Dear Screen317,
Terribly sorry for the late reply as the telco fixed-line network was caught on fire and down in my area. The network had been restored yesterday and the following are the COMBOFIX and DDS logs:
ComboFix 09-08-07.09 - Ho Nyuk Shiong 08-Aug-09 14:27.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.915 [GMT 8:00]
Running from: c:\documents and settings\Ho Nyuk Shiong\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ho Nyuk Shiong\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FILE ::
"c:\windows\system32\drivers\bgigdz.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_lkclmltm
((((((((((((((((((((((((( Files Created from 2009-07-08 to 2009-08-08 )))))))))))))))))))))))))))))))
.
2009-08-07 13:29 . 2009-08-07 13:29 152576 ----a-w- c:\documents and settings\Ho Nyuk Shiong\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-04 08:50 . 2009-08-04 08:50 -------- d-sh--w- c:\windows\ftpcache
2009-08-04 08:14 . 2009-06-29 20:11 875728 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2e0605.vdb\NAVEX15.SYS
2009-08-04 08:14 . 2009-06-29 20:11 87888 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2e0605.vdb\NAVENG.SYS
2009-08-04 08:14 . 2009-02-12 23:03 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2e0605.vdb\NAVEX32A.DLL
2009-08-04 08:14 . 2009-02-12 23:03 177520 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2e0605.vdb\NAVENG32.DLL
2009-08-04 08:14 . 2009-08-03 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2e0605.vdb\ECMSVR32.DLL
2009-08-04 08:14 . 2009-02-18 19:41 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2e0605.vdb\CCERASER.DLL
2009-08-04 08:14 . 2009-02-06 19:26 101936 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2e0605.vdb\ERASER.SYS
2009-08-04 08:14 . 2009-02-06 19:26 371248 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2e0605.vdb\EECTRL.SYS
2009-08-04 02:19 . 2009-08-04 02:19 -------- d-----w- C:\My Lockbox
2009-07-29 08:45 . 2009-07-29 08:45 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-27 03:27 . 2009-07-27 03:27 -------- d-----w- c:\windows\system32\NtmsData
2009-07-10 13:40 . 2009-07-10 13:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-07-10 13:29 . 2009-07-10 13:29 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-07-10 13:29 . 2009-07-10 13:29 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2009-07-09 10:30 . 2009-07-13 05:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 10:30 . 2009-07-13 05:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 10:30 . 2009-07-29 08:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 06:36 . 2008-07-21 03:03 -------- d-----w- c:\program files\Symantec AntiVirus
2009-08-07 13:32 . 2008-07-19 10:06 -------- d-----w- c:\program files\Java
2009-08-07 12:32 . 2008-07-19 07:10 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-04 02:19 . 2008-07-23 00:23 -------- d-----w- c:\program files\My Lockbox
2009-08-01 06:15 . 2009-07-07 11:26 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-27 10:53 . 2009-01-11 13:49 -------- d-----w- c:\program files\lx_cats
2009-07-25 11:25 . 2009-07-25 11:25 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
2009-07-25 11:25 . 2009-07-25 11:25 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01007.Wdf
2009-07-25 11:24 . 2009-05-01 06:01 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-07-25 11:24 . 2009-07-02 12:16 -------- d-----w- c:\program files\Motorola
2009-07-24 21:23 . 2009-06-27 03:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-14 00:49 . 2009-06-12 09:52 -------- d-----w- c:\documents and settings\Ho Nyuk Shiong\Application Data\SUPERAntiSpyware.com
2009-07-14 00:49 . 2008-07-21 06:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-14 00:49 . 2009-06-12 09:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-08 12:30 . 2009-07-08 12:30 -------- d-----w- c:\program files\Nitro PDF
2009-07-06 23:40 . 2009-07-06 23:40 -------- d-----w- c:\documents and settings\Ho Nyuk Shiong\Application Data\Apple Computer
2009-07-06 23:34 . 2009-07-06 23:34 -------- d-----w- c:\program files\QuickTime
2009-07-06 23:34 . 2009-07-06 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-06 23:34 . 2009-07-06 23:34 -------- d-----w- c:\program files\Apple Software Update
2009-07-06 23:34 . 2009-07-06 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-03 17:09 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 00:15 . 2009-07-03 00:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-03 00:12 . 2009-07-03 00:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-07-03 00:05 . 2009-07-03 00:05 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-03 00:05 . 2009-01-23 10:31 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-03 00:05 . 2009-01-22 14:54 -------- d-----w- c:\program files\Nokia
2009-07-03 00:05 . 2009-07-03 00:05 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-19 08:59 . 2009-07-02 12:17 19712 ----a-w- c:\windows\system32\drivers\motccgp.sys
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 12:28 . 2008-11-07 02:53 -------- d-----w- c:\program files\AREVA T&D
2009-06-13 10:18 . 2008-07-19 13:19 -------- d-----w- c:\program files\Foxit Software
2009-06-12 07:46 . 2009-01-11 13:44 -------- d-----w- c:\program files\Lexmark Toolbar
2009-06-09 10:35 . 2009-06-09 10:35 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-09 10:35 . 2009-06-09 10:35 -------- d-----w- c:\program files\Atheros
2009-06-07 04:09 . 2009-06-07 04:09 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
2009-06-07 04:09 . 2009-06-07 04:09 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
2009-06-07 04:09 . 2009-06-07 04:09 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
2009-06-07 04:09 . 2009-06-07 04:09 24376008 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13EN.exe
2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-11 04:47 . 2009-05-11 04:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2008-08-26 12:21 . 2008-08-26 12:18 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2007-10-09 05:35 . 2009-03-24 23:11 155648 ----a-w- c:\program files\internet explorer\plugins\CFCPlugInBase.dll
2007-10-09 05:34 . 2009-03-24 23:11 270336 ----a-w- c:\program files\internet explorer\plugins\SigraPlugInBase.dll
2007-10-09 05:33 . 2009-03-24 23:11 192512 ----a-w- c:\program files\internet explorer\plugins\TAGrid07.dll
2007-05-09 07:33 . 2009-03-24 23:11 147456 ----a-w- c:\program files\internet explorer\plugins\TransientRecordingManager01.dll
2006-03-15 05:42 . 2009-03-24 23:11 94208 ----a-w- c:\program files\internet explorer\plugins\unzdll.dll
2007-10-09 05:34 . 2009-03-24 23:11 270336 ----a-w- c:\program files\mozilla firefox\plugins\SigraPlugInBase.dll
2007-10-09 05:33 . 2009-03-24 23:11 192512 ----a-w- c:\program files\mozilla firefox\plugins\TAGrid07.dll
2007-05-09 07:33 . 2009-03-24 23:11 147456 ----a-w- c:\program files\mozilla firefox\plugins\TransientRecordingManager01.dll
2006-03-15 05:42 . 2009-03-24 23:11 94208 ----a-w- c:\program files\mozilla firefox\plugins\unzdll.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-09_10.56.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 11:41 . 2009-07-11 11:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-08-08 06:35 . 2009-08-08 06:35 16384 c:\windows\Temp\Perflib_Perfdata_648.dat
- 2006-02-28 12:00 . 2009-07-07 23:40 71404 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2009-07-27 06:35 71404 c:\windows\system32\perfc009.dat
- 2007-08-13 10:54 . 2009-03-07 20:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 10:54 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
- 2006-02-28 12:00 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2009-07-25 11:25 . 2009-01-29 09:15 23680 c:\windows\system32\DRVSTORE\motport_13D3D5DC43EEE2854D06F3DE03A16782B44499DD\motport.sys
+ 2009-07-25 11:25 . 2009-01-29 08:42 23296 c:\windows\system32\DRVSTORE\motousbnet_C747F81EC036F7CC39DC73BC09B6BDEB36EA40EC\Motousbnet.sys
+ 2009-07-25 11:25 . 2009-05-08 03:56 42752 c:\windows\system32\DRVSTORE\motodrv_989F8AB3F0FB5FD805F730766660F315531116DF\motodrv.sys
+ 2009-07-25 11:25 . 2009-01-29 09:15 23680 c:\windows\system32\DRVSTORE\motmodem_296B472DCD0F817CC80C723B86EEF842F9F0DD28\motmodem.sys
+ 2009-07-25 11:25 . 2009-06-19 08:59 19712 c:\windows\system32\DRVSTORE\motccgp_2B0E40CD867DD282CA1027F9A569698F0546883A\motccgp.sys
+ 2009-07-02 12:17 . 2009-05-08 03:56 42752 c:\windows\system32\drivers\motodrv.sys
+ 2009-06-12 09:03 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-12 09:03 . 2009-04-30 21:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-07-20 00:58 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-07-20 00:58 . 2009-03-07 20:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-02-28 12:00 . 2009-04-30 21:22 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
- 2008-07-23 10:26 . 2009-06-12 09:55 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-07-23 10:26 . 2009-07-18 14:20 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-07-23 10:26 . 2009-06-12 09:55 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-07-23 10:26 . 2009-07-18 14:20 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-07-23 10:26 . 2009-06-12 09:55 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-07-23 10:26 . 2009-07-18 14:20 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-07-23 10:26 . 2009-06-12 09:55 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-07-23 10:26 . 2009-07-18 14:20 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-07-23 10:26 . 2009-06-12 09:55 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-07-23 10:26 . 2009-07-18 14:20 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-07-25 11:24 . 2009-07-25 11:24 22486 c:\windows\Installer\{411F092D-9873-44EB-A886-8A140AA8F31A}\_A2553D7E764A549EEF547E.exe
+ 2009-07-25 11:24 . 2009-07-25 11:24 22486 c:\windows\Installer\{411F092D-9873-44EB-A886-8A140AA8F31A}\_6FEFF9B68218417F98F549.exe
+ 2009-07-25 11:24 . 2009-07-25 11:24 21462 c:\windows\Installer\{411F092D-9873-44EB-A886-8A140AA8F31A}\_5F50FFC72A3372C6428685.exe
+ 2009-07-25 11:24 . 2009-07-25 11:24 22486 c:\windows\Installer\{411F092D-9873-44EB-A886-8A140AA8F31A}\_380B380747675BB8919EA0.exe
+ 2009-07-29 14:04 . 2009-04-30 21:22 12800 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-07-29 14:04 . 2009-03-07 20:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-07-29 14:04 . 2009-04-30 21:22 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-07-25 11:25 . 2009-05-06 11:16 6656 c:\windows\system32\DRVSTORE\motusbdevi_3E0A5922E68751FB5ECB83154D92385876042AA4\motusbdevice.sys
+ 2009-07-25 11:25 . 2007-11-02 07:51 6400 c:\windows\system32\DRVSTORE\motousbnet_C747F81EC036F7CC39DC73BC09B6BDEB36EA40EC\motswch.sys
+ 2009-07-25 11:25 . 2009-01-29 09:11 6016 c:\windows\system32\DRVSTORE\motousbnet_C747F81EC036F7CC39DC73BC09B6BDEB36EA40EC\motfilt.sys
+ 2009-07-25 11:25 . 2006-07-28 13:10 6144 c:\windows\system32\DRVSTORE\motodrv_989F8AB3F0FB5FD805F730766660F315531116DF\mot_ci.dll
+ 2009-07-25 11:25 . 2007-11-02 07:51 6400 c:\windows\system32\DRVSTORE\motccgp_2B0E40CD867DD282CA1027F9A569698F0546883A\motswch.sys
+ 2009-07-25 11:25 . 2009-01-29 09:18 8320 c:\windows\system32\DRVSTORE\motccgp_2B0E40CD867DD282CA1027F9A569698F0546883A\motccgpfl.sys
- 2009-07-02 12:17 . 2008-08-21 10:49 8320 c:\windows\system32\drivers\motccgpfl.sys
+ 2009-07-02 12:17 . 2009-01-29 09:18 8320 c:\windows\system32\drivers\motccgpfl.sys
+ 2008-07-23 10:26 . 2009-07-18 14:20 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-07-23 10:26 . 2009-06-12 09:55 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-08-08 06:33 . 2009-08-08 06:33 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-08 06:33 . 2009-08-08 06:33 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2006-02-28 12:00 . 2009-07-07 23:40 441252 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2009-07-27 06:35 441252 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2007-08-13 10:54 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
- 2007-08-13 10:54 . 2009-03-07 20:32 594432 c:\windows\system32\msfeeds.dll
+ 2009-08-07 13:32 . 2009-07-24 21:23 149280 c:\windows\system32\javaws.exe
+ 2009-08-07 13:32 . 2009-07-24 21:23 145184 c:\windows\system32\javaw.exe
+ 2009-08-07 13:32 . 2009-07-24 21:23 145184 c:\windows\system32\java.exe
+ 2006-02-28 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll
+ 2006-02-28 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
- 2006-02-28 12:00 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe
+ 2009-07-25 11:25 . 2009-03-02 14:00 103552 c:\windows\system32\DRVSTORE\Moser_D7089C7835F0E7ECEC244A670740F4C8336E0FA1\Mousbser.sys
+ 2009-07-25 11:25 . 2009-03-02 14:00 103552 c:\windows\system32\DRVSTORE\Momdm_D7089C7835F0E7ECEC244A670740F4C8336E0FA1\Mousbser.sys
- 2006-02-28 12:00 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\wininet.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
- 2008-07-20 00:58 . 2009-03-07 20:32 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-07-20 00:58 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-12 09:03 . 2009-04-30 21:22 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-12 09:03 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-02-28 12:00 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-02-28 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-07-29 14:04 . 2009-07-29 14:04 248832 c:\windows\Installer\6e7d9a.msi
+ 2008-07-23 10:26 . 2009-07-18 14:20 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-07-23 10:26 . 2009-06-12 09:55 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-07-23 10:26 . 2009-07-18 14:20 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-07-23 10:26 . 2009-06-12 09:55 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-07-23 10:26 . 2009-06-12 09:55 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-07-23 10:26 . 2009-07-18 14:20 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-07-23 10:26 . 2009-06-12 09:55 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-07-23 10:26 . 2009-07-18 14:20 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-07-23 10:26 . 2009-07-18 14:20 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-07-23 10:26 . 2009-06-12 09:55 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-18 08:05 . 2009-01-18 08:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2009-07-29 14:04 . 2009-05-13 05:15 915456 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-07-29 14:05 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-07-29 14:05 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-07-29 14:04 . 2009-03-07 20:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-07-29 14:04 . 2009-03-07 20:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-07-29 14:04 . 2009-04-30 21:22 246272 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-07-29 14:04 . 2009-03-07 20:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-07-29 14:04 . 2009-04-30 21:22 385536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-07-29 14:04 . 2009-04-30 11:21 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-08-08 06:33 . 2009-08-08 06:33 446464 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-08 06:33 . 2009-08-08 06:33 241664 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-08 06:33 . 2009-08-08 06:33 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2006-02-28 12:00 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2006-02-28 12:00 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll
+ 2007-08-13 10:34 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2009-07-25 11:25 . 2008-03-27 09:49 1112288 c:\windows\system32\DRVSTORE\motusbdevi_3E0A5922E68751FB5ECB83154D92385876042AA4\wdfcoinstaller01007.dll
+ 2009-07-25 11:25 . 2008-03-27 09:49 1112288 c:\windows\system32\DRVSTORE\motport_13D3D5DC43EEE2854D06F3DE03A16782B44499DD\wdfcoinstaller01007.dll
+ 2009-07-25 11:25 . 2008-03-27 09:49 1112288 c:\windows\system32\DRVSTORE\motousbnet_C747F81EC036F7CC39DC73BC09B6BDEB36EA40EC\wdfcoinstaller01007.dll
+ 2009-07-25 11:25 . 2008-03-27 09:49 1112288 c:\windows\system32\DRVSTORE\motmodem_296B472DCD0F817CC80C723B86EEF842F9F0DD28\wdfcoinstaller01007.dll
+ 2009-07-25 11:25 . 2008-03-27 09:49 1112288 c:\windows\system32\DRVSTORE\motccgp_2B0E40CD867DD282CA1027F9A569698F0546883A\wdfcoinstaller01007.dll
+ 2006-02-28 12:00 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2006-02-28 12:00 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2008-07-20 00:58 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-07-25 11:24 . 2009-07-25 11:24 3087360 c:\windows\Installer\f1ce8.msi
+ 2009-07-13 05:56 . 2009-07-13 05:56 1563648 c:\windows\Installer\5bf2a.msi
+ 2009-07-24 08:51 . 2009-07-24 08:51 6653952 c:\windows\Installer\184d884.msp
+ 2009-06-30 03:30 . 2009-06-30 03:30 5520384 c:\windows\Installer\153062.msp
+ 2008-12-18 08:48 . 2008-12-18 08:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-07-29 14:04 . 2009-04-30 21:22 1207808 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-07-29 14:04 . 2009-05-13 05:15 5936128 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-07-29 14:04 . 2009-04-30 21:22 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2009-08-08 06:33 . 2009-08-08 06:33 7761920 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2008-07-19 09:22 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
+ 2007-08-13 10:54 . 2009-07-19 10:48 11067392 c:\windows\system32\ieframe.dll
+ 2008-07-20 00:58 . 2009-07-19 10:48 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2009-07-31 10:48 . 2009-07-31 10:48 15705600 c:\windows\Installer\35f830.msp
+ 2009-07-22 11:17 . 2009-07-22 11:17 15706112 c:\windows\Installer\264f46.msp
+ 2009-02-27 08:37 . 2009-02-27 08:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
+ 2009-07-29 14:04 . 2009-04-30 21:22 11064832 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-16 124656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-03-25 335961]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2009-07-15 996608]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2009-03-04 1074352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-12-06 88363]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SavRoam"=2 (0x2)
"fsproflt"=2 (0x2)
"idsvc"=2 (0x2)
"IDriverT"=3 (0x3)
"ose"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\AREVA T&D\\MiCOM S1 Studio\\Studio\\Studio.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [16-Apr-09 8:50 PM 43792]
R2 almservice;Automation License Manager Service;c:\program files\Common Files\SIEMENS\sws\almsrv\almsrvx.exe [25-Mar-09 7:10 AM 770110]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [16-Apr-09 8:50 PM 73344]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [25-Jul-09 7:24 PM 91392]
R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\SIEMENS\S7IEPG\s7oiehsx.exe [25-Mar-09 7:09 AM 208968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27-Jun-09 8:37 AM 101936]
R3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S2 MICOMPar;MICOMPar;c:\windows\system32\drivers\micompar.sys [03-Jan-08 11:53 AM 13488]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [02-Jul-09 8:17 PM 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [02-Jul-09 8:17 PM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [02-Jul-09 8:17 PM 42752]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [03-Jul-09 8:04 AM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [03-Jul-09 8:04 AM 8320]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [17-Mar-06 6:34 AM 115952]
S4 s7asysvx;S7 Global Services;c:\siemens\Digsi4\Manager\S7bin\s7asysvx.exe [25-Mar-09 7:09 AM 69685]
S4 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\SIEMENS\Automation\TraceEngine\bin\S7TraceServiceX.exe [25-Mar-09 7:09 AM 163840]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
2009-07-23 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 09:04]
2009-08-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 09:04]
2009-08-08 c:\windows\Tasks\User_Feed_Synchronization-{AE4E4ED5-FE4A-45D5-BD51-DE4E4907BAE3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://intra.sesb.com.my/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://mys.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://malaysia.search.yahoo.com/search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {79C44ADF-8C8E-4608-BC03-9B8E1DA3DFA6} = 202.188.0.133 202.188.1.5
FF - ProfilePath - c:\documents and settings\Ho Nyuk Shiong\Application Data\Mozilla\Firefox\Profiles\4r7wvdat.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\documents and settings\Ho Nyuk Shiong\Application Data\Mozilla\Firefox\Profiles\4r7wvdat.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSigra.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-08 14:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-842925246-1004336348-682003330-1003\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office Excel\Settings\E*x*p*o*r*t* *p*a*r*a*m*e*t*e*r*s* *t*o*& \File Name MRU]
"Value"=multi:"\00\00"
"Maximum Entries"=dword:0000000a
[HKEY_USERS\S-1-5-21-842925246-1004336348-682003330-1003\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office Excel\Settings\E*x*p*o*r*t* *p*a*r*a*m*e*t*e*r*s* *t*o*& \View]
"Data"=hex:04,16,00,47,28,14,14,14,0d,01,02,01,00,18,41,00,0d,00,fa,08,00,00,
90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3816)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\acs.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\locator.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Motorola\MotoConnectService\MotoConnect.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\lxcycoms.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Completion time: 2009-08-08 14:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-08 06:42
ComboFix2.txt 2009-07-19 23:27
ComboFix3.txt 2009-07-12 10:39
ComboFix4.txt 2009-07-09 10:59
Pre-Run: 15,334,555,648 bytes free
Post-Run: 15,225,638,912 bytes free
379 --- E O F --- 2009-07-31 10:48
++++++++++++++++++++++++++++++++++
DDS (Ver_09-06-26.01) - NTFSx86
Run by Ho Nyuk Shiong at 14:44:22.65 on 08-Aug-09
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.876 [GMT 8:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\fsproflt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Common Files\SIEMENS\S7IEPG\s7oiehsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\SIEMENS\sws\almsrv\almsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\explorer.exe
D:\Downloads\HJT Tools\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://intra.sesb.com.my/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://mys.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://malaysia.search.yahoo.com/search
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRunOnce: [<NO NAME>]
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [mumservice] c:\program files\motorola\software update\mumservice.exe
mRun: [mylbx] c:\program files\my lockbox\mylbx.exe /a
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [<NO NAME>]
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216458990328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {79C44ADF-8C8E-4608-BC03-9B8E1DA3DFA6} = 202.188.0.133 202.188.1.5
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\honyuk~1\applic~1\mozilla\firefox\profiles\4r7wvdat.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\documents and settings\ho nyuk shiong\application data\mozilla\firefox\profiles\4r7wvdat.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPSigra.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2009-4-16 43792]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R2 almservice;Automation License Manager Service;c:\program files\common files\siemens\sws\almsrv\almsrvx.exe [2009-3-25 770110]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-4-16 73344]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2009-7-25 91392]
R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\common files\siemens\s7iepg\s7oiehsx.exe [2009-3-25 208968]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-3-17 1799408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-27 101936]
R3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090807.007\naveng.sys [2009-8-8 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090807.007\navex15.sys [2009-8-8 875728]
R3 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
S2 MICOMPar;MICOMPar;c:\windows\system32\drivers\micompar.sys [2008-1-3 13488]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-7-2 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-7-2 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-7-2 42752]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-7-3 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-7-3 8320]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-3-17 115952]
S4 s7asysvx;S7 Global Services;c:\siemens\digsi4\manager\s7bin\s7asysvx.exe [2009-3-25 69685]
S4 S7TraceServiceX;S7TraceServiceX;c:\program files\common files\siemens\automation\traceengine\bin\S7TraceServiceX.exe [2009-3-25 163840]
=============== Created Last 30 ================
2009-08-04 16:50 <DIR> --dsh--- c:\windows\ftpcache
2009-08-04 10:19 <DIR> --d----- C:\My Lockbox
2009-07-27 11:27 <DIR> --d----- c:\windows\system32\NtmsData
2009-07-25 19:25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
2009-07-25 19:25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01007.Wdf
2009-07-13 13:57 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-09 18:57 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-09 18:51 <DIR> a-dshr-- C:\cmdcons
2009-07-09 18:44 216,064 a------- c:\windows\PEV.exe
2009-07-09 18:44 161,792 a------- c:\windows\SWREG.exe
2009-07-09 18:44 98,816 a------- c:\windows\sed.exe
2009-07-09 18:30 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 18:30 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-09 18:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
==================== Find3M ====================
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-04 01:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 08:15 0 a---h--- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-03 08:12 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-07-02 20:18 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-07-02 20:18 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-06-30 21:16 0 a------- C:\BOOT.DAT
2009-06-30 21:15 0 a------- c:\documents and settings\ho nyuk shiong\BOOT.DAT
2009-06-19 16:59 19,712 a------- c:\windows\system32\drivers\motccgp.sys
2009-06-16 22:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 22:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-09 18:35 21,275 a------- c:\windows\system32\drivers\AegisP.sys
2009-06-04 03:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-11 12:47 1,302,600 a------- c:\windows\system32\WUDFUpdate_01007.dll
2009-05-01 14:00 92,064 a------- c:\documents and settings\ho nyuk shiong\mqdmmdm.sys
2009-05-01 14:00 79,328 a------- c:\documents and settings\ho nyuk shiong\mqdmserd.sys
2009-05-01 14:00 66,656 a------- c:\documents and settings\ho nyuk shiong\mqdmbus.sys
2009-05-01 14:00 25,600 a------- c:\documents and settings\ho nyuk shiong\usbsermptxp.sys
2009-05-01 14:00 22,768 a------- c:\documents and settings\ho nyuk shiong\usbsermpt.sys
2009-05-01 14:00 9,232 a------- c:\documents and settings\ho nyuk shiong\mqdmmdfl.sys
2009-05-01 14:00 6,208 a------- c:\documents and settings\ho nyuk shiong\mqdmcmnt.sys
2009-05-01 14:00 5,936 a------- c:\documents and settings\ho nyuk shiong\mqdmwhnt.sys
2009-05-01 14:00 4,048 a------- c:\documents and settings\ho nyuk shiong\mqdmcr.sys
2008-08-26 20:21 2,788,800 a------- c:\program files\FLV PlayerFCSetup.exe
============= FINISH: 14:44:49.85 ===============
Back to top
