdvancedSetup

Apr 25 2009, 06:40 AM

Please delete the bootlog file. Then restart the computer and upload the NEW one that is created.

Then close ALL other applications including all the ones in the task tray that will close, then run Root Repeal again please.

Azlan

Apr 25 2009, 08:42 AM

QUOTE (AdvancedSetup @ Apr 25 2009, 02:40 PM)

Should i disable my antivirus and close my web browser while doing Root Repeal?

Azlan

Apr 25 2009, 08:48 AM

Service Pack 1 4 25 2009 16:44:24.359
Loaded driver \SystemRoot\system32\ntkrnlpa.exe
Loaded driver \SystemRoot\system32\hal.dll
Loaded driver \SystemRoot\system32\kdcom.dll
Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
Loaded driver \SystemRoot\system32\PSHED.dll
Loaded driver \SystemRoot\system32\BOOTVID.dll
Loaded driver \SystemRoot\system32\CLFS.SYS
Loaded driver \SystemRoot\system32\CI.dll
Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
Loaded driver \SystemRoot\system32\drivers\acpi.sys
Loaded driver \SystemRoot\system32\drivers\WMILIB.SYS
Loaded driver \SystemRoot\system32\drivers\msisadrv.sys
Loaded driver \SystemRoot\system32\drivers\pci.sys
Loaded driver \SystemRoot\System32\drivers\partmgr.sys
Loaded driver \SystemRoot\system32\DRIVERS\compbatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\BATTC.SYS
Loaded driver \SystemRoot\system32\drivers\volmgr.sys
Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
Loaded driver \SystemRoot\system32\drivers\intelide.sys
Loaded driver \SystemRoot\system32\drivers\PCIIDEX.SYS
Loaded driver \SystemRoot\system32\DRIVERS\pcmcia.sys
Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
Loaded driver \SystemRoot\system32\drivers\atapi.sys
Loaded driver \SystemRoot\system32\drivers\ataport.SYS
Loaded driver \SystemRoot\system32\drivers\msahci.sys
Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
Loaded driver \SystemRoot\system32\drivers\klbg.sys
Loaded driver \SystemRoot\System32\Drivers\PxHelp20.sys
Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
Loaded driver \SystemRoot\system32\drivers\ndis.sys
Loaded driver \SystemRoot\system32\drivers\msrpc.sys
Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
Loaded driver \SystemRoot\System32\drivers\tcpip.sys
Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys
Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
Loaded driver \SystemRoot\system32\drivers\volsnap.sys
Loaded driver \SystemRoot\System32\Drivers\spldr.sys
Loaded driver \SystemRoot\System32\Drivers\mup.sys
Loaded driver \SystemRoot\System32\drivers\ecache.sys
Loaded driver \SystemRoot\system32\drivers\disk.sys
Loaded driver \SystemRoot\system32\drivers\CLASSPNP.SYS
Loaded driver \SystemRoot\system32\drivers\crcdisk.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunnel.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunmp.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\System32\drivers\dxgkrnl.sys
Loaded driver \SystemRoot\system32\DRIVERS\igdkmd32.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\NETw5v32.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\klfltdev.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\SynTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
Loaded driver \SystemRoot\system32\DRIVERS\cpqbttn.sys
Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys
Loaded driver \SystemRoot\system32\DRIVERS\VMNetSrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\msiscsi.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\rassstp.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\umbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\CHDRT32.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSX_DPV.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
Loaded driver \SystemRoot\system32\drivers\modem.sys
Loaded driver \SystemRoot\system32\DRIVERS\klif.sys
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\system32\drivers\rdpencdd.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\tdx.sys
Loaded driver \SystemRoot\system32\DRIVERS\smb.sys
Loaded driver \SystemRoot\system32\DRIVERS\kl1.sys
Loaded driver \SystemRoot\system32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\system32\DRIVERS\pacer.sys
Loaded driver \SystemRoot\system32\DRIVERS\klim6.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\eabfiltr.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \??\C:\Windows\system32\Drivers\vmm.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\drivers\nsiproxy.sys
Loaded driver \SystemRoot\System32\Drivers\dfsc.sys
Loaded driver \SystemRoot\system32\DRIVERS\monitor.sys
Loaded driver \SystemRoot\system32\drivers\luafv.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\system32\DRIVERS\lltdio.sys
Loaded driver \SystemRoot\system32\DRIVERS\nwifi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Loaded driver \SystemRoot\system32\DRIVERS\rspndr.sys
Loaded driver \SystemRoot\system32\drivers\HTTP.sys
Loaded driver \SystemRoot\System32\DRIVERS\srvnet.sys
Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys
Loaded driver \SystemRoot\System32\drivers\mpsdrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb10.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb20.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv2.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Did not load driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys
Loaded driver \SystemRoot\system32\drivers\peauth.sys
Loaded driver \SystemRoot\System32\Drivers\secdrv.SYS
Loaded driver \SystemRoot\System32\drivers\tcpipreg.sys
Loaded driver \SystemRoot\system32\DRIVERS\xaudio.sys
Loaded driver \SystemRoot\system32\DRIVERS\asyncmac.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdfs.sys

Azlan

Apr 25 2009, 09:15 AM

Ok, ran Root Repeal. no application is running, web browser closed. Basically nothing in the task tray. heres the log

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/04/25 16:50
Program Version: Version 1.2.3.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x90B72000 Size: 45056 File Visible: No
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x90B7D000 Size: 40960 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA8D7A000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{04bc782c-3137-11de-b8b2-001b383561aa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0555c5bc-2e3c-11de-aa19-001b383561aa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2faa1e81-30a0-11de-95e5-001b383561aa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\sqlite_32Pz71fu1OQXL1F
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\sqlite_3Fnu3xXKsoI2e2r
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\sqlite_wh7JisvdVIXAuzS
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\sqlite_Zc0K7YK7ZvffrkW
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\System32\migration\WININE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\wfp\wfpdiag.etl
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: C:\WINDOWS\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\inf\.NET CLR Networking\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.c
at
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d
131.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e2
0e9863b4.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a898
0e994a5d.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053
e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df5
6e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c
0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949
b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8d
d7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c
.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed
.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc
0ea08098.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a
620671dde41.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365
.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8
.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cd
a6db.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16762_none_c7e05da6c10537b1\$$DeleteMe.sortkey.nlp.01c989b1eb48450d.0007
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16762_none_c7e05da6c10537b1\$$DeleteMe.sorttbls.nlp.01c989b1eb3c5e2d.0006
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_3fd0636ec44d63f6\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_408173e9dd4c5e75\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18000_none_42004f0ec13d017b\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_41c472dec16924fb\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_4231a10dda9b7df4\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\WININE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_en-us_0186d9b7953a1394\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_en-us_0186d9b7953a1394\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_en-us_01d297d8ae85a709\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_en-us_01d297d8ae85a709\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_0382b64f92506f7c\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_0382b64f92506f7c\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18111_en-us_0378e8939257a1eb\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18111_en-us_0378e8939257a1eb\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.22230_en-us_03ebe53cab866040\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.22230_en-us_03ebe53cab866040\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_b9851a92245b1b73\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_b9851a92245b1b73\TRACKI~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_b9c9d6ad3dacfd87\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_b9c9d6ad3dacfd87\TRACKI~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_bb6355022188e485\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_bb6355022188e485\TRACKI~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_bb08077221cc7808\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_bb08077221cc7808\TRACKI~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_bbf4f6033a9f4c2e\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_bbf4f6033a9f4c2e\TRACKI~2.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.16720_none_62b207ce0c996d96\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.20883_none_4bea1e72263bb289\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.18111_none_628cec840ceb7a37\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.22230_none_4bc15d202690f34a\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.16720_none_c39efe8a3f927437\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.20883_none_acd7152e5934b92a\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.18111_none_c379e3403fe480d8\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.22230_none_acae53dc5989f9eb\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_f49cbb9015dc43b3\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ddd4d2342f7e88a6\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_f477a046162e5054\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ddac10e22fd3c967\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18000_none_f54adc8015a95fda\MACHIN~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18000_none_f54adc8015a95fda\MACHIN~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18111_none_f54bc5de15a89323\MACHIN~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18111_none_f54bc5de15a89323\MACHIN~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.22230_none_de80367a2f4e0c36\MACHIN~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.22230_none_de80367a2f4e0c36\MACHIN~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.16720_none_7081409dee51e2d7\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.20883_none_59b9574207f427ca\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.18111_none_705c2553eea3ef78\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6001.18111_none_fbec0de7b7901200\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6001.18111_none_fbec0de7b7901200\GLOBAL~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7b4eba45cecd6936\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.20883_none_6486d0e9e86fae29\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7b299efbcf1f75d7\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.22230_none_645e0f97e8c4eeea\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.1638
6_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6000.16708_none_c29392a082f7409d\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6000.20864_none_c2d84ebb9c4922b1\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6001.18000_none_c471cd10802509af\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6001.18096_none_c4167f8080689d32\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6001.22208_none_c5036e11993b7158\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6000.16708_none_4c6d3f4bfe5170cb\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6000.20864_none_4cb1fb6717a352df\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6001.18096_none_4df02c2bfbc2cd60\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6001.22208_none_4edd1abd1495a186\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6000.16708_none_319b7f14a2b4f78c\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6000.20864_none_31e03b2fbc06d9a0\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6001.18096_none_331e6bf4a0265421\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.16708_none_7fdeb5cb1f6006f4\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.20864_none_802371e638b1e908\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18000_none_0b69c31f4f19b995\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6000.16720_none_6bfcb0a8ef8c6f2e\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6000.20883_none_5534c74d092eb421\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6001.18000_none_6bd6ac00efdf4886\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6001.18111_none_6bd7955eefde7bcf\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6001.22230_none_550c05fb0983f4e2\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16386_none_c7e203aac103cf9f\$$DeleteMe.sortkey.nlp.01c989b1eb48450d.0007
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16386_none_c7e203aac103cf9f\$$DeleteMe.sorttbls.nlp.01c989b1eb3c5e2d.0006
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16720_none_c7dc8a0ec1089f13\$$DeleteMe.sortkey.nlp.01c989b1eb48450d.0007
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16720_none_c7dc8a0ec1089f13\$$DeleteMe.sorttbls.nlp.01c989b1eb3c5e2d.0006
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\WININE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.18096_none_8161a2ab1cd16389\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6000.16720_none_c214589825a8fd4b\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6000.20883_none_ab4c6f3c3f4b423e\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6001.18000_none_c1ee53f025fbd6a3\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6001.18111_none_c1ef3d4e25fb09ec\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6001.22230_none_ab23adea3fa082ff\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6001.22230_none_e5207e83d1358b13\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6001.22230_none_e5207e83d1358b13\GLOBAL~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6000.16720_none_96e889a4e6710a32\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6000.20883_none_8020a04900134f25\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6001.18000_none_96c284fce6c3e38a\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6001.18111_none_96c36e5ae6c316d3\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6001.22230_none_7ff7def700688fe6\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7cb07809421da431\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.20883_none_65e88ead5bbfe924\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7c8b5cbf426fb0d2\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.22230_none_65bfcd5b5c1529e5\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\CHOOSE~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\PROVID~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\CHOOSE~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\PROVID~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\CHOOSE~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\PROVID~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.22230_none_cb073e4634736f92\CHOOSE~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.22230_none_cb073e4634736f92\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.22230_none_cb073e4634736f92\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.22230_none_cb073e4634736f92\PROVID~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6000.16720_none_fc112931b73e055f\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6000.16720_none_fc112931b73e055f\GLOBAL~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6000.20883_none_e5493fd5d0e04a52\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6000.20883_none_e5493fd5d0e04a52\GLOBAL~1.RES
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.20883_none_b114a0b2daaae406\$$DeleteMe.sortkey.nlp.01c989b1eb48450d.0007
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.20883_none_b114a0b2daaae406\$$DeleteMe.sorttbls.nlp.01c989b1eb3c5e2dProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\audiodg.exe
PID: 1224 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: RacAgent.exe]
Process: svchost.exe (PID: 1064) Address: 0x003e0000 Size: 28672

Object: Hidden Module [Name: lpksetup.exe]
Process: svchost.exe (PID: 1064) Address: 0x00560000 Size: 200704

Object: Hidden Module [Name: winlogon.exe]
Process: svchost.exe (PID: 1064) Address: 0x02000000 Size: 323584

Object: Hidden Module [Name: winlogon.exe]
Process: svchost.exe (PID: 1064) Address: 0x020f0000 Size: 323584

Object: Hidden Module [Name: WinMgmtR.dll]
Process: svchost.exe (PID: 1064) Address: 0x717f0000 Size: 8192

Object: Hidden Module [Name: tquery.dll]
Process: svchost.exe (PID: 1064) Address: 0x72030000 Size: 1589248

Object: Hidden Module [Name: schedsvc.dll]
Process: svchost.exe (PID: 1064) Address: 0x731d0000 Size: 606208

Object: Hidden Module [Name: dps.dll]
Process: svchost.exe (PID: 1064) Address: 0x72d40000 Size: 139264

Object: Hidden Module [Name: profsvc.dll]
Process: svchost.exe (PID: 1064) Address: 0x745d0000 Size: 163840

Object: Hidden Module [Name: wevtapi.dll]
Process: svchost.exe (PID: 1064) Address: 0x75a00000 Size: 258048

Object: Hidden Module [Name: HP.ActiveSupportLibrary.dll]
Process: hphc_service.exe (PID: 3400) Address: 0x00ef0000 Size: 110592

Object: Hidden Module [Name: Yahoo.Shared.dll]
Process: Yahoo.Messenger.YmApp.exe (PID: 4068) Address: 0x00710000 Size: 77824

Object: Hidden Module [Name: Yahoo.Messenger.YmCore.dll]
Process: Yahoo.Messenger.YmApp.exe (PID: 4068) Address: 0x00a50000 Size: 397312

Object: Hidden Module [Name: Yahoo.Messenger.YmCore.XmlSerializers.dll]
Process: Yahoo.Messenger.YmApp.exe (PID: 4068) Address: 0x00bc0000 Size: 53248

Object: Hidden Module [Name: Yahoo.WebServices.dll]
Process: Yahoo.Messenger.YmApp.exe (PID: 4068) Address: 0x040d0000 Size: 45056

Object: Hidden Module [Name: Yahoo.Messenger.Skins.YmDefault.dll]
Process: Yahoo.Messenger.YmApp.exe (PID: 4068) Address: 0x04800000 Size: 1552384

Object: Hidden Module [Name: YMAOManaged.dll]
Process: Yahoo.Messenger.YmApp.exe (PID: 4068) Address: 0x054c0000 Size: 2961408

Object: Hidden Module [Name: Yahoo.Messenger.YmDataTransfer.dll]
Process: Yahoo.Messenger.YmApp.exe (PID: 4068) Address: 0x06af0000 Size: 28672

Object: Hidden Module [Name: Yahoo.SearchAPI.dll]
Process: Yahoo.Messenger.YmApp.exe (PID: 4068) Address: 0x06e50000 Size: 77824

Object: Hidden Module [Name: Yahoo.SharedWPF.dll]
Process: Yahoo.Messenger.YmApp.exe (PID: 4068) Address: 0x077f0000 Size: 86016

Object: Hidden Module [Name: msvcm80.dll]
Process: Yahoo.Messenger.YmApp.exe (PID: 4068) Address: 0x06ec0000 Size: 507904

Object: Hidden Module [Name: Yahoo.Messenger.Skins.YmDefault.resources.dll]
Process: Yahoo.Messenger.YmApp.exe (PID: 4068) Address: 0x06fa0000 Size: 8695808

Object: Hidden Module [Name: StatusMenuControl.dll]
Process: Yahoo.Messenger.YmApp.exe (PID: 4068) Address: 0x07840000 Size: 53248

Object: Hidden Module [Name: StatusMenuControl.resources.dll]
Process: Yahoo.Messenger.YmApp.exe (PID: 4068) Address: 0x07b70000 Size: 36864

Object: Hidden Module [Name: Yahoo.Messenger.YmCore.resources.dll]
Process: Yahoo.Messenger.YmApp.exe (PID: 4068) Address: 0x082d0000 Size: 28672

Object: Hidden Module [Name: Yahoo.Messenger.YmAppServices.dll]
Process: Yahoo.Messenger.YmApp.exe (PID: 4068) Address: 0x08300000 Size: 28672

Object: Hidden Module [Name: Yahoo.Messenger.Skins.YmDefault.XmlSerializers.dll]
Process: Yahoo.Messenger.YmApp.exe (PID: 4068) Address: 0x0a140000 Size: 36864

Object: Hidden Module [Name: Yahoo.SearchAPI.XmlSerializers.dll]
Process: Yahoo.Messenger.YmApp.exe (PID: 4068) Address: 0x0a170000 Size: 36864

Object: Hidden Code [ETHREAD: 0x84bb2630]
Process: System Address: 0x8a270fe0 Size: -

Object: Hidden Code [ETHREAD: 0x84bfb580]
Process: System Address: 0x8de6b6d8 Size: -

Object: Hidden Code [ETHREAD: 0x84bfb2d8]
Process: System Address: 0x84bfb4cc Size: -

Object: Hidden Code [ETHREAD: 0x84bfc020]
Process: System Address: 0x84bfc214 Size: -

Object: Hidden Code [ETHREAD: 0x84bfcd78]
Process: System Address: 0xa7f5cbc0 Size: -

Object: Hidden Code [ETHREAD: 0x84bfcad0]
Process: System Address: 0xcd5d99b0 Size: -

Object: Hidden Code [ETHREAD: 0x84bfc828]
Process: System Address: 0x96a53c38 Size: -

Object: Hidden Code [ETHREAD: 0x84bfc580]
Process: System Address: 0x84bfc774 Size: -

AdvancedSetup

Apr 27 2009, 06:31 AM

Okay looks better now.

Please update MBAM and run another Quick Scan and post back that log file please.

Then run this scanner as well.

Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop
Please include the following logs in your next reply: DDS.txt and Attach.txt

Azlan

Apr 27 2009, 06:54 AM

Do i need to uninstall combofix? i did not run it. i just run it once when you asked, if so, how do i uninstall it?

MBAM Log

Malwarebytes' Anti-Malware 1.36
Database version: 2047
Windows 6.0.6001 Service Pack 1

27/4/2009 2:49:58 PM
mbam-log-2009-04-27 (14-49-58).txt

Scan type: Quick Scan
Objects scanned: 66696
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS log

DDS (Ver_09-03-16.01) - NTFSx86
Run by Mahmud65 at 14:41:44.75 on Mon 27/04/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.60.1033.18.2551.1583 [GMT 8:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\rundll32.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mahmud65\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll c:\progra~1\kasper~1\kasper~1\adialhk.dll c:\progra~1\kasper~1\kasper~1\kloehk.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\mahmud65\appdata\roaming\mozilla\firefox\profiles\upc0u9a0.default\
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox 3.1 beta 1\plugins\npOGAPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-connections-per-server - 8
c:\program files\mozilla firefox 3.1 beta 1\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox 3.1 beta 1\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox 3.1 beta 1\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox 3.1 beta 1\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox 3.1 beta 1\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox 3.1 beta 1\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox 3.1 beta 1\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox 3.1 beta 1\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox 3.1 beta 1\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox 3.1 beta 1\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox 3.1 beta 1\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox 3.1 beta 1\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox 3.1 beta 1\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox 3.1 beta 1\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox 3.1 beta 1\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-23 210216]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-1-14 603904]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-4-7 79888]

=============== Created Last 30 ================

2009-04-26 19:48 <DIR> --d----- c:\program files\GP Vs Superbike
2009-04-25 11:11 161,792 a------- c:\windows\SWREG.exe
2009-04-25 11:11 98,816 a------- c:\windows\sed.exe
2009-04-25 11:10 <DIR> --d----- C:\ComboFix
2009-04-24 21:10 <DIR> --d----- c:\users\mahmud65\DoctorWeb
2009-04-22 18:04 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-22 18:04 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-22 18:04 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-16 15:21 56 a---h--- c:\programdata\ezsidmv.dat
2009-04-16 15:21 56 a---h--- c:\progra~2\ezsidmv.dat
2009-04-16 15:18 <DIR> --d----- c:\programdata\Skype
2009-04-16 14:04 100,944 a------- c:\windows\system32\drivers\VBoxDrv.sys
2009-04-16 14:03 41,424 a------- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-04-07 21:25 79,888 a------- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-03-30 12:46 <DIR> --d----- c:\program files\Turbo Tube

==================== Find3M ====================

2009-04-27 14:32 4,691,488 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-27 14:32 647,200 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-04-27 14:32 39,828 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-27 14:32 4,312 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-04-16 14:17 51,200 a------- c:\windows\inf\infpub.dat
2009-04-16 14:17 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-16 14:17 86,016 a------- c:\windows\inf\infstor.dat
2009-03-28 12:51 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-03-28 12:51 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-03-28 12:51 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-03-17 11:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 11:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 11:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-05 15:48 53,248 a------- c:\users\mahmud65\lametritonus_en.dll
2009-03-05 15:48 162,304 a------- c:\users\mahmud65\lame_enc_en.dll
2009-03-03 12:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 12:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 12:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 12:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 12:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 12:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 12:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-03 12:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 12:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 12:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-03 11:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 10:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-03 10:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-02-13 16:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 16:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-02-09 11:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-01-30 17:24 14,600 a------- c:\windows\help\oem\scripts\HC_InstallHPHC.exe
2008-10-15 13:47 174 a--sh--- c:\program files\desktop.ini
2008-10-15 13:33 665,600 a------- c:\windows\inf\drvindex.dat
2008-09-17 18:41 9 a------- c:\program files\CD04.txt
2006-11-02 20:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 20:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 20:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 20:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-09-23 05:39 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-23 05:39 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-23 05:39 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-12-15 21:45 22 a--sh--- c:\windows\sminst\HPCD.sys

============= FINISH: 14:43:29.24 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 11/9/2008 3:09:00 AM
System Uptime: 27/4/2009 2:32:30 PM (0 hours ago)

Motherboard: Hewlett-Packard | | 30D5
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U10 | 1600/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 67 GiB total, 11.051 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.761 GiB free.
E: is FIXED (NTFS) - 2 GiB total, 1.316 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

==== Installed Programs ======================

'Full Speed' Internet Booster + Performance Tests
2007 Microsoft Office Suite Service Pack 1 (SP1)
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
Application Installer 4.00.B13
AviSynth 2.5
Bonjour
Camtasia Studio 6
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Conexant HD Audio
DVD Creator3
ESU for Microsoft Vista
Free Download Manager 3.0
Google Toolbar for Internet Explorer
Google Updater
GP Vs Superbike
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Backup and Recovery Manager Installer
HP Doc Viewer
HP Help and Support
HP Notebook Accessories Product Tour
HP Quick Launch Buttons 6.20 C1
HP Update
HP User Guides 0077
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
InterVideo DVD Check
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java™ 6 Update 13
Java™ 6 Update 7
Java™ SE Runtime Environment 6
Kaspersky Internet Security 2009
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Virtual PC 2007
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (3.1b3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
OGA Notifier 1.7.0105.35.0
QuickTime
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
SnagIt 9
Sonic Activation Module
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Tube Increaser
TuneUp Utilities 2009
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Vista Default Settings
Windows Media Player Firefox Plugin
WinRAR archiver
Xilisoft Video Converter Ultimate
Yahoo! Messenger for Vista

==== End Of File ===========================

AdvancedSetup

Apr 27 2009, 07:23 AM

We'll get to CF in a minute and remove it. It already was smart enough to remove the entries on it's own without us needing to tell it to.

You have the latest Java version but you also have some OLD versions so you should probably remove ALL versions and then when done you can re-install just the latest version.

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Java™ 6 Update 13
Java™ 6 Update 7
Java™ SE Runtime Environment 6

Then run this tool to help cleanup any left over Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location and post it back when you reply

Then look for the following Java folders and if found delete them.
C:\Program Files\Java
C:\Program Files\Common Files\Java
C:\Documents and Settings\All Users\Application Data\Java
C:\Documents and Settings\All Users\Application Data\Sun\Java
C:\Documents and Settings\username\Application Data\Java
C:\Documents and Settings\username\Application Data\Sun\Java

CCleaner

CCleaner
Double-click on the downloaded file "ccsetup218.exe" and install the application.
Keep the default installation folder "C:\Program Files\CCleaner"
Uncheck "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser"
Click finish when done and close ALL PROGRAMS
Start the CCleaner program.
Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
Click on Run Cleaner button on the bottom right side of the program.
Click OK to any prompts

Download and Update Java Runtime
The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 13.

Go to http://java.sun.com/javase/downloads/index.jsp
Go to Java Runtime Environment (JRE) 6 Update 13 about half way down the page and click on the Download button.
In Platform box choose Windows.
Check the box to Accept License Agreement and click Continue.
Click on Windows Offline Installation, click on the link under it which says jre-6u13-windows-i586-p.exe and save the downloaded file to your desktop.
Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.
Uncheck the Toolbar button (unless you want the toolbar)
Reboot your computer

Please run the following to remove any tools that might have been used during the scaning and cleaning of your system.

STEP A

Uninstall ComboFix.exe
Click START then RUN
Now type Combofix /u (if you renamed Combofix.exe use that name instead) in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
When shown the disclaimer, Select "2"

Remove this folder C:\QooBox if the uninstall instructions don't work and delete Combofix.exe AND check your system time and reset if needed

STEP B

Uninstall GMER
Click on START - RUN and type in or copy/paste %windir%\gmer_uninstall.cmd to remove GMER.

STEP C

Uninstall other tools
Please Download OTMoveIt3 by Old Timer and save it to your Desktop.
Double-click OTMoveIt3.exe to run it.
While connected to the Internet, Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
It should ask if you want to clean up, select Yes and allow the system to clean up these items.
NOW please reboot your computer to finish the cleanup process

Azlan

Apr 27 2009, 07:37 AM

javaRa said that it will open a log file. It didn't, i tried viewing C:/ but there is no javaRa.log

AdvancedSetup

Apr 27 2009, 07:41 AM

That's okay its not really needed. Please try to follow the other directions and when done you should be all set now.

I'll close your post soon so that other don't post into it and leave you with this information and suggestions.
So how did I get infected in the first place?

At this time your system appears to be clean. Nothing else in the logs indicates that you are still infected.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-VISTA

This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore-Vista
Click the Vista/Start icon.
Right Click >> Computer
Click Properties.
Click the System Protection tab.
Uncheck All drives
Click "Turn Off System Restore" at the prompt then click "Apply".
Restart your computer.

Turn ON System Restore-Vista
Click the Vista/Start icon
Right Click >> Computer
Click Properties.
Click the System Protection tab.
Checkmark All drives that were selected previously then click "Apply".

This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.
(Vista users, you must ensure that any program versions downloaded are Vista compatible BEFORE installing)

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install hpHosts
Download it from here
hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad,
tracking and malicious websites. This prevents your computer from connecting to these untrusted sites
by redirecting them to 127.0.0.1 which is your own local computer.
hpHosts Support Forum

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Enable automatic Windows Update on your system in Control Panel, or at least manually scan each week for updates.

The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic well and this is a must. I recommend Comodo Firewall Pro

A little outdated but good reading on how to prevent Malware

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you Fully Understand how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting Pre- HJT Post Instructions

Also don't forget that we offer FREE assistance with General PC questions and repair here PC Help
If you're pleased with the product Malwarebytes and the service provided you, please let your friends, family, and co-workers know. http://www.malwarebytes.org

Azlan

Apr 27 2009, 07:47 AM

CLEANING COMPLETE - (16.845 secs)
------------------------------------------------------------------------------------------
41.4MB removed.
------------------------------------------------------------------------------------------

Details of files deleted
------------------------------------------------------------------------------------------
IE Temporary Internet Files (638 files) 30.1MB
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@c.live[1].txt 68 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@forums.virtualbox[1].txt 179 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@tc.roxio[1].txt 186 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@fileratings[2].txt 391 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@onlinestores.metaservices.microsoft[1].txt 146 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@yahoo[1].txt 81 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@redirect.sonic[2].txt 93 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@www.virtualbox[1].txt 112 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@sun[1].txt 110 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@google.com[1].txt 136 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@tune-up[2].txt 299 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@ask[1].txt 651 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@computing[1].txt 542 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@youtube[1].txt 97 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@adobe[2].txt 172 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@forums.techguy[2].txt 386 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@forum.parallels[2].txt 178 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@updateservice.sonic[2].txt 115 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@hijackthis[2].txt 341 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@imageshack[2].txt 244 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@quantserve[2].txt 203 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@auto-activation4.kaspersky[1].txt 107 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@adobe[1].txt 100 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@questionmarket[1].txt 200 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@live[1].txt 94 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@askredir[1].txt 238 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@search.live[2].txt 457 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@www.roxio[1].txt 201 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@buildagadget[1].txt 281 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@msn[2].txt 200 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@myspace[2].txt 533 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@vmware[1].txt 94 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@intellitxt[1].txt 114 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@skype[1].txt 125 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@office.microsoft[2].txt 208 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@parallels[1].txt 106 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@google[3].txt 389 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@google[2].txt 331 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@google.com[3].txt 334 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@techguy[2].txt 254 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\mahmud65@atdmt[2].txt 100 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@1.blogger.gmodules[1].txt 416 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@abmr[1].txt 201 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@ad.yieldmanager[2].txt 516 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@addons.mozilla[1].txt 394 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@adobe[1].txt 107 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@adobe[3].txt 176 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@afy11[2].txt 370 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@amazon.co[1].txt 271 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@amazon[1].txt 264 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@answers.yahoo[1].txt 475 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@askredir[2].txt 239 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@ask[2].txt 1.21KB
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@auditmypc[2].txt 366 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@avg[1].txt 126 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@avn.innity[1].txt 125 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@avn.innity[3].txt 124 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@avn.innity[4].txt 124 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@avn.innity[5].txt 318 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@bcheck.scanit[2].txt 221 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@blogger[2].txt 383 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@c.live[1].txt 68 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@cartoonnetwork[2].txt 411 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@chris.pirillo[2].txt 364 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@community.mcafee[2].txt 176 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@defp.opt.fimserve[1].txt 100 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@delb.opt.fimserve[2].txt 121 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@demr.opt.fimserve[1].txt 118 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@desb.opt.fimserve[2].txt 121 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@desk.opt.fimserve[2].txt 121 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@doubleclick[1].txt 121 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@download.manycam[1].txt 380 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@epinions[1].txt 431 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@facebook[2].txt 500 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@fantastic-search.blogspot[2].txt 425 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@feedjit[1].txt 113 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@filecabi[1].txt 536 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@fimserve[2].txt 368 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@forum.lowyat[1].txt 419 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@freeonlinegames[1].txt 673 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@goholiday.airasia[1].txt 426 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@google.com[1].txt 337 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@google.com[2].txt 133 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@google[1].txt 365 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@google[3].txt 137 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@google[4].txt 297 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@google[5].txt 277 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@google[6].txt 348 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@hb.pcworld[1].txt 1.74KB
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@iacas.adbureau[2].txt 80 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@jonloh[1].txt 128 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@landing.domainsponsor[1].txt 452 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@liewcf[1].txt 327 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@live-radio[1].txt 479 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@live[1].txt 94 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@lockergnome[2].txt 426 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@loomia[1].txt 91 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@lowyat[1].txt 94 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@manycam[1].txt 335 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@maybank2u.com[1].txt 280 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@microsoft[2].txt 235 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@msappspace[1].txt 409 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@msn[1].txt 99 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@myspace[2].txt 893 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@narod[1].txt 87 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@nb.myspace[1].txt 436 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@opt.fimserve[2].txt 254 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@othersonline[2].txt 79 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@ozzu[1].txt 482 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@pcnineoneone[2].txt 329 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@pcworld[2].txt 454 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@pirillo[1].txt 135 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@quantserve[2].txt 203 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@remove-malware[1].txt 839 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@revenue[2].txt 204 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@rubiconproject[1].txt 127 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@scanscout[2].txt 95 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@search.live[1].txt 419 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@sharethis[2].txt 212 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@speedtest[2].txt 203 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@statcounter[2].txt 304 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@synad2.nuffnang.com[1].txt 488 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@tag.admeld[1].txt 111 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@tag.contextweb[1].txt 191 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@techsmith[2].txt 273 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@ustream[1].txt 428 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@viewmorepics.myspace[1].txt 97 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@wilderssecurity[1].txt 175 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@windowsnetworking[1].txt 349 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@www.airasia[1].txt 84 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@www.aspdeveloper[2].txt 84 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@www.avira[1].txt 72 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@www.f-secure[1].txt 142 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@www.game.co[1].txt 80 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@www.googlesux[1].txt 90 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@www.moregamers[2].txt 87 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@www.moviesfoundonline[1].txt 496 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@www.othersonline[1].txt 189 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@www.ozzu[1].txt 263 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@www.pcworld[1].txt 73 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@www.techsmith[1].txt 82 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@www.ustream[1].txt 225 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@yahoo[2].txt 568 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@yieldmanager[1].txt 105 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\low\mahmud65@youtube[1].txt 461 bytes
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008111820081119\index.dat 32.00KB
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009040620090413\index.dat 32.00KB
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009041320090420\index.dat 48.00KB
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009042020090427\index.dat 32.00KB
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009042720090428\index.dat 32.00KB
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat 0.34MB
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012009012120090122\index.dat 32.00KB
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012009040620090413\index.dat 32.00KB
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012009041320090420\index.dat 32.00KB
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012009042020090421\index.dat 32.00KB
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012009042220090423\index.dat 32.00KB
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012009042520090426\index.dat 32.00KB
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012009042620090427\index.dat 32.00KB
Marked for deletion: C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Marked for deletion: C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Marked for deletion: C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
Marked for deletion: C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\090309192734.lnk 400 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\090310183318.lnk 400 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\090314175134.lnk 400 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\090315105532.lnk 400 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\090315151022.lnk 400 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\090318173528.lnk 400 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\2008-10-13 azmeir.lnk 507 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\2009-03-09 19.12.53.907 Assessment (Formal).WinSAT.lnk 1.15KB
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Add YM (2).lnk 820 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\adik painting.lnk 565 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Antivirus Boxes.lnk 409 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Attach.lnk 471 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Azlan96.lnk 294 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\azlan_rootrepeal.lnk 585 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Beatles.lnk 637 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Beetles (2).lnk 602 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Beetles.lnk 832 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Besday.lnk 533 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Camtasia Getting Started Guide.lnk 1.41KB
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Camtasia Studio.lnk 500 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Cant connect internet.lnk 1,010 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\CD Drive.lnk 186 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\CD04.lnk 633 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Chris Pirillo.lnk 673 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\clip0027.lnk 530 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\ComboFix-quarantined-files.lnk 656 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\CureIt.lnk 629 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\DataStore.lnk 753 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\DDS.lnk 452 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Dial Up (2).lnk 836 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Dial Up (3).lnk 604 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\DoctorWeb.lnk 452 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Downloading rogue software.lnk 1.04KB
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Downloads.lnk 667 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Electroplankton (2).lnk 644 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Electroplankton.lnk 932 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Fake mini (2).lnk 860 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Fake mini.lnk 649 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Gmail Spam (2).lnk 872 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\HijackThis (2).lnk 733 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\hijackthis.lnk 956 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\HJT.lnk 356 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\HSM3 Low Quality.lnk 523 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\IMG_0682.lnk 652 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\IMG_0689.lnk 652 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\IMG_0692.lnk 652 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\IMG_0701.lnk 652 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\IMG_0708.lnk 652 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\IMG_9711 copy.lnk 315 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Infected.lnk 851 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Jadual'.lnk 545 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\JavaRa.lnk 788 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\karaoke.lnk 637 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Kaspersky Internet Security 2009.lnk 853 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Mahmud65.lnk 560 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\MS JAPAN.lnk 848 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\ntbtlog.lnk 566 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\P1 speed (2).lnk 848 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\P1 speed (3).lnk 609 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\P1 speed.lnk 642 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Pictures.lnk 353 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\PLZ HELP.lnk 848 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\PRG003.lnk 352 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\PRG003.PGI.lnk 489 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Program Files.lnk 490 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\PSP cheats.lnk 560 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Qoobox.lnk 413 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Queens].lnk 637 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Remove malware (2).lnk 920 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Remove malware (3).lnk 639 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Remove malware.lnk 678 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\rescuecd.lnk 986 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\SAS Prevention.lnk 920 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\SAS PRO(1).lnk 872 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\sblsp.lnk 3.82KB
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Start Search.lnk 1.25KB
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\StupidBod.lnk 649 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Trip singapore.lnk 437 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Twitter (2).lnk 731 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Virus.lnk 610 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Vista Recovery Disc.lnk 538 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Win.lnk 452 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Win95 BSOD.lnk 394 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Windows 7 Azlan.lnk 518 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\Windows 7 download link.lnk 634 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\WINDOWS.lnk 418 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Windows\Recent\YT april fools.lnk 766 bytes
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db 24 bytes
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db 2.00MB
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db 1.00MB
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db 4.00MB
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 15.80KB
C:\Users\Mahmud65\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db 24 bytes
C:\WINDOWS\TEMP\cch~41c5636cc.htp 8.00KB
C:\WINDOWS\TEMP\cch~41c565246.htp 8.00KB
C:\WINDOWS\TEMP\cch~b9961dc72.htp 8.00KB
C:\WINDOWS\TEMP\cch~b9961fc2c.htp 8.00KB
C:\WINDOWS\TEMP\cch~bc8dc0f23.htp 8.00KB
C:\WINDOWS\TEMP\cch~bc8dc45c4.htp 8.00KB
C:\WINDOWS\TEMP\cch~bcb5cfae1.htp 8.00KB
C:\WINDOWS\TEMP\cch~bcb5d2bc4.htp 8.00KB
C:\WINDOWS\TEMP\MpCmdRun.log 1.17KB
C:\WINDOWS\TEMP\sqlite_02eal8QAI6kqbqB 1.00KB
C:\WINDOWS\TEMP\sqlite_1XojPBY9zOCsEH2 1.00KB
C:\WINDOWS\TEMP\sqlite_32Pz71fu1OQXL1F 1.00KB
C:\WINDOWS\TEMP\sqlite_3Fnu3xXKsoI2e2r 1.00KB
C:\WINDOWS\TEMP\sqlite_8uOqfuhgtd9Ssl3 1.00KB
C:\WINDOWS\TEMP\sqlite_avmAk7qol4iLfhB 0 bytes
C:\WINDOWS\TEMP\sqlite_BhppsU4wc34gaDV 1.00KB
C:\WINDOWS\TEMP\sqlite_C8gdtnBkNYOEahb 1.00KB
C:\WINDOWS\TEMP\sqlite_dqbiyVrM2OvI8gB 1.00KB
C:\WINDOWS\TEMP\sqlite_dzV7Z7bi9g0IqNu 1.00KB
C:\WINDOWS\TEMP\sqlite_GDONb1DzSgE5muU 1.00KB
C:\WINDOWS\TEMP\sqlite_gKttwn6E5TwdVkt 1.00KB
C:\WINDOWS\TEMP\sqlite_ibsgFxNEUftcY9n 1.00KB
C:\WINDOWS\TEMP\sqlite_kvIN9cHeUNj3uZe 1.00KB
C:\WINDOWS\TEMP\sqlite_L7QUiVXtbJtc7XK 0 bytes
C:\WINDOWS\TEMP\sqlite_m2DOGu3VGp1G7cg 1.00KB
C:\WINDOWS\TEMP\sqlite_Mqsoe418g0ER1ZU 1.00KB
C:\WINDOWS\TEMP\sqlite_OdIgrPCnNBO0rRS 1.00KB
C:\WINDOWS\TEMP\sqlite_tJlDGrGOpQW7077 1.00KB
C:\WINDOWS\TEMP\sqlite_tZMqHGUcChXrX7a 1.00KB
C:\WINDOWS\TEMP\sqlite_wh7JisvdVIXAuzS 1.00KB
C:\WINDOWS\TEMP\sqlite_XBMqAG2rs5ehDTg 1.00KB
C:\WINDOWS\TEMP\sqlite_xJlRCLYHxx10BX0 1.00KB
C:\WINDOWS\TEMP\sqlite_yFYIO8T0BgWpAwV 1.00KB
C:\WINDOWS\TEMP\sqlite_Zc0K7YK7ZvffrkW 1.00KB
C:\WINDOWS\TEMP\sqlite_ZCTXVkIKKdPimO8 1.00KB
C:\WINDOWS\TEMP\sqlite_zHgiIhQ3pUlxeWE 1.00KB
C:\Users\Mahmud65\AppData\Local\Temp\2428015.od 134 bytes
C:\Users\Mahmud65\AppData\Local\Temp\clipboardcache 2.56MB
C:\Users\Mahmud65\AppData\Local\Temp\CVRC5F.tmp.cvr 0 bytes
C:\Users\Mahmud65\AppData\Local\Temp\java_install_reg.log 1.55KB
C:\Users\Mahmud65\AppData\Local\Temp\java_install_sp.log 831 bytes
C:\Users\Mahmud65\AppData\Local\Temp\jusched.log 403 bytes
C:\Users\Mahmud65\AppData\Local\Temp\log.txt 19.76KB
C:\Users\Mahmud65\AppData\Local\Temp\Mahmud65.bmp 31.09KB
C:\Users\Mahmud65\AppData\Local\Temp\MSI4b05e.LOG 354 bytes
C:\Users\Mahmud65\AppData\Local\Temp\ORAL BM-COKLAT.docx 14.83KB
C:\Users\Mahmud65\AppData\Local\Temp\RootRepeal.rar 0.42MB
C:\Users\Mahmud65\AppData\Local\Temp\SSUPDATE.EXE 0.15MB
C:\Users\Mahmud65\AppData\Local\Temp\ymdm_recording.bin 0 bytes
Firefox/Mozilla cache cleaning was skipped.
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Office\Recent\Besday.LNK 832 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Office\Recent\Camtasia Getting Started Guide.LNK 1.32KB
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK 643 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Office\Recent\Documents.LNK 711 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Office\Recent\Downloads.LNK 430 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Office\Recent\F&B M&CD.LNK 277 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Office\Recent\FBGC report 10-2008.LNK 417 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Office\Recent\index.dat 434 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Office\Recent\Jadual'.LNK 844 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Office\Recent\PowerPoint.LNK 1.08KB
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Office\Recent\PSP cheats.LNK 859 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Office\Recent\Removable Disk (G).LNK 179 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Office\Recent\spa-coverletter.LNK 879 bytes
C:\Users\Mahmud65\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK 919 bytes
C:\Users\Mahmud65\AppData\Roaming\Google\Local Search History\google%2Eweb.w 4.40KB
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\a727.ac-images.mspcdn.com\fzzzmtmf.sol 64 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\a727.ac-images.mspcdn.com\udphr.sol 40 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\acvs.mediaonenetwork.net\MediaOne.sol 121 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\as1.suitesmart.com\6thElement.sol 389 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\bandtools.nabbr.com\bandtools\media\player02\screens\injector.swf\injectorSO.sol 80 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\bin.clearspring.com\clearspring.sol 1.57KB
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\cartoonnetwork.com\CN_users.sol 167 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\cdn-ll-static.viddler.com\flash\player563.swf\undefined.sol 174 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\cdn-static.viddler.com\flash\player633.swf\undefined.sol 174 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\cdn.gigya.com\com.quantserve.sol 74 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\cdn.gigya.com\gigya_SNAccountsStatus.sol 113 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\cdn.lookery.com\f\pub\lcid.swf\com.lookery.LCID.sol 80 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\cdn.smugmug.com\smfsss.sol 432 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\cdn.turner.com\b3ncookie.sol 46 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\cdn.turner.com\CN_users.sol 1,005 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\cdn.visiblemeasures.com\swf\as2\AS2SOHandler.swf\configData.sol 293 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\cdn.visiblemeasures.com\swf\as2\AS2SOHandler.swf\sessionData.sol 137 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\cdn.visiblemeasures.com\swf\as2\AS2SOHandler.swf\userData.sol 97 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\cdn.widgetserver.com\com.quantserve.sol 74 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\cdn1.ustream.tv\com.quantserve.sol 72 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\cdn1.ustream.tv\viewer.sol 77 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\chatango.com\fixed_id.sol 54 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\chatango.com\mini_login.sol 48 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\core.videoegg.com\#com\videoegg\Lookery.sol 148 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\core.videoegg.com\#com\videoegg\Tearsheet.sol 84 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\core.videoegg.com\#ve\admanager.sol 73 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\core.videoegg.com\com.quantserve.sol 72 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\d.scribd.com\ScribdViewer.swf\instance_identifier.sol 79 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\d.scribd.com\ScribdViewer.swf\scribdSettings.sol 104 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\d.yimg.com\COSMOSPrefs.sol 76 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\d.yimg.com\COSMOS_FOP.sol 84 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\d.yimg.com\VolumePrefs.sol 55 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\d.yimg.com\YEPBWPrefs.sol 71 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\disney.go.com\hsm3sound.sol 38 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\disney.go.com\s_br.sol 35 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\e.blip.tv\com.quantserve.sol 74 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\earth.google.com\datastore.swf\googleEarthSettings.sol 41 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\entertainment.mtvnservices.com\s_br.sol 35 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\entertainment.mtvnservices.com\[[IMPORT]]\media.mtvnservices.com\player\release\DownShiftHistory.sol 59 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\entertainment.mtvnservices.com\[[IMPORT]]\media.mtvnservices.com\player\release\MetadataHistory.sol 1.64KB
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\entertainment.mtvnservices.com\[[IMPORT]]\media.mtvnservices.com\player\release\playerCounter.sol 230 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\entertainment.mtvnservices.com\[[IMPORT]]\media.mtvnservices.com\player\release\userPrefs.sol 431 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\files.freeonlinegames.com\14146\games\adrenalinechallenge\adrenalinechallenge.swf\kianisMoto.sol 453 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\files.freeonlinegames.com\14147\games\burgerrestaurant\burgerrestaurant.swf\Burger_Restaurant2.sol 1.41KB
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\files.freeonlinegames.com\14152\games\heliattack3\heliattack3571681110.swf\heliattack3.sol 2.62KB
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\files.freeonlinegames.com\games\planetracer\2planetracer.swf\user_data.sol 2.90KB
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\files.freeonlinegames.com\nohotlinking\roadburner\roadburner.swf\roadburner.sol 3.87KB
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\files.freeonlinegames.com\_ne_n2nn_NEVER_SETTINGS.sol 154 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\flash.quantserve.com\com.quantserve.sol 74 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\flash.revver.com\player\1.0\core.swf\revverplayer.sol 86 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\flashservice.xvideos.com\sitevideos\flv_player_site_v4.swf\hexaplayerVolumeCookie.sol 54 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\flashtalking.com\ft2837-2.sol 73 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\freeonlinegames.com\14137\games\gangsterlife\2gangsterlife.swf\datagta.sol 890 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\freeonlinegames.com\exgames\simtaxi\2simtaxi.swf\datataxi.sol 663 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\googleads.g.doubleclick.net\pagead\googleadplayer.swf\mediaPlayerUserSettings.sol 94 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\graboid.com\pap20.sol 45 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\ht.cdn.turner.com\CN_users.sol 143 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\ht.cdn.turner.com\toon\games\ben10\foreverdefense\mainBenAF.swf\dataScore.sol 45 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\i.cartoonnetwork.com\counter.sol 103 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\i.cdn.turner.com\CN_users.sol 155 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\i.cdn.turner.com\counter.sol 613 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\im.afy11.net\com.quantserve.sol 74 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\images.video.msn.com\s_br.sol 35 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\img.123greetings.com\eventsnew\enov_hariraya\9541-001-14-1047.swf\storeVolume.sol 69 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\img.123greetings.com\eventsnew\enov_hariraya\9541-001-21-1115.swf\storeVolume.sol 69 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\lads.myspace.com\videos\Main.swf\preferences.sol 192 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\lads.myspace.com\videos\vplayer.swf\preferences.sol 153 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\login.yahoo.com\loginCache.sol 158 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\mail.google.com\wakeup.sol 37 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\media.scanscout.com\SS_ARE_BrandAdHistory.sol 152 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\media.scanscout.com\SS_ARE_CampaignHistory.sol 83 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\media.scanscout.com\SS_ARE_CatFreqHist.sol 501 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\media.scanscout.com\SS_ARE_DayFreqCap.sol 93 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\media.scanscout.com\SS_ARE_RPCAdHistory.sol 946 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\media.scanscout.com\SS_ARE_UserData.sol 219 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\media.socialvibe.com\sv.sol 52 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\mochiads.com\com.mochiads.sol 614 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\mochibot.com\com.mochibot.sol 105 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\mogulus-system.s3.amazonaws.com\web\grid\PlayerV2.swf\connectionTester.sol 75 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\mogulus-system.s3.amazonaws.com\web\grid\PlayerV2.swf\playerCookie.sol 46 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\mogulus-system.s3.amazonaws.com\web\grid\PlayerV2.swf\soClientInfo.sol 82 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\msnbcmedia.msn.com\playerConfigplayerConfig3032619.sol 83 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\oddcast.com\oddcast_so.sol 190 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\pagead2.googlesyndication.com\pagead\googleadplayer.swf\mediaPlayerUserSettings.sol 94 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\player.stickam.com\1015547.sol 91 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\player.stickam.com\player_top.sol 50 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\porn.com\flow\flowplayer.commercial-3.0.2.swf\org.flowplayer.sol 60 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\pub.widgetbox.com\wbx_cookie.sol 42 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\pub.widgetserver.com\com.quantserve.sol 74 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\publish.vx.roo.com\vxFlashPlayer_0bc72527-aa8e-4487-a5e8-94aae448c9dd.sol 91 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\redir.adap.tv\redir\client\AdPlayer8\AdPlayer8-21.1_012697.swf\adap.tv.sol 53 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\redir.adap.tv\redir\client\AdPlayer8\AdPlayer8-22.9_014313.swf\adap.tv.sol 53 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\resources-p2.imeem.com\com.quant.got.served.sol 80 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\resources-p2.imeem.com\com.quantserve.sol 74 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\s.mcstatic.com\MetacafeFlashVideoPlayer.sol 64 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\s.mcstatic.com\userItemRanks.sol 172 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\s.mcstatic.com\UUID.sol 68 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\s.mcstatic.com\version.sol 46 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\s.ytimg.com\moduleData.sol 75 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\s.ytimg.com\soundData.sol 58 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\s.ytimg.com\videostats.sol 199 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\schedule.cartoonnetwork.com\CN_users.sol 64 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\share.youthwant.com.tw\soundData.sol 58 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\skype.com\#ui\preferences.sol 216 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\sodahead.com\enc_data.sol 262 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\spe.atdmt.com\ds\HHHBOLIMULMP\AT2008_Adroit3_rev_300x250.swf\Adroit_id.sol 94 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\static.animoto.com\clearspring.sol 696 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\static.eventful.com\com.eventful.logging.spids.sol 120 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\static.pplaylist.com\players\mp3player_new.swf\ppl5.sol 49 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\static.pplaylist.com\players\mp3player_new_v60.swf\ppl4.sol 52 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\static.pplaylist.com\players\mp3player_new_v67.swf\ppl4.sol 49 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\static.pplaylist.com\players\searchplayer_v7.swf\ppl5.sol 149 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\static.spankwire.com\player\player.swf\flv_player_settings.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\static.trialpay.com\swf\logo.swf\helpData.sol 120 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\stuff.pyzam.com\com.quantserve.sol 74 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\tubemogul.com\StreamMinerInfo.sol 59 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\twitter.com\flash\twitter_badge.swf\OdeoPodcastPlayerColors.sol 65 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\us.mg2.mail.yahoo.com\cookies.sol 67 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\userplane.com\Userplane_Chat.sol 50 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\video.flashtalking.com\ft2811-4.sol 73 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\video.flashtalking.com\ft2923-2.sol 73 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\video.google.com\googleplayer.swf\mediaPlayerUserSettings.sol 94 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\video.google.com\videostats.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\video.xnxx.com\sitevideos\flv_player_site_v4.swf\hexaplayerVolumeCookie.sol 54 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\video.xnxx.com\sitevideos\flv_player_site_v4.swf\VolCookie.sol 46 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\video.xnxx.com\sitevideos\xv-player.swf\hexaplayerVolumeCookie.sol 54 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\vizu.com\acUserData.sol 253 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\vo.llnwd.net\b3ncookie.sol 46 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\webmessenger.yahoo.com\eden_cookie.sol 1.30KB
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\widget-41.slide.com\user_loc_lat.sol 48 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\widget-41.slide.com\user_loc_lon.sol 49 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\widget-41.slide.com\user_loc_string.sol 64 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\widget-cdn.meebo.com\com.quantserve.sol 74 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\widget-cdn.meebo.com\mm.sol 435 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\widget.slide.com\spp.sol 39 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\widgets.clearspring.com\clearspring.sol 909 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\widgets.nbcuni.com\astrology\HoroscopesWanProd3.swf\myHoroType.sol 90 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\wp.vizu.com\vizuUserData.sol 1.63KB
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.badjojo.com\xmoov_flv\player\xmoov.sol 36 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.badjojo.com\xmoov_flv\player\xmoov_younoob.sol 73 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.bbc.co.uk\topgear\swf\topgear_videopromo.swf\topgearsettings.sol 46 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.blinkx.com\f2\player.swf\blinkxSombreroPlayer.sol 159 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.blogger.com\img\videoplayer.swf\mediaPlayerUserSettings.sol 94 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.cartoonnetwork.co.uk\microsites\ben10\main.swf\application-name.sol 53 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.cartoonnetwork.co.uk\s_br.sol 35 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.cartoonnetwork.com\CN_users.sol 111 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.cartoonnetwork.com\games\ben10\bentotherescue\kernel.swf\bentotherescue.sol 68 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.cartoonnetwork.com\games\chopsocky\bigtrouble\Chops.swf\score.sol 41 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.cartoonnetwork.com\games\naruto\chuninshowdown\main.swf\naruto_cs.sol 127 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.cartoonnetwork.com\s_br.sol 35 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.cartoonnetwork.com\VideoBrowser.sol 54 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.comedycentral.com\comedy_central_video.sol 57 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.dailymotion.com\flash\dmplayer\dmplayer.swf\dmplayer.sol 89 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.eonline.com\analytics.sol 419 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.eonline.com\volumeLevelAS3.sol 53 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.excitementinthecity.com.my\analytics.sol 444 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.flashearth.com\flashearth.swf\flashEarth.sol 173 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.flickr.com\apps\video\video_player_prefs2.sol 61 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.freeonlinegames.com\nohotlinking\day_drive\day_drive.dcr\day_drive.sol 176 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.freeonlinegames.com\nohotlinking\sandboard\sandboard.dcr\sandboard_fog.sol 180 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.he.playlist.com\com.jeroenwijering.players.sol 66 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.he.playlist.com\mc\mp3player_new.swf\ppl4.sol 69 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.he.playlist.com\mc\searchplayer.swf\ppl4.sol 147 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.he.playlist.com\players\573a\mp3player.swf\ppl5.sol 49 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.karaokeparty.com\user_profile.sol 71 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.mbusa.com\mercedes\MBHome.swf\uuidData.sol 127 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.mikestar.com\de\flashplayer\KaraokePlayer_preview.swf\karaokeSettings.sol 114 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.myinternet.com.my\storeValue.sol 77 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.porn.com\flow\flowplayer.commercial-3.0.2.swf\org.flowplayer.sol 60 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.pornhub.com\players\MX\v1\player_v1.5.2.swf\ph_options.sol 49 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.pornhub.com\players\MX\v1\player_v1.5.6.swf\ph_options.sol 49 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.pornhub.com\players\pornhub_2.swf\ph_options.sol 49 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.pornhub.com\players\pornhub_embed_2.swf\ph_options.sol 49 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.pornotube.com\soundData.sol 58 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.porntube.com\player\AAVideoFlyPlayerPreview.swf\previews.sol 51 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.porntube.com\player\AAVideoFlyPlayerPreview.swf\volume.sol 42 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.proxysib.com\com.quantserve.sol 72 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.proxysib.com\viewer.sol 60 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.redtube.com\_playerx\flash\client_players\redtube\xmoov-flv-player3.swf\xmoov.sol 78 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.redtube.com\_playerx\flash\client_players\redtube\xmoov-flv-player3.swf\xmoov_redtube_original.sol 78 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.spankwire.com\Player\player.swf\flv_player_settings.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.spankwire.com\Player\xmoov-flv-player.swf\xmoov.sol 36 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.spankwire.com\Player\xmoov-flv-player.swf\xmoov_vitaminAB.sol 71 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.supernovatube.com\com.jeroenwijerin.players.sol 65 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.symantec.com\s_br.sol 41 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.theflip.com\flash\swf\VideoModule.swf\visitCheck.sol 53 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.ustream.tv\com.quantserve.sol 72 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.ustream.tv\viewer.sol 271 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.xatech.com\chat.sol 88 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.xvideos.com\sitevideos\flv_player_site_v4.swf\hexaplayerVolumeCookie.sol 54 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.xvideos.com\sitevideos\flv_player_site_v4.swf\VolCookie.sol 46 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.youtube.com\soundData.sol 58 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www.youtube.com\videostats.sol 199 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www3.mercedes-benz.com\mbcom_v4\swf\mbcom.swf\slideshow.sol 50 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\www3.mercedes-benz.com\s_br.sol 35 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\wwwstatic.megaporn.com\megavideouser.sol 63 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\wwwstatic.megavideo.com\megavideoads.sol 90 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\wwwstatic.megavideo.com\megavideouser.sol 65 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CG8RBUKN\youtube.com\soundData.sol 58 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a727.ac-images.mspcdn.com\settings.sol 95 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#acvs.mediaonenetwork.net\settings.sol 94 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#airdownload.adobe.com\settings.sol 91 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#as1.suitesmart.com\settings.sol 88 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bandtools.nabbr.com\settings.sol 89 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol 89 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cartoonnetwork.com\settings.sol 88 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn-ll-static.viddler.com\settings.sol 95 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn-static.viddler.com\settings.sol 92 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.channel.aol.com\settings.sol 89 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.cloudfiles.mosso.com\settings.sol 94 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.gigya.com\settings.sol 83 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.lookery.com\settings.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.smugmug.com\settings.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.turner.com\settings.sol 84 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.visiblemeasures.com\settings.sol 93 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.widgetserver.com\settings.sol 90 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn1.ustream.tv\settings.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#chatango.com\settings.sol 82 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.videoegg.com\settings.sol 87 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#d.scribd.com\settings.sol 82 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#d.yimg.com\settings.sol 80 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#disney.go.com\settings.sol 83 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#e.blip.tv\settings.sol 79 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#entertainment.mtvnservices.com\settings.sol 100 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#files.freeonlinegames.com\settings.sol 95 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com\settings.sol 90 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.revver.com\settings.sol 86 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flashservice.xvideos.com\settings.sol 94 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flashtalking.com\settings.sol 86 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#freeonlinegames.com\settings.sol 89 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#googleads.g.doubleclick.net\settings.sol 97 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#graboid.com\settings.sol 81 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ht.cdn.turner.com\settings.sol 87 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#i.cartoonnetwork.com\settings.sol 90 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#i.cdn.turner.com\settings.sol 86 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#im.afy11.net\settings.sol 82 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.amazon.com\settings.sol 87 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.video.msn.com\settings.sol 90 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#img.123greetings.com\settings.sol 90 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#lads.myspace.com\settings.sol 86 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#login.yahoo.com\settings.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mail.google.com\settings.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#maps.google.com\settings.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.scanscout.com\settings.sol 89 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.socialvibe.com\settings.sol 90 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochiads.com\settings.sol 82 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochibot.com\settings.sol 82 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mogulus-system.s3.amazonaws.com\settings.sol 101 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#msnbcmedia.msn.com\settings.sol 88 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#oddcast.com\settings.sol 81 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pagead2.googlesyndication.com\settings.sol 99 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#paultan.org\settings.sol 81 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.cold-link.com\settings.sol 90 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.stickam.com\settings.sol 88 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#porn.com\settings.sol 78 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pub.widgetbox.com\settings.sol 87 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pub.widgetserver.com\settings.sol 90 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#publish.vx.roo.com\settings.sol 88 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#redir.adap.tv\settings.sol 83 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#resources-p2.imeem.com\settings.sol 92 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#resources-p3.imeem.com\settings.sol 92 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.mcstatic.com\settings.sol 84 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol 81 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#schedule.cartoonnetwork.com\settings.sol 97 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#share.youthwant.com.tw\settings.sol 92 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#skype.com\settings.sol 79 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#sodahead.com\settings.sol 82 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#spe.atdmt.com\settings.sol 83 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.animoto.com\settings.sol 88 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.eventful.com\settings.sol 89 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.pplaylist.com\settings.sol 90 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.shiftdelete.net\settings.sol 92 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.spankwire.com\settings.sol 90 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.trialpay.com\settings.sol 89 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.twitter.com\settings.sol 88 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#stuff.pyzam.com\settings.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tubemogul.com\settings.sol 83 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#twitter.com\settings.sol 81 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#us.mg2.mail.yahoo.com\settings.sol 91 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#userplane.com\settings.sol 83 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.flashtalking.com\settings.sol 92 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.google.com\settings.sol 86 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.xnxx.com\settings.sol 84 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vizu.com\settings.sol 78 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vo.llnwd.net\settings.sol 82 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#webmessenger.yahoo.com\settings.sol 92 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#widget-41.slide.com\settings.sol 89 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#widget-cdn.meebo.com\settings.sol 90 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#widget.slide.com\settings.sol 86 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#widgets.clearspring.com\settings.sol 93 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#widgets.nbcuni.com\settings.sol 88 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#wisevid.com\settings.sol 81 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#wp.vizu.com\settings.sol 81 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.badjojo.com\settings.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.bbc.co.uk\settings.sol 83 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.blinkx.com\settings.sol 84 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.blogger.com\settings.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.cartoonnetwork.co.uk\settings.sol 94 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.cartoonnetwork.com\settings.sol 92 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.comedycentral.com\settings.sol 91 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.dailymotion.com\settings.sol 89 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.driveeverydrop.com\settings.sol 92 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.eonline.com\settings.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.excitementinthecity.com.my\settings.sol 100 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.flashearth.com\settings.sol 88 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.flickr.com\settings.sol 84 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.freeonlinegames.com\settings.sol 93 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.he.playlist.com\settings.sol 89 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.karaokeparty.com\settings.sol 90 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mbusa.com\settings.sol 83 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.midomi.com\settings.sol 84 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mikestar.com\settings.sol 86 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.myinternet.com.my\settings.sol 91 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.porn.com\settings.sol 82 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.pornhub.com\settings.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.pornotube.com\settings.sol 87 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.porntube.com\settings.sol 86 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.proxysib.com\settings.sol 86 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.spankwire.com\settings.sol 87 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.supernovatube.com\settings.sol 91 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.symantec.com\settings.sol 86 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.theflip.com\settings.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.ustream.tv\settings.sol 84 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.xatech.com\settings.sol 84 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.xvideos.com\settings.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol 85 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www3.mercedes-benz.com\settings.sol 92 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#wwwstatic.megaporn.com\settings.sol 92 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#wwwstatic.megavideo.com\settings.sol 93 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#youtube.com\settings.sol 81 bytes
C:\Users\Mahmud65\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 3.17KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{1907842A-BDD9-4103-97CA-44FAAB203D2A} 5.43KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{3A5FFC4E-7120-4867-8A74-005FF510C404} 5.43KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{4E9442A9-C384-4515-86AB-FCD775D9109C} 5.43KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{8A97DE04-7032-412A-BB42-5AF9347DEDF5} 5.43KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{9B991A87-92CB-47EB-A08F-5919A0A5308D} 5.43KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{A1C6EB3B-C7B2-4D60-875B-BB6DAADC18AF} 5.43KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{AE130AA4-FCBA-4FC7-A507-9D01856D6B65} 5.43KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{DF54BF80-2A17-46E3-8B50-C0E703CB879F} 5.43KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{E5087EFD-0A38-460A-9F2F-6394757069EB} 5.43KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{EADED2C4-D3EB-4C91-9D2F-9D6C9AED03EA} 5.43KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{F0A6BCB0-FFB0-4212-BFC6-9CA017020165} 5.43KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{26A678C8-0889-45A4-92EE-3BFEBC01363C} 5.71KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{497EB83D-54AA-4624-8B0D-69DA3C366089} 5.76KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{61BF3436-DE19-4C0F-9197-069CF446C26E} 5.72KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7CC6BA9E-114E-4B2C-B013-6B0F3B744AD6} 5.75KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7FE64615-5EC7-4786-A2EE-AAB7F94AD688} 5.72KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8C6E263C-C894-469E-8CFF-EECBB9A9F1D2} 6.36KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9155032D-11A4-4778-AA2F-EA1C2A5615E1} 6.33KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BDB85761-DA77-413F-A34D-8CD053F8683B} 5.71KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C2951145-083D-41E2-BDB6-3BCF92CDEA6D} 6.35KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CF37EB12-2F9A-4CC9-8133-04EACDEA261C} 5.78KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F5145217-D680-4022-9A5B-F5FF0D76C67A} 5.71KB
------------------------------------------------------------------------------------------

AdvancedSetup

Apr 27 2009, 08:04 AM

Keep an eye on the system and let let me know if you still keep seeing such a large change in disk space. Remember that a certain amount is normal due to swap file changes by the system, what you're running, etc.

Azlan

Apr 27 2009, 08:18 AM

Running OTMOveIt

AdvancedSetup

Apr 27 2009, 09:16 AM

As an aside on this subject of your disk space please take a look at this article as pointed out to me by Exile360

The Secret Of Windows Vista Winsxs Folder

DO NOT Delete this folder though This is just information to review.

AdvancedSetup

Apr 29 2009, 08:03 AM

So how are things going now? Are you still having any issues?

Azlan

Apr 29 2009, 09:23 AM

QUOTE (AdvancedSetup @ Apr 29 2009, 04:03 PM)

So how are things going now? Are you still having any issues?

Not really. i might buy a larger hard drive for the laptop... now its 10GB left

AdvancedSetup

Apr 29 2009, 09:30 AM

Please take a look at TreeSize and see if it can help you determine where all the space is going.

http://www.jam-software.com/freeware/index.shtml

Azlan

Apr 29 2009, 10:15 AM

QUOTE (AdvancedSetup @ Apr 29 2009, 05:30 PM)

Please take a look at TreeSize and see if it can help you determine where all the space is going.

http://www.jam-software.com/freeware/index.shtml

AdvancedSetup

Apr 29 2009, 10:26 AM

I'd drill down into USERS and DOWNLOADS and remove stuff that is no longer needed.
Make sure you know what you're removing though and have a backup (which one should always do, even when there are no problems with the system)

Azlan

Apr 29 2009, 10:47 AM

Okay

AdvancedSetup

Apr 30 2009, 01:06 AM

Well unless you have some other concern it does not appear that the box currently has any Malware infections left on the box so I'll soon close the post.

Please run the following to remove any tools that might have been used during the scaning and cleaning of your system.

STEP A

Uninstall ComboFix.exe
Click START then RUN
Now type Combofix /u (if you renamed Combofix.exe use that name instead) in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
When shown the disclaimer, Select "2"

Remove this folder C:\QooBox if the uninstall instructions don't work and delete Combofix.exe AND check your system time and reset if needed

STEP B

Uninstall GMER
Click on START - RUN and type in or copy/paste %windir%\gmer_uninstall.cmd to remove GMER.

STEP C

Uninstall other tools
Please Download OTMoveIt3 by Old Timer and save it to your Desktop.
Double-click OTMoveIt3.exe to run it.
While connected to the Internet, Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
It should ask if you want to clean up, select Yes and allow the system to clean up these items.
NOW please reboot your computer to finish the cleanup process

I'll close your post soon so that other don't post into it and leave you with this information and suggestions.
So how did I get infected in the first place?

At this time your system appears to be clean. Nothing else in the logs indicates that you are still infected.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-VISTA

This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore-Vista
Click the Vista/Start icon.
Right Click >> Computer
Click Properties.
Click the System Protection tab.
Uncheck All drives
Click "Turn Off System Restore" at the prompt then click "Apply".
Restart your computer.

Turn ON System Restore-Vista
Click the Vista/Start icon
Right Click >> Computer
Click Properties.
Click the System Protection tab.
Checkmark All drives that were selected previously then click "Apply".

This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.
(Vista users, you must ensure that any program versions downloaded are Vista compatible BEFORE installing)

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install hpHosts
Download it from here
hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad,
tracking and malicious websites. This prevents your computer from connecting to these untrusted sites
by redirecting them to 127.0.0.1 which is your own local computer.
hpHosts Support Forum

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Enable automatic Windows Update on your system in Control Panel, or at least manually scan each week for updates.

The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic well and this is a must. I recommend Comodo Firewall Pro

A little outdated but good reading on how to prevent Malware

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you Fully Understand how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting Pre- HJT Post Instructions

Also don't forget that we offer FREE assistance with General PC questions and repair here PC Help
If you're pleased with the product Malwarebytes and the service provided you, please let your friends, family, and co-workers know. http://www.malwarebytes.org

Azlan

Apr 30 2009, 07:40 AM

Ok. you an close it. thx for the help. ill be back in a new topic if ill get a problem with another computer

AdvancedSetup

Apr 30 2009, 07:41 AM

Okay then. Take care and keep safe out there.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.