Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hxxp://www.go2000.cn/?2 redirection


  • This topic is locked This topic is locked
25 replies to this topic

#1 Nikas

Nikas

  • Members
  • 650 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:02:59 AM

Posted 30 December 2009 - 12:14 PM

Hi,

No sure when did it happened, but I found out recently that IE homepage had been set as hxxp://www.go2000.cn/?2 and unable to change back no matter what. A IE Icon will be created on the desktop each time after I delete it too. At the same time, found out that the HOSTS file had been inserted with a few weird entries that can be seen in the log.

When I wanted to immunize with spybot, it stated that I am unable to do it.
I couldn't edit the HOSTS file as it says that the access is denied.

Attached is the DSS log, mbam, RootRepeal and dr web cureit express scan log.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Joseph Gan at 23:36:38.23 on Wed 12/30/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.732 [GMT 8:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\xampp\mysql\bin\mysqld.exe
C:\Program Files\xampp\apache\bin\httpd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Documents and Settings\Joseph Gan\Desktop\cureit.exe
C:\DOCUME~1\JOSEPH~1\LOCALS~1\Temp\RarSFX1\gen4xq.exe
C:\DOCUME~1\JOSEPH~1\LOCALS~1\Temp\RarSFX1\na5kwXP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\RootRepeal.exe
C:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.go2000.cn/?2
uInternet Settings,ProxyOverride = *.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Easy Read: {235a3acd-ebe5-46b2-9bae-b1960f9dc791} - c:\program files\eread\eread\EasyRead.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AddTask Class: {6a19c29d-ed45-4483-8999-9f939c8161f2} - c:\program files\eread\eread\WebHook.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
dRun: [桌面美化秀] c:\program files\jlingk\deskmate.exe
StartupFolder: c:\docume~1\joseph~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Open with &LoadScout... - c:\progra~1\softlo~1\loadsc~1.0\LoadScout.exe/#164
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 http://www.spywareinfo.com
Hosts: 218.1.25.1 dl.360safe.com
Hosts: 218.1.25.1 bbs.360safe.com
Hosts: 218.1.25.1 dl.360.cn
Hosts: 218.1.25.1 bbs.360.cn

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\joseph~1\applic~1\mozilla\firefox\profiles\f3gvtnnj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2090540&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2090540&SearchSource=2&q=
FF - component: c:\documents and settings\joseph gan\application data\mozilla\firefox\profiles\f3gvtnnj.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\documents and settings\joseph gan\application data\mozilla\firefox\profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\joseph gan\application data\mozilla\firefox\profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\joseph gan\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\mozill~1\plugins\np_gp.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.automatic-ntlm-auth.trusted-uris - hxxp://127.0.0.1
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-1-17 39472]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-6-10 34312]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\httpd.exe [2009-11-27 24640]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-6-10 468224]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-9-18 54960]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-9-27 22784]
S2 Application ClipBook;Application ClipBook;c:\windows\system32\mqtljk.exe runsrv /name:"application clipbook" /prinum:"32" /cmdline:"c:\windows\system32\mstsef.tsk" --> c:\windows\system32\mqtljk.exe runsrv [?]
S2 gupdate1c97ec7ea7c4858;Google Update Service (gupdate1c97ec7ea7c4858);c:\program files\google\update\GoogleUpdate.exe [2009-1-25 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]
S2 System SSL Messenger;System SSL Messenger;c:\windows\system32\mqtljk.exe runsrv /name:"system ssl messenger" /prinum:"32" /cmdline:"c:\windows\system32\jautdeij.dat" --> c:\windows\system32\mqtljk.exe runsrv [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\joseph~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\joseph~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\joseph~1\locals~1\temp\RRM44.tmp [2009-12-30 25616]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NRKCTL32;NRKCTL32;\??\c:\misc program\wcpuid\nrkctl32.sys --> c:\misc program\wcpuid\NRKCTL32.SYS [?]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2008-12-20 23992]
S3 VBoxTAP;VirtualBox TAP Adapter;c:\windows\system32\drivers\VBoxTAP.sys [2008-4-23 47552]
S3 XDva132;XDva132;\??\c:\windows\system32\xdva132.sys --> c:\windows\system32\XDva132.sys [?]
S3 XDva158;XDva158;\??\c:\windows\system32\xdva158.sys --> c:\windows\system32\XDva158.sys [?]
S3 XDva165;XDva165;\??\c:\windows\system32\xdva165.sys --> c:\windows\system32\XDva165.sys [?]
S3 XDva167;XDva167;\??\c:\windows\system32\xdva167.sys --> c:\windows\system32\XDva167.sys [?]
S3 XDva170;XDva170;\??\c:\windows\system32\xdva170.sys --> c:\windows\system32\XDva170.sys [?]
S3 XDva215;XDva215;\??\c:\windows\system32\xdva215.sys --> c:\windows\system32\XDva215.sys [?]

=============== Created Last 30 ================

2009-12-30 13:50:20 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-24 15:52:00 0 d-----w- c:\program files\common files\Akamai
2009-12-21 15:51:18 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys.do
2009-12-21 15:51:12 0 d-----w- c:\documents and settings\joseph gan\funshion
2009-12-21 15:51:11 0 d-----w- c:\program files\Funshion Online
2009-12-21 09:40:08 503885 ----a-w- c:\windows\system32\jautdeij.dat
2009-12-21 09:40:08 503844 ----a-w- c:\windows\system32\syskbds.drv
2009-12-18 12:01:02 159744 ----a-w- c:\windows\Rockdoc.exe
2009-12-07 23:39:04 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-06 10:51:57 0 --sh--r- C:\winx.ld
2009-12-06 10:51:55 203836 --sh--r- C:\grldr
2009-12-06 03:21:16 0 d-----r- c:\program files\Skype
2009-12-04 12:07:59 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-12-04 11:02:31 0 d-----w- c:\docume~1\joseph~1\applic~1\DTC
2009-12-04 03:45:26 0 d-----w- c:\program files\DTC-Solutions

==================== Find3M ====================

2009-12-14 16:53:22 98882 ----a-w- c:\windows\War3Unin.dat
2009-12-03 08:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 08:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 12:17:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-04 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:16:04 31788 ----a-w- c:\windows\fonts\Mumsies.ttf
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2008-12-24 08:19:10 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122420081225\index.dat

============= FINISH: 23:37:10.51 ===============


Malwarebytes' Anti-Malware 1.42
Database version: 3454
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/30/2009 10:24:12 PM
mbam-log-2009-12-30 (22-24-12).txt

Scan type: Full Scan (C:\|)
Objects scanned: 412129
Time elapsed: 1 hour(s), 38 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www.go2000.cn/?2) Good: (http://www.Google.com) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\(default) (Hijack.HomePage) -> Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.go2000.cn/?2) Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Joseph Gan\Local Settings\temp\liym.exe (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.


EDIT: Deactivated link in topic title.

Attached Files


Edited by elise025, 15 January 2010 - 03:16 AM.


BC AdBot (Login to Remove)

 


#2 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:59 PM

Posted 03 January 2010 - 06:19 PM

Hi Nikas,



Welcome to BleepingComputer HijackThis Logs and Malware Removal, :(
My name is sundavis, I will be helping you to deal with your Malware problems today.

Step1

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Step2

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons /sub
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace /sub
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command /sub
    HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} /sub
    HKEY_CLASSES_ROOT\http\shell\open\command /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Step3
  • Please download OTL and save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click the "Quick Scan" button.
  • Two reports will open, OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  • Copy and paste both logs back here in your next reply.

In your next reply, please post back:

1.Gmer log
2.SystemLook log
3.OTListIt.txt and Extra.txt Thanks.

#3 Nikas

Nikas
  • Topic Starter

  • Members
  • 650 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:02:59 AM

Posted 03 January 2010 - 08:56 PM

Hi sundavis,

I appreciate your time to look over my log.

I would require a few days before I can get back to you as I am unable to access to my Desktop.

Thank you.

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:59 PM

Posted 04 January 2010 - 12:22 PM

That's OK. Take your time.

#5 Nikas

Nikas
  • Topic Starter

  • Members
  • 650 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:02:59 AM

Posted 07 January 2010 - 10:39 PM

The GMER took me around 10 hours and wasn't completed yet. Here's the 2 other log.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 11:35 on 08/01/2010 by Joseph Gan (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"= 0x0000000001 (1)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"= 0x0000000001 (1)
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"= 0x0000000001 (1)
"{871C5380-42A0-1069-A2EA-08002B30309D}"= 0x0000000001 (1)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}]
@="Computer Search Results Folder"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}]
"Removal Message"="@mydocs.dll,-900"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}]
@="Recycle Bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}]
@="Search Results Folder"


[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" [url="http://www.go2000.cn/?2""]http://www.go2000.cn/?2"[/url]


[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}]
"InfoTip"="@C:\WINDOWS\system32\ieframe.dll.mui,-881"
"LocalizedString"="@C:\WINDOWS\system32\ieframe.dll.mui,-880"
@=""

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\DefaultIcon]
@="C:\WINDOWS\system32\ieframe.dll,-190"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32]
"ThreadingModel"="Apartment"
@="C:\WINDOWS\system32\ieframe.dll"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell]
@="OpenHomePage"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\NoAddOns]
"LegacyDisable"=""
@="Start Without Add-ons"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\NoAddOns\Command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -extoff"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage]
"LegacyDisable"=""
"MUIVerb"="@shdoclc.dll,-10241"
@="打开主页(&H)"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
@="C:\Program Files\Internet Explorer\iexplore.exe [url="http://www.go2000.cn/?2""]http://www.go2000.cn/?2"[/url]

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex]
(No values found)

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers]
(No values found)

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers\ieframe]
@="{871C5380-42A0-1069-A2EA-08002B30309D}"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\MayChangeDefaultMenu]
@=""

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder]
"Attributes"= 0x0000000024 (36)
"HideAsDeletePerUser"=""
"HideFolderVerbs"=""
"HideOnDesktopPerUser"=""
"WantsParseDisplayName"=""
@="C:\WINDOWS\system32\ieframe.dll,-190"


[HKEY_CLASSES_ROOT\http\shell\open\command]
@=""C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1""


-=End Of File=-

OTL

OTL logfile created on: 1/8/2010 11:36:28 AM - Run 1
OTL by OldTimer - Version 3.1.21.1 Folder = C:\Documents and Settings\Joseph Gan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 2046 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 123.95 Gb Total Space | 21.28 Gb Free Space | 17.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 281.11 Gb Total Space | 17.16 Gb Free Space | 6.10% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 60.70 Gb Total Space | 26.98 Gb Free Space | 44.44% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: JOSEPH
Current User Name: Joseph Gan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/08 11:36:11 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joseph Gan\Desktop\OTL.exe
PRC - [2010/01/02 04:17:26 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/08 20:17:06 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 00,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/08/06 00:00:00 | 05,497,856 | ---- | M] () -- C:\Program Files\xampp\mysql\bin\mysqld.exe
PRC - [2009/08/06 00:00:00 | 00,024,640 | ---- | M] (Apache Software Foundation) -- C:\Program Files\xampp\apache\bin\httpd.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/18 23:12:00 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008/09/18 23:11:36 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2008/09/18 23:11:04 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/06/10 18:53:54 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008/06/10 18:52:30 | 01,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/28 04:48:55 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2008/04/14 08:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/09/07 15:54:54 | 00,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
PRC - [2007/05/07 15:35:14 | 00,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
PRC - [2007/04/30 19:43:54 | 03,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2006/11/24 15:24:16 | 00,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe
PRC - [2006/10/16 21:13:28 | 00,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe


========== Modules (SafeList) ==========

MOD - [2010/01/08 11:36:11 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joseph Gan\Desktop\OTL.exe
MOD - [2007/04/30 19:18:50 | 00,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/24 23:52:03 | 02,431,024 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/rswin_3629.dll -- (Akamai)
SRV - [2009/11/08 20:17:06 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/08 11:31:00 | 03,319,892 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/09/23 16:37:30 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/24 05:00:06 | 00,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/06 00:00:00 | 05,497,856 | ---- | M] () [Auto | Running] -- C:\Program Files\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/08/06 00:00:00 | 00,024,640 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/01/25 16:35:44 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c97ec7ea7c4858) Google Update Service (gupdate1c97ec7ea7c4858)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/11 09:38:06 | 00,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/18 23:12:00 | 00,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2008/09/18 23:11:36 | 00,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008/09/18 23:11:04 | 00,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008/08/25 21:56:44 | 00,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/06/10 18:59:18 | 00,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008/06/10 18:53:54 | 00,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/04/28 04:48:55 | 00,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/04/07 04:14:06 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/16 21:13:28 | 00,230,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/08/03 10:43:28 | 00,368,640 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\mqtljk.exe -- (System SSL Messenger)
SRV - [2006/08/03 10:43:28 | 00,368,640 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\mqtljk.exe -- (Application ClipBook)
SRV - [2001/08/23 20:00:00 | 00,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.go2000.cn/?2
IE - HKU\S-1-5-21-796845957-1390067357-839522115-1003\S-1-5-21-796845957-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-1390067357-839522115-1003\S-1-5-21-796845957-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaultthis.engineName: "OnRPG Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2090540&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: checkplaces@andyhalford.com:1.6.4
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}:2.5.8
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.1
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0
FF - prefs.js..extensions.enabledItems: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}:0.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.5
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.3
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.3.20091214_AMO
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: guiconfig@slosd.net:0.4.4
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2090540&SearchSource=2&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/01/19 13:36:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/11/04 08:43:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/02 04:17:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/02 04:17:31 | 00,000,000 | ---D | M]

[2008/07/01 04:58:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Extensions
[2010/01/08 11:34:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions
[2009/03/22 04:53:57 | 00,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/05/31 07:06:41 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
[2009/09/29 03:40:14 | 00,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2009/08/05 13:21:50 | 00,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2008/04/08 03:40:26 | 00,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009/11/20 23:16:48 | 00,000,000 | ---D | M] (Google Redesigned) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2010/01/08 11:33:58 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/12/24 11:12:02 | 00,000,000 | ---D | M] (Download Sort) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}
[2009/10/17 02:11:11 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/01/01 20:21:33 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/01 20:21:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\checkplaces@andyhalford.com
[2009/11/20 23:15:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009/11/08 20:32:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\firebug@software.joehewitt.com
[2009/04/26 18:07:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\guiconfig@slosd.net
[2010/01/01 20:21:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\isreaditlater@ideashower.com
[2010/01/01 20:21:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\lazarus@interclue.com
[2010/01/08 11:34:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com
[2009/11/24 15:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\searchrecs@veoh.com
[2010/01/01 20:21:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\SkipScreen@SkipScreen
[2009/03/08 15:50:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\smartbookmarksbar@remy.juteau
[2008/04/07 05:01:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\snaplinks@snaplinks.net
[2010/01/06 22:25:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/28 21:26:54 | 00,056,576 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/06/19 12:05:54 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: (370836 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12782 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Easy Read) - {235A3ACD-EBE5-46b2-9BAE-B1960F9DC791} - C:\Program Files\eREAD\eREAD\EasyRead.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AddTask Class) - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [桌面美化秀] c:\program files\jlingk\deskmate.exe File not found
O4 - HKU\S-1-5-18..\Run: [桌面美化秀] c:\program files\jlingk\deskmate.exe File not found
O4 - HKU\S-1-5-21-796845957-1390067357-839522115-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\Joseph Gan\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Open with &LoadScout... - C:\Program Files\SoftLogica\LoadScout 3.0\LoadScout.exe ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\..Trusted Ranges: Range37 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (CInstallLPCtrl Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.1.58 202.156.1.58 218.186.1.88
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/06 23:23:57 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9cabd8ef-1812-11dd-9248-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{9cabd8ef-1812-11dd-9248-005056c00008}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9cabd8ef-1812-11dd-9248-005056c00008}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9cabd8f0-1812-11dd-9248-005056c00008}\Shell\AutoRun\command - "" = K:\StartPortableApps.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/08 11:35:59 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joseph Gan\Desktop\OTL.exe
[2010/01/08 11:31:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\VMware
[2010/01/07 18:23:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joseph Gan\Desktop\BlackShot
[2009/12/30 23:10:40 | 26,122,200 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Joseph Gan\Desktop\cureit.exe
[2009/12/30 21:50:20 | 00,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/10/16 13:25:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/22 04:21:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/02/06 08:40:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/12/24 16:19:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/10/05 21:54:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2008/08/07 11:15:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/04/06 23:23:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/04/06 23:23:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/08 11:36:11 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joseph Gan\Desktop\OTL.exe
[2010/01/08 11:35:37 | 00,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{83215FAD-3CAC-4E3E-9EC2-433D638B8644}.job
[2010/01/08 11:35:31 | 00,102,660 | ---- | M] () -- C:\Documents and Settings\Joseph Gan\Desktop\SystemLook.exe
[2010/01/08 11:31:52 | 00,503,924 | ---- | M] () -- C:\WINDOWS\System32\jautdeij.dat
[2010/01/08 11:31:22 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/08 11:31:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/08 11:31:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/08 00:43:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/08 00:13:00 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1390067357-839522115-1003UA.job
[2010/01/07 22:49:51 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Joseph Gan\Desktop\gmer.zip
[2010/01/07 18:25:44 | 00,000,726 | ---- | M] () -- C:\Documents and Settings\Joseph Gan\Desktop\BlackShot.lnk
[2010/01/07 18:13:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1390067357-839522115-1003Core.job
[2010/01/06 23:32:15 | 18,874,368 | ---- | M] () -- C:\Documents and Settings\Joseph Gan\ntuser.dat
[2010/01/06 23:32:15 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Joseph Gan\ntuser.ini
[2010/01/06 20:53:33 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/04 22:18:45 | 00,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2010/01/03 04:07:45 | 00,003,162 | ---- | M] () -- C:\Documents and Settings\Joseph Gan\funshion.ini
[2010/01/01 17:50:02 | 05,292,054 | ---- | M] () -- C:\Documents and Settings\Joseph Gan\Desktop\untitled.bmp
[2009/12/31 10:58:44 | 00,370,836 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/31 01:31:40 | 00,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091231-014743.backup
[2009/12/30 23:10:41 | 26,122,200 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Joseph Gan\Desktop\cureit.exe
[2009/12/30 21:50:20 | 00,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/08 11:35:30 | 00,102,660 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Desktop\SystemLook.exe
[2010/01/07 22:49:58 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Desktop\gmer.exe
[2010/01/07 22:49:47 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Desktop\gmer.zip
[2010/01/07 18:25:44 | 00,000,726 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Desktop\BlackShot.lnk
[2010/01/01 17:50:01 | 05,292,054 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Desktop\untitled.bmp
[2009/12/21 17:40:08 | 00,503,844 | ---- | C] () -- C:\WINDOWS\System32\syskbds.drv
[2009/11/08 19:54:07 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/08 19:54:06 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/08 19:54:02 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/08 19:54:02 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/08 19:53:59 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/08 19:53:59 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/11/03 12:14:20 | 00,001,140 | ---- | C] () -- C:\WINDOWS\System32\funshion.ini
[2009/06/26 20:21:26 | 00,000,122 | ---- | C] () -- C:\WINDOWS\_vmtxp.ini
[2009/01/19 15:11:16 | 01,155,378 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Application Data\NMM-MetaData.db
[2009/01/17 18:52:10 | 00,247,560 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2009/01/17 18:52:09 | 04,244,744 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2009/01/17 18:52:09 | 00,013,576 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2008/12/26 10:32:24 | 00,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll
[2008/10/26 16:45:05 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2008/10/26 16:45:05 | 00,916,849 | ---- | C] () -- C:\WINDOWS\System32\libiconv-2.dll
[2008/10/26 16:45:05 | 00,186,822 | ---- | C] () -- C:\WINDOWS\System32\libpq.dll
[2008/10/26 16:45:05 | 00,051,016 | ---- | C] () -- C:\WINDOWS\System32\libintl-2.dll
[2008/10/26 13:47:26 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Local Settings\Application Data\PUTTY.RND
[2008/09/05 23:30:42 | 00,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2008/09/05 23:30:06 | 01,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2008/06/10 18:56:10 | 00,034,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2008/05/15 00:14:59 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/04/28 14:22:21 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Local Settings\Application Data\fusioncache.dat
[2008/04/28 04:49:22 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/04/28 04:49:22 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Application Data\PnkBstrK.sys
[2008/04/23 05:29:56 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/04/23 01:46:52 | 00,040,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
[2008/04/22 19:08:30 | 00,215,144 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/04/07 21:38:23 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/07 20:10:58 | 00,000,440 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Application Data\SamsungLiveUpdateConfig.ini
[2008/04/07 04:22:00 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/04/07 01:52:43 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/04/07 01:31:20 | 00,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/07 01:01:37 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/04/06 23:44:05 | 00,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2008/04/06 23:40:49 | 00,046,080 | R--- | C] () -- C:\WINDOWS\System32\itevio.dll
[2007/12/05 01:41:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 01:41:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 01:41:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 01:41:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 01:41:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/08 02:40:22 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/09/08 02:40:22 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/09/07 02:01:52 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/03/29 22:00:40 | 00,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[1996/04/04 03:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2008/04/07 20:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/10/27 15:58:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CodeGear
[2008/09/11 03:12:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/04/07 06:11:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2009/04/10 12:10:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FruitfulTime
[2009/01/19 13:34:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008/12/18 19:45:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2008/09/25 18:09:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/01/19 13:41:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/10/30 13:33:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/06/19 12:08:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/09/03 01:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2008/12/24 16:53:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009/12/31 16:53:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/07 01:03:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/03 01:12:00 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{62902F53-D725-44F9-B385-979CC0E00E8A}
[2009/11/08 18:39:25 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
[2009/05/12 14:40:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Acronis
[2009/03/19 19:36:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\calibre
[2008/10/26 16:59:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\CodeGear
[2008/04/07 01:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\DAEMON Tools
[2009/12/04 19:02:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\DTC
[2008/11/28 21:27:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Foxit
[2010/01/07 18:39:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Free Download Manager
[2008/04/07 01:00:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\GlobalSCAPE
[2008/08/31 16:42:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\ImgBurn
[2009/06/11 17:05:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\IObit
[2009/05/29 13:58:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\LG Electronics
[2009/10/20 15:22:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\LimeWire
[2009/01/19 01:25:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\LoadScout
[2008/09/27 03:32:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\MiniLyrics
[2009/04/12 14:03:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Nokia
[2009/01/19 13:41:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\PC Suite
[2008/10/30 13:33:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\PlayFirst
[2008/11/01 16:39:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Quick Search And Replace
[2008/10/09 11:45:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\SEGA
[2009/11/08 18:30:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Stardock
[2008/04/14 18:52:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\TeamViewer
[2009/12/30 12:10:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\uTorrent
[2009/11/29 22:12:12 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/01/08 11:35:37 | 00,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{83215FAD-3CAC-4E3E-9EC2-433D638B8644}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84B9E490
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Extras

OTL Extras logfile created on: 1/8/2010 11:36:28 AM - Run 1
OTL by OldTimer - Version 3.1.21.1 Folder = C:\Documents and Settings\Joseph Gan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 2046 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 123.95 Gb Total Space | 21.28 Gb Free Space | 17.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 281.11 Gb Total Space | 17.16 Gb Free Space | 6.10% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 60.70 Gb Total Space | 26.98 Gb Free Space | 44.44% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: JOSEPH
Current User Name: Joseph Gan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Xinorbis4] -- "C:\Program Files\freshney.org\Xinorbis4\x4.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- C:\Program Files\Internet Explorer\iexplore.exe http://www.go2000.cn/?2 (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58273:TCP" = 58273:TCP:*:Enabled:Pando Media Booster
"58273:UDP" = 58273:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"58273:TCP" = 58273:TCP:*:Enabled:Pando Media Booster
"58273:UDP" = 58273:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\Joseph Gan\Desktop\Combat Arms\CombatArms.exe" = C:\Documents and Settings\Joseph Gan\Desktop\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Documents and Settings\Joseph Gan\Desktop\Combat Arms\Engine.exe" = C:\Documents and Settings\Joseph Gan\Desktop\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:礣orrent -- (BitTorrent, Inc.)
"C:\Program Files\xampp\apache\bin\apache.exe" = C:\Program Files\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server -- File not found
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Documents and Settings\Joseph Gan\Desktop\Game\lancraft.exe" = C:\Documents and Settings\Joseph Gan\Desktop\Game\lancraft.exe:*:Enabled:lancraft -- File not found
"C:\Program Files\LastFantasyS3Ep2\main.exe" = C:\Program Files\LastFantasyS3Ep2\main.exe:*:Enabled:main -- (MuWAR)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"E:\Games\CABAL Online (SG MY)\Launcher\update\ESTdnheadless.exe" = E:\Games\CABAL Online (SG MY)\Launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine -- ()
"C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe" = C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe:*:Enabled:FTP Transfer Engine -- (GlobalSCAPE Texas, LP.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Free Download Manager\fdm.exe" = C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager -- (FreeDownloadManager.ORG)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\eREAD\eREAD_Cookcase.exe" = C:\Program Files\eREAD\eREAD_Cookcase.exe:*:Disabled:eREAD 7.0 -- (www.isoshu.com)
"C:\Program Files\eREAD\eREAD\eREAD_Cookcase.exe" = C:\Program Files\eREAD\eREAD\eREAD_Cookcase.exe:*:Disabled:eREAD 7.0 -- (www.isoshu.com)
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Interactive PTE LTD)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Program Files\CodeGear\Delphi for PHP\2.0\debugger\DbgListener.exe" = C:\Program Files\CodeGear\Delphi for PHP\2.0\debugger\DbgListener.exe:*:Enabled:Listener for php debugger DBG -- File not found
"C:\Program Files\CodeGear\Delphi for PHP\2.0\apache2\bin\httpd.exe" = C:\Program Files\CodeGear\Delphi for PHP\2.0\apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server -- File not found
"C:\Program Files\Parallels\Parallels Workstation\Parallels.exe" = C:\Program Files\Parallels\Parallels Workstation\Parallels.exe:*:Enabled:Parallels Workstation -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe" = C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files! -- (Foxit Software Company)
"E:\Games\Left 4 Dead\left4dead.exe" = E:\Games\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\VertigoGames\Game\BlackShot\Blackshot\system\BlackShot.exe" = C:\VertigoGames\Game\BlackShot\Blackshot\system\BlackShot.exe:*:Enabled:BlackShot -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\Joseph Gan\Desktop\Combat Arms\CombatArms.exe" = C:\Documents and Settings\Joseph Gan\Desktop\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Documents and Settings\Joseph Gan\Desktop\Combat Arms\Engine.exe" = C:\Documents and Settings\Joseph Gan\Desktop\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Documents and Settings\Joseph Gan\Desktop\Combat Arms\NMService.exe" = C:\Documents and Settings\Joseph Gan\Desktop\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"C:\Documents and Settings\Joseph Gan\Desktop\Garena\Garena.exe" = C:\Documents and Settings\Joseph Gan\Desktop\Garena\Garena.exe:*:Enabled:Garena -- File not found
"E:\Games\Codemasters\OF Dragon Rising\OFDR.exe" = E:\Games\Codemasters\OF Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising -- (Codemasters Software Company Limited)
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"E:\Games\Call of Duty Modern Warfare 2\iw4sp.exe" = E:\Games\Call of Duty Modern Warfare 2\iw4sp.exe:*:Enabled:iw4sp -- ()
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"E:\Games\Call of Duty Modern Warfare 2\iw4mp.exe" = E:\Games\Call of Duty Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp -- ()
"C:\Program Files\xampp\apache\bin\httpd.exe" = C:\Program Files\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\xampp\mysql\bin\mysqld.exe" = C:\Program Files\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Steam\SteamApps\common\left 4 dead\srcds.exe" = C:\Program Files\Steam\SteamApps\common\left 4 dead\srcds.exe:*:Enabled:Left 4 Dead Dedicated Server -- ()
"C:\Documents and Settings\Joseph Gan\Desktop\BlackShot\Blackshot\system\BlackShot.exe" = C:\Documents and Settings\Joseph Gan\Desktop\BlackShot\Blackshot\system\BlackShot.exe:*:Enabled:BlackShot -- (Vertigo Games)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0CEC06EF-5052-4CE8-8256-74AE363A4238}" = Adobe Creative Suite 3 Master Collection
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}" = Adobe Setup
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2204AF25-80E5-468E-B46D-795685B35DEB}" = ESET NOD32 Antivirus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java™ SE Development Kit 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}" = Apple Mobile Device Support
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{417E7710-C77B-4CB9-839A-D586A12C64E2}" = Smart Guardian
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis燭rue營mage燞ome
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}" = SnagIt 9
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_EXCEL_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_POWERPOINT_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOK_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_Access_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOK_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_Access_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOK_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_Access_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_EXCEL_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOK_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_POWERPOINT_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{983CE4AE-052A-4AD6-92ED-177DFC85DAE5}" = Warcraft III 1.22 Patch
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2008-12-16
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}" = Paragon Partition Manager 9.0 Professional
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{CF91A5A9-F10D-433D-A677-9505B84EAF1B}" = Stardock Impulse
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{EC48376E-5D6C-40AE-A226-1D3AC8BDA60F}" = AuditionSEA
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3ECED46-91CC-4F44-9917-9A20085D5D26}" = Debugging Tools for Windows
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"13860389BCE916343D6A5C65169C6F0C6BF6E3EA" = Windows Driver Package - Cypress (CyUsb) USB
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9)
"Access" = Microsoft Office Access 2007
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5ac697db6c6103f6f8b5198d25f73f7" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Akamai" = Akamai NetSession Interface
"ALSee_is1" = ALSee
"ALUpdate_is1" = ALTools Update
"BlackShot" = BlackShot 力芭
"CABAL Online (SG MY)_is1" = CABAL Online v3.3
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Arms" = Combat Arms
"DA73216D935E3CBA996AFD6E6513ECC587E0C3C1" = Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
"DriverAgent.exe" = DriverAgent by TouchStone Software
"DTC-Solutions" = Duck browser enhancer
"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
"EXCEL" = Microsoft Office Excel 2007
"Fences" = Fences
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free Download Manager_is1" = Free Download Manager 3.0
"Funshion" = Funshion
"Garena" = Garena
"Grand Fantasia" = Grand Fantasia
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.0 (Full)
"L4D2SP" = Left 4 Dead 2 Standalone Patch
"L4DSP" = Left 4 Dead Standalone Patch
"LastFantasy Online Season3 Episode2" = LastFantasy Online Season3 Episode2
"Left 4 Dead" = Left 4 Dead
"LimeWire" = LimeWire 4.18.3
"LoadScout 3.0" = LoadScout 3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"OpenAL" = OpenAL
"OUTLOOK" = Microsoft Office Outlook 2007
"Picasa 3" = Picasa 3
"POWERPOINT" = Microsoft Office PowerPoint 2007
"PristonTale2" = PristonTale2
"PunkBusterSvc" = PunkBuster Services
"Quick Search and Replace_is1" = Quick Search and Replace 1.0
"RealAlt_is1" = Real Alternative 1.7.5
"RivaTuner" = RivaTuner v2.08
"Robattle Installer 3.00" = Robattle Installer 3.00
"Smart Defrag_is1" = Smart Defrag 1.11
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Stardock Impulse" = Stardock Impulse
"Steam" = Steam
"Steam App 510" = Left 4 Dead Dedicated Server
"Unlocker" = Unlocker 1.8.7
"Veoh Web Player Beta" = Veoh Web Player
"VideoDecoder" = VideoDecoder 1.0.0.10
"VisiPics_is1" = VisiPics V1.30
"VISPRO" = Microsoft Office Visio Professional 2007
"Vtune_is1" = Vtune 5.9
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WhoCrashed_is1" = WhoCrashed 1.00
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WORD" = Microsoft Office Word 2007
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = 礣orrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2009 9:33:18 AM | Computer Name = JOSEPH | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x6102245c.

Error - 12/16/2009 9:33:37 AM | Computer Name = JOSEPH | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 12/22/2009 8:16:53 AM | Computer Name = JOSEPH | Source = Application Error | ID = 1000
Description = Faulting application garena.exe, version 3.3.0.1922, faulting module
garena.exe, version 3.3.0.1922, fault address 0x00152d10.

Error - 12/25/2009 4:57:48 AM | Computer Name = JOSEPH | Source = Application Error | ID = 1000
Description = Faulting application garena.exe, version 3.3.0.1922, faulting module
garena.exe, version 3.3.0.1922, fault address 0x00152d10.

Error - 12/26/2009 12:19:22 PM | Computer Name = JOSEPH | Source = Application Error | ID = 1000
Description = Faulting application garena.exe, version 3.3.0.1922, faulting module
garena.exe, version 3.3.0.1922, fault address 0x00152d10.

Error - 12/28/2009 2:39:57 AM | Computer Name = JOSEPH | Source = Application Error | ID = 1000
Description = Faulting application garena.exe, version 3.3.0.1922, faulting module
garena.exe, version 3.3.0.1922, fault address 0x00152d10.

Error - 12/28/2009 8:55:18 AM | Computer Name = JOSEPH | Source = Application Error | ID = 1000
Description = Faulting application garena.exe, version 3.3.0.1922, faulting module
garena.exe, version 3.3.0.1922, fault address 0x00152d10.

Error - 12/29/2009 8:05:33 AM | Computer Name = JOSEPH | Source = Application Error | ID = 1000
Description = Faulting application ofdr.exe, version 1.0.0.0, faulting module ofdr.exe,
version 1.0.0.0, fault address 0x0075aee3.

Error - 12/29/2009 8:06:50 AM | Computer Name = JOSEPH | Source = Application Error | ID = 1000
Description = Faulting application ofdr.exe, version 1.0.0.0, faulting module ofdr.exe,
version 1.0.0.0, fault address 0x0075aee3.

Error - 12/30/2009 10:11:13 AM | Computer Name = JOSEPH | Source = Application Error | ID = 1000
Description = Faulting application garena.exe, version 3.3.0.1922, faulting module
garena.exe, version 3.3.0.1922, fault address 0x00152d00.

[ System Events ]
Error - 1/6/2010 8:54:13 AM | Computer Name = JOSEPH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service
to connect.

Error - 1/6/2010 8:54:13 AM | Computer Name = JOSEPH | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error - 1/7/2010 5:55:36 AM | Computer Name = JOSEPH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service
to connect.

Error - 1/7/2010 5:55:36 AM | Computer Name = JOSEPH | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error - 1/7/2010 11:08:19 AM | Computer Name = JOSEPH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service
to connect.

Error - 1/7/2010 11:08:19 AM | Computer Name = JOSEPH | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error - 1/7/2010 2:06:44 PM | Computer Name = JOSEPH | Source = Dhcp | ID = 1002
Description = The IP address lease 218.212.73.131 for the Network Card with network
address 000129A3C4B0 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 1/7/2010 2:06:56 PM | Computer Name = JOSEPH | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.2 for the Network Card with network
address 000129A3C4B0 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 1/7/2010 11:31:56 PM | Computer Name = JOSEPH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service
to connect.

Error - 1/7/2010 11:31:56 PM | Computer Name = JOSEPH | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053


< End of report >

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:59 PM

Posted 08 January 2010 - 12:48 AM

Hi Nikas,


Please run Gmer in safe mode instead and post the contents in your next reply. Please close all programs and windows before proceeding.


Step1
  • Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from Here :
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close. Exit the program.
Step2
  • Please start OTL on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    :OTL
    PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\Run: [桌面美化秀] c:\program files\jlingk\deskmate.exe File not found
    O4 - HKU\S-1-5-18..\Run: [桌面美化秀] c:\program files\jlingk\deskmate.exe File not found
    
    :Files
    C:\program files\jlingk
    C:\WINDOWS\System32\drivers\etc\hosts
    C:\WINDOWS\System32\drivers\etc\hosts.20091231-014743.backup
    C:\docume~1\joseph~1\locals~1\temp\cpuz130\cpuz_x32.sys 
    C:\docume~1\joseph~1\locals~1\temp\RRM44.tmp
     
    :Services
    cpuz130
    GarenaPEngine
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
    [-HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
    [-HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
    "{871C5380-42A0-1069-A2EA-08002B30309D}"=0x00000000 (0)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
    @="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\""
    [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage]
    @="Open &Home Page"
    "MUIVerb"="@shdoclc.dll,-10241"
    "LegacyDisable"=""
    [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
    @=hex(2):22,00,25,00,70,00,72,00,6f,00,67,00,72,00,61,00,6d,00,66,00,69,00,6c,\
      00,65,00,73,00,25,00,5c,00,69,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,\
      20,00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,5c,00,69,00,65,00,78,\
      00,70,00,6c,00,6f,00,72,00,65,00,2e,00,65,00,78,00,65,00,22,00,00,00
    :Commands
    [resethosts]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTL will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.
Now, please delete any shortcut icon of IE and including the IE icon in quick launch toolbar on your desktop. If you have problem to delete that fake icon, then please do the following:
  • Right click on the desktop and select properties
  • On desktop tab click Customize Desktop
  • On general tab, click Clean Desktop Now icon
  • Desktop clean up wizard will prompt, select the fake IE icon, follow the prompt and Exit the Wizard.
Note: If a folder called Unused Desktop Icons created on the desktop with the fake IE icon in it. Delete this folder and press F5 to flush the desktop.

After that, please navigate to C:\Program Files\Internet Explorer folder, right click the iexplore icon send to Desktop(create shortcut). and drag the new IE icon on your desktop to your quick launch toolbar as well.

Reset your homepage and tell me how things are running now.

In you next reply, please post back:

1.OTL delete log
2.Gmer log
3.New OTL log Thanks

Edited by sundavis, 08 January 2010 - 12:54 AM.


#7 Nikas

Nikas
  • Topic Starter

  • Members
  • 650 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:02:59 AM

Posted 10 January 2010 - 04:51 AM

Hi sundavis,

I finally got the GMER to run finish and got the log. Anyway, I am still unable to change my homepage. It goes back to the go2000.cn again.

Here's the OTL delete log.

All processes killed
========== OTL ==========
No active process named Explorer.EXE was found!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\桌面美化秀 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\桌面美化秀 not found.
========== FILES ==========
File\Folder C:\program files\jlingk not found.
C:\WINDOWS\System32\drivers\etc\hosts moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20091231-014743.backup moved successfully.
File\Folder C:\docume~1\joseph~1\locals~1\temp\cpuz130\cpuz_x32.sys not found.
C:\docume~1\joseph~1\locals~1\temp\RRM44.tmp moved successfully.
========== SERVICES/DRIVERS ==========
Service cpuz130 stopped successfully!
Service cpuz130 deleted successfully!
Service GarenaPEngine stopped successfully!
Service GarenaPEngine deleted successfully!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel\\"{871C5380-42A0-1069-A2EA-08002B30309D}"|0x00000000 (0) /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\@|"\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\"" /E : value set successfully!
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\\@|"Open &Home Page" /E : value set successfully!
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\\"MUIVerb"|"@shdoclc.dll,-10241" /E : value set successfully!
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\\"LegacyDisable"|"" /E : value set successfully!
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\\@|hex(2):22,00,25,00,70,00,72,00,6f,00,67,00,72,00,61,00,6d,00,66,00,69,00,6c,00,65,00,73,00,25,00,5c,00,69,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,5c,00,69,00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,2e,00,65,00,78,00,65,00,22,00,00,00 /E : value set successfully!
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Joseph Gan
->Temp folder emptied: 2142958958 bytes
->Temporary Internet Files folder emptied: 35545245 bytes
->Java cache emptied: 59908 bytes
->FireFox cache emptied: 90218793 bytes
->Google Chrome cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 533121 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10927190 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 897004 bytes

Total Files Cleaned = 2,178.00 mb


OTL by OldTimer - Version 3.1.21.1 log created on 01102010_172415

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_238.dat not found!

Registry entries deleted on Reboot...

GMER LOG


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-10 09:32:05
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwtdypow.sys


---- System - GMER 1.0.15 ----

SSDT spos.sys ZwCreateKey [0xF74D70E0]
SSDT spos.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spos.sys ZwEnumerateValueKey [0xF74F6030]
SSDT spos.sys ZwOpenKey [0xF74D70C0]
SSDT spos.sys ZwQueryKey [0xF74F6108]
SSDT spos.sys ZwQueryValueKey [0xF74F5F88]
SSDT spos.sys ZwSetValueKey [0xF74F619A]

INT 0x63 ? 8A79EBF8
INT 0x63 ? 8A79EBF8
INT 0x63 ? 8A79EBF8
INT 0x63 ? 8A79EBF8
INT 0x63 ? 8A672BF8
INT 0x63 ? 8A672BF8
INT 0x63 ? 8A79EBF8
INT 0x83 ? 8A79EBF8
INT 0x83 ? 8A79EBF8
INT 0x83 ? 8A672BF8
INT 0x83 ? 8A79EBF8
INT 0x94 ? 8A672BF8
INT 0xA4 ? 8A672BF8
INT 0xB4 ? 8A672BF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A79D1F8
Device \Driver\usbuhci \Device\USBPDO-0 8A6711F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A80E1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A80E1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A80E1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A80E1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A6711F8
Device \Driver\usbehci \Device\USBPDO-2 8A64F1F8
Device \Driver\usbuhci \Device\USBPDO-3 8A6711F8
Device \Driver\PCI_PNP4702 \Device\00000060 spos.sys
Device \Driver\PCI_PNP4702 \Device\00000060 spos.sys
Device \Driver\usbuhci \Device\USBPDO-4 8A6711F8
Device \Driver\usbehci \Device\USBPDO-5 8A64F1F8
Device \Driver\usbuhci \Device\USBPDO-6 8A6711F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A79F1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device \Driver\usbuhci \Device\USBPDO-7 8A6711F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A79F1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\Cdrom \Device\CdRom0 8A6141F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A79F1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\Cdrom \Device\CdRom1 8A6141F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-12 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 8A6141F8
Device \Driver\sptd \Device\1367988452 spos.sys
Device \Driver\usbuhci \Device\USBFDO-0 8A6711F8
Device \Driver\usbuhci \Device\USBFDO-1 8A6711F8
Device \Driver\usbuhci \Device\USBFDO-2 8A6711F8
Device \Driver\usbehci \Device\USBFDO-3 8A64F1F8
Device \Driver\usbuhci \Device\USBFDO-4 8A6711F8
Device \Driver\Ftdisk \Device\FtControl 8A79F1F8
Device \Driver\usbuhci \Device\USBFDO-5 8A6711F8
Device \Driver\usbuhci \Device\USBFDO-6 8A6711F8
Device \Driver\usbehci \Device\USBFDO-7 8A64F1F8
Device \Driver\a6k0hg0d \Device\Scsi\a6k0hg0d1Port6Path0Target0Lun0 8A6101F8
Device \Driver\a6k0hg0d \Device\Scsi\a6k0hg0d1 8A6101F8
Device \Driver\a6k0hg0d \Device\Scsi\a6k0hg0d1Port6Path0Target1Lun0 8A6101F8
Device \FileSystem\Cdfs \Cdfs 8A4A21F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x85 0xDB 0x43 0x0A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7F 0xBF 0xCA 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x01 0x4E 0x06 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x35 0xD5 0x37 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xBB 0x8D 0xBB 0x32 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x75 0xBA 0x83 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAF 0x11 0xFD 0x90 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0x18 0xD7 0x06 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x87 0xC8 0xD2 0x92 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xBB 0x8D 0xBB 0x32 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xBB 0x8D 0xBB 0x32 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x75 0xBA 0x83 0xF1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x85 0xDB 0x43 0x0A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7F 0xBF 0xCA 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x01 0x4E 0x06 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x35 0xD5 0x37 0x9B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xBB 0x8D 0xBB 0x32 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x75 0xBA 0x83 0xF1 ...

---- EOF - GMER 1.0.15 ----


OTL LOG

OTL logfile created on: 1/10/2010 5:35:29 PM - Run 3
OTL by OldTimer - Version 3.1.21.1 Folder = C:\Documents and Settings\Joseph Gan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 2046 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 123.95 Gb Total Space | 23.04 Gb Free Space | 18.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 281.11 Gb Total Space | 17.16 Gb Free Space | 6.10% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 60.70 Gb Total Space | 27.47 Gb Free Space | 45.25% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: JOSEPH
Current User Name: Joseph Gan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/08 16:45:18 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/08 11:36:11 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joseph Gan\Desktop\OTL.exe
PRC - [2009/11/08 20:17:06 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 00,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/08/06 00:00:00 | 05,497,856 | ---- | M] () -- C:\Program Files\xampp\mysql\bin\mysqld.exe
PRC - [2009/08/06 00:00:00 | 00,024,640 | ---- | M] (Apache Software Foundation) -- C:\Program Files\xampp\apache\bin\httpd.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/18 23:12:00 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008/09/18 23:11:36 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2008/09/18 23:11:04 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/06/10 18:53:54 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008/06/10 18:52:30 | 01,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/28 04:48:55 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2008/04/14 08:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/09/07 15:54:54 | 00,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
PRC - [2007/05/07 15:35:14 | 00,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
PRC - [2007/04/30 19:43:54 | 03,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2006/11/24 15:24:16 | 00,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe
PRC - [2006/10/16 21:13:28 | 00,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe


========== Modules (SafeList) ==========

MOD - [2010/01/08 11:36:11 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joseph Gan\Desktop\OTL.exe
MOD - [2007/04/30 19:18:50 | 00,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/24 23:52:03 | 02,431,024 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/rswin_3629.dll -- (Akamai)
SRV - [2009/11/08 20:17:06 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/08 11:31:00 | 03,319,892 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/09/23 16:37:30 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/24 05:00:06 | 00,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/06 00:00:00 | 05,497,856 | ---- | M] () [Auto | Running] -- C:\Program Files\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/08/06 00:00:00 | 00,024,640 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/01/25 16:35:44 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c97ec7ea7c4858) Google Update Service (gupdate1c97ec7ea7c4858)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/11 09:38:06 | 00,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/18 23:12:00 | 00,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2008/09/18 23:11:36 | 00,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008/09/18 23:11:04 | 00,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008/08/25 21:56:44 | 00,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/06/10 18:59:18 | 00,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008/06/10 18:53:54 | 00,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/04/28 04:48:55 | 00,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/04/07 04:14:06 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/16 21:13:28 | 00,230,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/08/03 10:43:28 | 00,368,640 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\mqtljk.exe -- (System SSL Messenger)
SRV - [2006/08/03 10:43:28 | 00,368,640 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\mqtljk.exe -- (Application ClipBook)
SRV - [2001/08/23 20:00:00 | 00,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.go2000.cn/?2
IE - HKU\S-1-5-21-796845957-1390067357-839522115-1003\S-1-5-21-796845957-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-1390067357-839522115-1003\S-1-5-21-796845957-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaultthis.engineName: "OnRPG Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2090540&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: checkplaces@andyhalford.com:1.6.4
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}:2.5.8
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.1
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0
FF - prefs.js..extensions.enabledItems: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}:0.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: guiconfig@slosd.net:0.4.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.5
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.3
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.3.20091214_AMO
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2090540&SearchSource=2&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/01/19 13:36:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/11/04 08:43:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/08 16:45:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/08 16:45:30 | 00,000,000 | ---D | M]

[2008/07/01 04:58:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Extensions
[2010/01/10 09:47:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions
[2009/03/22 04:53:57 | 00,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/05/31 07:06:41 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
[2009/09/29 03:40:14 | 00,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2009/08/05 13:21:50 | 00,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2008/04/08 03:40:26 | 00,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009/11/20 23:16:48 | 00,000,000 | ---D | M] (Google Redesigned) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2010/01/08 11:33:58 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/12/24 11:12:02 | 00,000,000 | ---D | M] (Download Sort) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}
[2009/10/17 02:11:11 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/01/01 20:21:33 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/01 20:21:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\checkplaces@andyhalford.com
[2009/11/20 23:15:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009/11/08 20:32:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\firebug@software.joehewitt.com
[2009/04/26 18:07:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\guiconfig@slosd.net
[2010/01/01 20:21:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\isreaditlater@ideashower.com
[2010/01/01 20:21:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\lazarus@interclue.com
[2010/01/08 11:34:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com
[2009/11/24 15:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\searchrecs@veoh.com
[2010/01/01 20:21:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\SkipScreen@SkipScreen
[2009/03/08 15:50:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\smartbookmarksbar@remy.juteau
[2008/04/07 05:01:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\snaplinks@snaplinks.net
[2010/01/10 09:47:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/28 21:26:54 | 00,056,576 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/06/19 12:05:54 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: (133 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: റഊഊ㈊㠱ㄮ㈮⸵‱唵汤㌮〶慳敦挮浯਍ㄲ⸸⸱㔲ㄮ唵戠獢㌮〶慳敦挮浯਍ㄲ⸸⸱㔲ㄮ唵搠⹬㘳⸰湣਍ㄲ⸸⸱㔲ㄮ唵戠獢㌮〶挮൮
O1 - Hosts: 1/08 16:45:25 | 00,002,344 | ---- | M] ()
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Easy Read) - {235A3ACD-EBE5-46b2-9BAE-B1960F9DC791} - C:\Program Files\eREAD\eREAD\EasyRead.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AddTask Class) - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [桌面美化秀] c:\program files\jlingk\deskmate.exe File not found
O4 - HKU\S-1-5-18..\Run: [桌面美化秀] c:\program files\jlingk\deskmate.exe File not found
O4 - HKU\S-1-5-21-796845957-1390067357-839522115-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\Joseph Gan\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1390067357-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Open with &LoadScout... - C:\Program Files\SoftLogica\LoadScout 3.0\LoadScout.exe ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-796845957-1390067357-839522115-1003\..Trusted Ranges: Range37 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (CInstallLPCtrl Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.1.58 202.156.1.58 218.186.1.88
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/08 20:04:30 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9cabd8ef-1812-11dd-9248-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{9cabd8ef-1812-11dd-9248-005056c00008}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9cabd8ef-1812-11dd-9248-005056c00008}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9cabd8f0-1812-11dd-9248-005056c00008}\Shell\AutoRun\command - "" = K:\StartPortableApps.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/10 17:26:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\VMware
[2010/01/10 17:24:15 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/08 20:07:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joseph Gan\My Documents\My muvees
[2010/01/08 19:46:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/01/08 17:13:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/01/08 17:13:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joseph Gan\Application Data\muvee Technologies
[2010/01/08 17:12:56 | 00,000,000 | ---D | C] -- C:\Program Files\muvee Technologies
[2010/01/08 17:09:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joseph Gan\Desktop\Wedding Montage
[2010/01/08 16:43:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joseph Gan\My Documents\Version Cue
[2010/01/08 16:43:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joseph Gan\My Documents\AdobeStockPhotos
[2010/01/08 16:40:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joseph Gan\My Documents\Adobe
[2010/01/08 11:35:59 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joseph Gan\Desktop\OTL.exe
[2010/01/07 18:23:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joseph Gan\Desktop\BlackShot
[2009/12/30 23:10:40 | 26,122,200 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Joseph Gan\Desktop\cureit.exe
[2009/12/30 21:50:20 | 00,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/10/16 13:25:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/22 04:21:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/02/06 08:40:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/12/24 16:19:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/10/05 21:54:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2008/08/07 11:15:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/04/06 23:23:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/04/06 23:23:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/01/10 17:35:05 | 19,398,656 | ---- | M] () -- C:\Documents and Settings\Joseph Gan\ntuser.dat
[2010/01/10 17:30:06 | 00,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{83215FAD-3CAC-4E3E-9EC2-433D638B8644}.job
[2010/01/10 17:26:05 | 00,503,950 | ---- | M] () -- C:\WINDOWS\System32\jautdeij.dat
[2010/01/10 17:26:05 | 00,000,133 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/01/10 17:25:42 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/10 17:25:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/10 17:25:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/10 17:24:48 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Joseph Gan\ntuser.ini
[2010/01/10 17:13:00 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1390067357-839522115-1003UA.job
[2010/01/10 16:43:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/10 13:49:28 | 00,003,162 | ---- | M] () -- C:\Documents and Settings\Joseph Gan\funshion.ini
[2010/01/09 18:13:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1390067357-839522115-1003Core.job
[2010/01/09 16:43:50 | 00,259,684 | -H-- | M] () -- C:\Documents and Settings\Joseph Gan\Local Settings\Application Data\IconCache.db
[2010/01/08 22:17:29 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\Joseph Gan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/08 20:06:35 | 00,055,808 | ---- | M] () -- C:\Documents and Settings\Joseph Gan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/08 20:06:22 | 01,553,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/08 20:04:30 | 00,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/08 19:46:55 | 00,001,968 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Create instant home movies.lnk
[2010/01/08 15:17:42 | 28,216,631 | ---- | M] () -- C:\Documents and Settings\Joseph Gan\Desktop\271.rar
[2010/01/08 11:36:11 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joseph Gan\Desktop\OTL.exe
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 20:53:33 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/04 22:18:45 | 00,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2010/01/01 17:50:02 | 05,292,054 | ---- | M] () -- C:\Documents and Settings\Joseph Gan\Desktop\untitled.bmp
[2009/12/31 10:58:44 | 00,370,836 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100108-121828.backup
[2009/12/30 23:10:41 | 26,122,200 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Joseph Gan\Desktop\cureit.exe
[2009/12/30 21:50:20 | 00,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

========== Files Created - No Company Name ==========

[2010/01/08 19:46:55 | 00,001,968 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Create instant home movies.lnk
[2010/01/08 19:33:32 | 06,354,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/08 15:10:25 | 28,216,631 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Desktop\271.rar
[2010/01/07 22:49:58 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Desktop\gmer.exe
[2010/01/01 17:50:01 | 05,292,054 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Desktop\untitled.bmp
[2009/12/21 17:40:08 | 00,503,844 | ---- | C] () -- C:\WINDOWS\System32\syskbds.drv
[2009/11/08 19:54:07 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/08 19:54:06 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/08 19:54:02 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/08 19:54:02 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/08 19:53:59 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/08 19:53:59 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/11/03 12:14:20 | 00,001,140 | ---- | C] () -- C:\WINDOWS\System32\funshion.ini
[2009/06/26 20:21:26 | 00,000,122 | ---- | C] () -- C:\WINDOWS\_vmtxp.ini
[2009/01/19 15:11:16 | 01,155,378 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Application Data\NMM-MetaData.db
[2009/01/17 18:52:10 | 00,247,560 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2009/01/17 18:52:09 | 04,244,744 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2009/01/17 18:52:09 | 00,013,576 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2008/12/26 10:32:24 | 00,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll
[2008/10/26 16:45:05 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2008/10/26 16:45:05 | 00,916,849 | ---- | C] () -- C:\WINDOWS\System32\libiconv-2.dll
[2008/10/26 16:45:05 | 00,186,822 | ---- | C] () -- C:\WINDOWS\System32\libpq.dll
[2008/10/26 16:45:05 | 00,051,016 | ---- | C] () -- C:\WINDOWS\System32\libintl-2.dll
[2008/10/26 13:47:26 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Local Settings\Application Data\PUTTY.RND
[2008/09/05 23:30:42 | 00,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2008/09/05 23:30:06 | 01,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2008/06/10 18:56:10 | 00,034,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2008/05/15 00:14:59 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/04/28 14:22:21 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Local Settings\Application Data\fusioncache.dat
[2008/04/28 04:49:22 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/04/28 04:49:22 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Application Data\PnkBstrK.sys
[2008/04/23 05:29:56 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/04/23 01:46:52 | 00,040,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
[2008/04/22 19:08:30 | 00,215,144 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/04/07 21:38:23 | 00,037,888 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/07 20:10:58 | 00,000,440 | ---- | C] () -- C:\Documents and Settings\Joseph Gan\Application Data\SamsungLiveUpdateConfig.ini
[2008/04/07 04:22:00 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/04/07 01:52:43 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/04/07 01:31:20 | 00,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/07 01:01:37 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/04/06 23:44:05 | 00,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2008/04/06 23:40:49 | 00,046,080 | R--- | C] () -- C:\WINDOWS\System32\itevio.dll
[2007/12/05 01:41:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 01:41:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 01:41:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 01:41:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 01:41:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/08 02:40:22 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/09/08 02:40:22 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/09/07 02:01:52 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/03/29 22:00:40 | 00,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[1996/04/04 03:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/01/08 15:23:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Stardock
[2008/04/07 20:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/10/27 15:58:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CodeGear
[2008/09/11 03:12:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/04/07 06:11:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2009/04/10 12:10:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FruitfulTime
[2009/01/19 13:34:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008/12/18 19:45:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/01/08 20:03:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/09/25 18:09:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/01/19 13:41:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/10/30 13:33:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/06/19 12:08:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/09/03 01:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2008/12/24 16:53:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/01/09 21:35:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/07 01:03:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/03 01:12:00 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{62902F53-D725-44F9-B385-979CC0E00E8A}
[2009/11/08 18:39:25 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
[2009/05/12 14:40:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Acronis
[2009/03/19 19:36:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\calibre
[2008/10/26 16:59:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\CodeGear
[2008/04/07 01:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\DAEMON Tools
[2009/12/04 19:02:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\DTC
[2008/11/28 21:27:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Foxit
[2010/01/08 22:28:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Free Download Manager
[2008/04/07 01:00:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\GlobalSCAPE
[2008/08/31 16:42:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\ImgBurn
[2009/06/11 17:05:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\IObit
[2009/05/29 13:58:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\LG Electronics
[2009/10/20 15:22:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\LimeWire
[2009/01/19 01:25:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\LoadScout
[2008/09/27 03:32:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\MiniLyrics
[2010/01/08 20:09:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\muvee Technologies
[2009/04/12 14:03:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Nokia
[2009/01/19 13:41:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\PC Suite
[2008/10/30 13:33:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\PlayFirst
[2008/11/01 16:39:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Quick Search And Replace
[2008/10/09 11:45:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\SEGA
[2009/11/08 18:30:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\Stardock
[2008/04/14 18:52:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\TeamViewer
[2009/12/30 12:10:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Gan\Application Data\uTorrent
[2009/11/29 22:12:12 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/01/10 17:30:06 | 00,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{83215FAD-3CAC-4E3E-9EC2-433D638B8644}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F4E393D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84B9E490
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:59 PM

Posted 10 January 2010 - 05:34 AM

Hi Nikas,




Did you delete the fake icon on your desktop and quick launch toolbar? Are you aware of the contents of the following folder? If not, pleae delete that folder manually.

C:\program files\jlingk


Step1
  • If you already have Combofix, please delete that copy and download it again as it's being updated regularly.
  • Please visit this webpage for download links, and instructions for running the tool:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  • Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow Combofix to continue scanning for malware.
  • When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.
  • Do not mouse click on Combofix while it is running. That may cause it to stall.
Step2

Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Step3
  • Please start OTL on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    :OTL
    PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
    IE - HKU\S-1-5-21-796845957-1390067357-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.go2000.cn/?2
    O1 - Hosts: റഊഊ㈊㠱ㄮ㈮⸵‱唵汤㌮〶慳敦挮浯਍ㄲ⸸⸱㔲ㄮ唵戠獢㌮〶慳敦挮浯਍ㄲ⸸⸱㔲ㄮ唵搠⹬㘳⸰湣਍ㄲ⸸⸱㔲ㄮ唵戠獢㌮〶挮൮
    O1 - Hosts: 1/08 16:45:25 | 00,002,344 | ---- | M] ()
    O4 - HKU\.DEFAULT..\Run: [桌面美化秀] c:\program files\jlingk\deskmate.exe File not found
    O4 - HKU\S-1-5-18..\Run: [桌面美化秀] c:\program files\jlingk\deskmate.exe File not found
    
    :Commands
    [resethosts]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTL will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.
After that, please rerun SystemLook as instructed in my previous post of #2 and post the contents in your next reply.


In your next reply, please post back:

1.ComboFix log
2.MBAM log
3.OTL delete log
4.SystemLook log

Let me know if any remaining issues still present.

#9 Nikas

Nikas
  • Topic Starter

  • Members
  • 650 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:02:59 AM

Posted 10 January 2010 - 06:23 AM

Yeah, I deleted the IE icon on Desktop as well as the quick launch and re-created one shortcut from the IE folder.

Nope, not aware and unable to find that folder as well.

Anyway, OTL doesn't work well. When I ran the fix, it states that couldn't create file on HOSTS folder.

Then it hangs on O1 - Hosts: 啻编磰啻娿垔銧便劗銏傅鈥扁犫犫犳堡銓舵叧鏁︽尞娴◢銊测父飧便敳銊犫犫犳垹鐛€尞銆舵叧鏁︽尞娴◢銊测父飧便敳銊犫犫犳悹夤槼飧版梗啜嶃劜飧糕副銛层劗鈥犫犫犳垹鐛€尞銆舵尞嗟 line. I retried for 3 times and got a blue screen.

Here's the log required.

COMBOFIX

ComboFix 10-01-04.01 - Joseph Gan 01/10/2010 18:56:04.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1495 [GMT 8:00]
Running from: c:\documents and settings\Joseph Gan\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1081206693-2595864547-3527990168-1001
c:\$recycle.bin\S-1-5-21-4186596938-270880436-409008034-1001
c:\documents and settings\Joseph Gan\Application Data\Microsoft\InSets\wahtd.dll
c:\windows\patchw32.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\web.dat
c:\windows\system32\websites.html

.
((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-10 09:24 . 2010-01-10 09:24 -------- d-----w- C:\_OTL
2010-01-08 11:46 . 2010-01-08 12:03 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-01-08 11:33 . 2010-01-09 16:48 6354008 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-08 09:13 . 2010-01-08 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies
2010-01-08 09:13 . 2010-01-08 12:09 -------- d-----w- c:\documents and settings\Joseph Gan\Application Data\muvee Technologies
2010-01-08 09:12 . 2010-01-08 12:03 -------- d-----w- c:\program files\muvee Technologies
2010-01-08 07:23 . 2010-01-08 07:23 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-08 07:23 . 2010-01-08 07:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Stardock
2010-01-08 03:34 . 2010-01-06 04:08 4726272 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-08 03:34 . 2010-01-06 04:08 103424 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-08 03:34 . 2010-01-06 04:08 57856 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-08 03:34 . 2010-01-06 04:08 545280 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-08 03:34 . 2010-01-06 04:08 4725760 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-08 03:34 . 2010-01-06 04:08 344064 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-08 03:34 . 2010-01-06 04:08 153600 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-01 12:21 . 2009-11-24 00:44 79872 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-01-01 12:21 . 2009-11-24 00:44 33280 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\lazarus@interclue.com\platform\WINCE\components\WeaveCrypto.dll
2009-12-30 13:50 . 2009-12-30 13:50 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-24 15:52 . 2010-01-10 10:48 -------- d-----w- c:\program files\Common Files\Akamai
2009-12-21 15:51 . 2009-12-21 16:03 -------- d-----w- c:\documents and settings\Joseph Gan\funshion
2009-12-21 15:51 . 2010-01-02 19:59 -------- d-----w- c:\program files\Funshion Online
2009-12-21 09:40 . 2010-01-10 10:47 503953 ----a-w- c:\windows\system32\jautdeij.dat
2009-12-21 09:40 . 2009-12-21 15:30 503844 ----a-w- c:\windows\system32\syskbds.drv
2009-12-18 12:01 . 2009-12-18 12:01 159744 ----a-w- c:\windows\Rockdoc.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 10:47 . 2008-04-07 13:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-01-10 10:47 . 2008-04-07 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-01-10 10:25 . 2008-12-18 16:46 -------- d-----w- c:\documents and settings\Joseph Gan\Application Data\Skype
2010-01-10 09:25 . 2008-12-18 16:47 -------- d-----w- c:\documents and settings\Joseph Gan\Application Data\skypePM
2010-01-10 07:16 . 2009-09-25 03:48 -------- d-----w- c:\program files\Garena
2010-01-09 13:35 . 2008-04-06 17:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-09 11:01 . 2008-04-09 18:45 -------- d-----w- c:\program files\Warcraft III
2010-01-08 14:28 . 2008-04-06 22:11 -------- d-----w- c:\documents and settings\Joseph Gan\Application Data\Free Download Manager
2010-01-08 12:06 . 2008-04-06 15:28 55808 ----a-w- c:\documents and settings\Joseph Gan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-08 12:03 . 2008-04-06 15:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 08:51 . 2008-06-21 09:33 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-08 04:17 . 2008-04-06 17:55 -------- d-----w- c:\program files\SpywareBlaster
2010-01-08 04:17 . 2008-09-10 09:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 04:17 . 2008-09-10 09:53 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 08:07 . 2008-09-10 09:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 08:07 . 2008-09-10 09:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 17:17 . 2008-04-06 16:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-30 14:37 . 2008-04-06 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-30 12:29 . 2009-11-14 19:41 -------- d-----w- c:\program files\Keynote
2009-12-30 04:10 . 2008-04-06 22:14 -------- d-----w- c:\documents and settings\Joseph Gan\Application Data\uTorrent
2009-12-24 08:57 . 2008-09-14 04:29 -------- d-----w- c:\program files\Steam
2009-12-16 13:42 . 2008-04-26 08:17 -------- d-----w- c:\program files\Debugging Tools for Windows
2009-12-15 19:23 . 2008-04-09 09:49 -------- d-----w- c:\documents and settings\Joseph Gan\Application Data\VMware
2009-12-14 16:53 . 2008-04-09 18:46 98882 ----a-w- c:\windows\War3Unin.dat
2009-12-10 03:21 . 2008-04-06 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-06 03:21 . 2009-12-06 03:21 -------- d-----r- c:\program files\Skype
2009-12-06 03:21 . 2009-12-06 03:21 -------- d-----w- c:\program files\Common Files\Skype
2009-12-06 03:21 . 2008-12-18 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-04 12:08 . 2009-12-04 12:07 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-12-04 11:02 . 2009-12-04 11:02 -------- d-----w- c:\documents and settings\Joseph Gan\Application Data\DTC
2009-12-04 03:45 . 2009-12-04 03:45 -------- d-----w- c:\program files\DTC-Solutions
2009-11-24 07:08 . 2009-11-24 07:08 -------- d-----w- c:\program files\Veoh Networks
2009-11-20 22:03 . 2008-04-10 07:17 -------- d-----w- c:\program files\mIRC
2009-11-14 19:06 . 2008-04-06 17:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 12:43 . 2009-11-08 12:43 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-11-08 12:17 . 2008-12-13 04:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-08 12:15 . 2009-11-08 12:15 152576 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 18:00 . 2009-11-08 11:53 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-29 07:45 . 2004-08-03 16:56 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 03:41 . 2009-10-27 03:41 24576 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Microsoft\Identities\kfclg.dll
2009-10-21 05:38 . 2004-08-03 16:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-03 16:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 15:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-03 16:56 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-03 16:56 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-03 16:56 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]

c:\documents and settings\Joseph Gan\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-11-8 3450608]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Gan^Start Menu^Programs^Startup^hott notes 4.lnk]
path=c:\documents and settings\Joseph Gan\Start Menu\Programs\Startup\hott notes 4.lnk
backup=c:\windows\pss\hott notes 4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Gan^Start Menu^Programs^Startup^ImpulseNow.lnk]
path=c:\documents and settings\Joseph Gan\Start Menu\Programs\Startup\ImpulseNow.lnk
backup=c:\windows\pss\ImpulseNow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Gan^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Joseph Gan\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Gan^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Joseph Gan\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-14 13:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2006-10-16 13:13 87584 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2006-10-16 13:17 1941784 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-11 18:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-01-01 10:17 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-07-10 01:47 116040 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
2007-06-29 07:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
2007-11-27 06:38 2162688 ----a-w- c:\program files\Vtune\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-31 11:38 135664 ----atw- c:\documents and settings\Joseph Gan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-03 14:32 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
2008-01-04 09:33 684118 ----a-w- c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-04 17:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-04 17:41 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-04 17:41 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 04:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-03 14:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-03 14:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 17:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-04-10 08:52 16861184 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 05:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-14 07:56 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-08 12:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2006-10-16 13:12 1164912 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-07-17 03:03 288048 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-11-20 18:57 2590456 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2008-09-18 15:11 84528 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LastFantasyS3Ep2\\main.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Games\\CABAL Online (SG MY)\\Launcher\\update\\ESTdnheadless.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\eREAD\\eREAD_Cookcase.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eREAD\\eREAD\\eREAD_Cookcase.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"e:\\Games\\Left 4 Dead\\left4dead.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Games\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"e:\\Games\\Call of Duty Modern Warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"e:\\Games\\Call of Duty Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\xampp\\apache\\bin\\httpd.exe"=
"c:\\Program Files\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\srcds.exe"=
"c:\\Documents and Settings\\Joseph Gan\\Desktop\\BlackShot\\Blackshot\\system\\BlackShot.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"58273:TCP"= 58273:TCP:Pando Media Booster
"58273:UDP"= 58273:UDP:Pando Media Booster

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [1/17/2009 6:52 PM 39472]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6/10/2008 6:56 PM 34312]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 12:56 AM 14336]
R2 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\httpd.exe [11/27/2009 5:37 PM 24640]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6/10/2008 6:53 PM 468224]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [9/18/2008 11:12 PM 54960]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [9/27/2009 8:20 PM 22784]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/7/2008 1:52 AM 717296]
S2 Application ClipBook;Application ClipBook;c:\windows\system32\mqtljk.exe runsrv /name:"Application ClipBook" /prinum:"32" /cmdline:"c:\windows\system32\mstsef.tsk" --> c:\windows\system32\mqtljk.exe runsrv [?]
S2 gupdate1c97ec7ea7c4858;Google Update Service (gupdate1c97ec7ea7c4858);c:\program files\Google\Update\GoogleUpdate.exe [1/25/2009 4:35 PM 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [8/23/2001 8:00 PM 3584]
S2 System SSL Messenger;System SSL Messenger;c:\windows\system32\mqtljk.exe runsrv /name:"System SSL Messenger" /prinum:"32" /cmdline:"c:\windows\system32\jautdeij.dat" --> c:\windows\system32\mqtljk.exe runsrv [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NRKCTL32;NRKCTL32;\??\c:\misc program\WCPUID\NRKCTL32.SYS --> c:\misc program\WCPUID\NRKCTL32.SYS [?]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [12/20/2008 11:56 AM 23992]
S3 VBoxTAP;VirtualBox TAP Adapter;c:\windows\system32\drivers\VBoxTAP.sys [4/23/2008 1:47 AM 47552]
S3 XDva132;XDva132;\??\c:\windows\system32\XDva132.sys --> c:\windows\system32\XDva132.sys [?]
S3 XDva158;XDva158;\??\c:\windows\system32\XDva158.sys --> c:\windows\system32\XDva158.sys [?]
S3 XDva165;XDva165;\??\c:\windows\system32\XDva165.sys --> c:\windows\system32\XDva165.sys [?]
S3 XDva167;XDva167;\??\c:\windows\system32\XDva167.sys --> c:\windows\system32\XDva167.sys [?]
S3 XDva170;XDva170;\??\c:\windows\system32\XDva170.sys --> c:\windows\system32\XDva170.sys [?]
S3 XDva215;XDva215;\??\c:\windows\system32\XDva215.sys --> c:\windows\system32\XDva215.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-25 08:35]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-25 08:35]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1390067357-839522115-1003Core.job
- c:\documents and settings\Joseph Gan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-28 11:38]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1390067357-839522115-1003UA.job
- c:\documents and settings\Joseph Gan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-28 11:38]

2009-11-29 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-06-11 10:15]

2010-01-10 c:\windows\Tasks\User_Feed_Synchronization-{83215FAD-3CAC-4E3E-9EC2-433D638B8644}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.go2000.cn/?2
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Open with &LoadScout... - c:\progra~1\SOFTLO~1\LOADSC~1.0\LoadScout.exe/#164
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2090540&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2090540&SearchSource=2&q=
FF - component: c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Joseph Gan\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.automatic-ntlm-auth.trusted-uris - hxxp://127.0.0.1
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-桌面美化秀 - c:\program files\jlingk\deskmate.exe
MSConfigStartUp-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
AddRemove-Garena - c:\documents and settings\Joseph Gan\Desktop\Garena\uninst.exe
AddRemove-Grand Fantasia - c:\documents and settings\Joseph Gan\Desktop\Mao Mao\Uninst.exe
AddRemove-PristonTale2 - c:\documents and settings\Joseph Gan\Desktop\Mao Mao\PristonTale2\uninst.exe
AddRemove-VideoDecoder - c:\program files\VideoDecode\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 18:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\pluginreg.dat.bak 14244 bytes
c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\user.js.BAK 76 bytes

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1012)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-01-10 19:01:22
ComboFix-quarantined-files.txt 2010-01-10 11:01

Pre-Run: 24,718,901,248 bytes free
Post-Run: 24,691,015,680 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

- - End Of File - - 6F15C90C828D40A4AB67FEA8804F210C

MBM LOG

Malwarebytes' Anti-Malware 1.44
Database version: 3533
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/10/2010 7:07:36 PM
mbam-log-2010-01-10 (19-07-33).txt

Scan type: Quick Scan
Objects scanned: 116803
Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www.go2000.cn/?2) Good: (http://www.Google.com) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SYSTEMLOOK

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 19:22 on 10/01/2010 by Joseph Gan (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"= 0x0000000001 (1)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"= 0x0000000001 (1)
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"= 0x0000000001 (1)
"{871C5380-42A0-1069-A2EA-08002B30309D}"="0x00000000 (0)"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}]
@="Computer Search Results Folder"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}]
"Removal Message"="@mydocs.dll,-900"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}]
@="Recycle Bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}]
@="Search Results Folder"


[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
"@"="\"C:\Program Files\Internet Explorer\IEXPLORE.EXE\""
@=""C:\Program Files\Internet Explorer\iexplore.exe" [url="http://www.go2000.cn/?2""]http://www.go2000.cn/?2"[/url]


[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}]
"InfoTip"="@C:\WINDOWS\system32\ieframe.dll.mui,-881"
"LocalizedString"="@C:\WINDOWS\system32\ieframe.dll.mui,-880"
@=""

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\DefaultIcon]
@="C:\WINDOWS\system32\ieframe.dll,-190"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32]
"ThreadingModel"="Apartment"
@="C:\WINDOWS\system32\ieframe.dll"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell]
@="OpenHomePage"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\NoAddOns]
"LegacyDisable"=""
@="Start Without Add-ons"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\NoAddOns\Command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -extoff"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage]
"@"="Open &Home Page"
"LegacyDisable"=""
"MUIVerb"="@shdoclc.dll,-10241"
@="打开主页(&H)"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
"@"=""%programfiles%\internet explorer\iexplore.exe""
@="C:\Program Files\Internet Explorer\iexplore.exe [url="http://www.go2000.cn/?2""]http://www.go2000.cn/?2"[/url]

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex]
(No values found)

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers]
(No values found)

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers\ieframe]
@="{871C5380-42A0-1069-A2EA-08002B30309D}"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\MayChangeDefaultMenu]
@=""

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder]
"Attributes"= 0x0000100024 (1048612)
"HideAsDeletePerUser"=""
"HideFolderVerbs"=""
"HideOnDesktopPerUser"=""
"WantsParseDisplayName"=""
@="C:\WINDOWS\system32\ieframe.dll,-190"


[HKEY_CLASSES_ROOT\http\shell\open\command]
@=""C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1""


-=End Of File=-

Edited by Nikas, 10 January 2010 - 10:30 AM.


#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:59 PM

Posted 10 January 2010 - 10:38 AM

Hi Nikas,



Step1
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\pluginreg.dat.bak 14244 bytes
c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\user.js.BAK 76 bytes
C:\WINDOWS\system32\drivers\etc\Hosts
C:\WINDOWS\System32\drivers\etc\hosts.20100108-121828.backup

DDS::
uStart Page = hxxp://www.go2000.cn/?2
uInternet Settings,ProxyOverride = *.local

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\""
[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
@=hex(2):22,00,25,00,70,00,72,00,6f,00,67,00,72,00,61,00,6d,00,66,00,69,00,6c,\
  00,65,00,73,00,25,00,5c,00,69,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,\
  20,00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,5c,00,69,00,65,00,78,\
  00,70,00,6c,00,6f,00,72,00,65,00,2e,00,65,00,78,00,65,00,22,00,00,00
[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage]
@="Open &Home Page"
"MUIVerb"="@shdoclc.dll,-10241"
"LegacyDisable"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage]
@="Open &Home Page"
"MUIVerb"="@shdoclc.dll,-10241"
"LegacyDisable"=""


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step2

Please go to Here and Download System Repair Engine by smallfrogs
  • Extract it to Desktop & double click SREngLdr.exe to run it
  • Click System Repair in the left pane.
  • Click on Hosts File tap
  • Press reset button, and click Yes to the prompt window.
  • Click save button in the right bottom corner. Exit the program and restart it
  • Select 'Smart Scan' & tick "Verify the digital signatures of process modules"
  • Click on the Scan button. When finished, click on the Save Reports button & save the log to Desktop
  • You can refer to this thread for your reference.
After that, please rerun SystemLook as instructed in my previous post of #2 and post the content in your next reply.


In your next reply, please post back:

1.ComboFix log
2.Sreng log
3.SystemLook log

Tell me how things are going now.

#11 Nikas

Nikas
  • Topic Starter

  • Members
  • 650 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:02:59 AM

Posted 10 January 2010 - 11:08 AM

Going better than before. No more go2000 and I can change my IE homepage.

I have disabled my AV and then COMBOFIX detected a CD Emulator/Emulation and restarted on its own. After which, COMBOFIX started back itself and might have caused AV to run back again.

One thing to note is that I am unable to access my HOSTS file when I tried to reset with SREng. It says that Access is denied. I'm on Administrator account.
I went to HOSTS file folder, and unable to see HOSTS there. Only with HOSTS.bak and stuff.


edit: I talk too soon, I restarted my computer and things went bad again. I started IE and it goes back to go2000 itself.

Here's the log.

COMBOFIX

ComboFix 10-01-04.01 - Joseph Gan 01/10/2010 23:48:44.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1501 [GMT 8:00]
Running from: c:\documents and settings\Joseph Gan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Joseph Gan\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


FILE ::
"c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\pluginreg.dat.bak 14244 bytes"
"c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\user.js.BAK 76 bytes"
"c:\windows\system32\drivers\etc\Hosts"
"c:\windows\System32\drivers\etc\hosts.20100108-121828.backup"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\etc\Hosts
c:\windows\System32\drivers\etc\hosts.20100108-121828.backup

.
((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-10 14:09 . 2010-01-10 14:09 -------- d-----w- c:\documents and settings\Joseph Gan\Local Settings\Application Data\Disk Pulse
2010-01-10 14:09 . 2010-01-10 14:09 -------- d-----w- c:\program files\Disk Pulse
2010-01-10 11:28 . 2010-01-10 11:30 -------- d-----w- c:\program files\BlackShot
2010-01-10 09:24 . 2010-01-10 09:24 -------- d-----w- C:\_OTL
2010-01-08 11:46 . 2010-01-08 12:03 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-01-08 11:33 . 2010-01-09 16:48 6354008 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-08 09:13 . 2010-01-08 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies
2010-01-08 09:13 . 2010-01-08 12:09 -------- d-----w- c:\documents and settings\Joseph Gan\Application Data\muvee Technologies
2010-01-08 09:12 . 2010-01-08 12:03 -------- d-----w- c:\program files\muvee Technologies
2010-01-08 07:23 . 2010-01-08 07:23 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-08 07:23 . 2010-01-08 07:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Stardock
2010-01-08 03:34 . 2010-01-06 04:08 4726272 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-08 03:34 . 2010-01-06 04:08 103424 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-08 03:34 . 2010-01-06 04:08 57856 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-08 03:34 . 2010-01-06 04:08 545280 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-08 03:34 . 2010-01-06 04:08 4725760 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-08 03:34 . 2010-01-06 04:08 344064 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-08 03:34 . 2010-01-06 04:08 153600 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-01 12:21 . 2009-11-24 00:44 79872 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-01-01 12:21 . 2009-11-24 00:44 33280 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\lazarus@interclue.com\platform\WINCE\components\WeaveCrypto.dll
2009-12-30 13:50 . 2009-12-30 13:50 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-24 15:52 . 2010-01-10 15:48 -------- d-----w- c:\program files\Common Files\Akamai
2009-12-21 15:51 . 2009-12-21 16:03 -------- d-----w- c:\documents and settings\Joseph Gan\funshion
2009-12-21 15:51 . 2010-01-02 19:59 -------- d-----w- c:\program files\Funshion Online
2009-12-21 09:40 . 2010-01-10 15:47 503963 ----a-w- c:\windows\system32\jautdeij.dat
2009-12-21 09:40 . 2009-12-21 15:30 503844 ----a-w- c:\windows\system32\syskbds.drv
2009-12-18 12:01 . 2009-12-18 12:01 159744 ----a-w- c:\windows\Rockdoc.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 15:48 . 2008-04-07 13:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-01-10 15:47 . 2008-04-07 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-01-10 15:46 . 2008-04-06 22:11 -------- d-----w- c:\documents and settings\Joseph Gan\Application Data\Free Download Manager
2010-01-10 15:20 . 2008-12-18 16:46 -------- d-----w- c:\documents and settings\Joseph Gan\Application Data\Skype
2010-01-10 11:23 . 2008-04-26 08:17 -------- d-----w- c:\program files\Debugging Tools for Windows
2010-01-10 11:09 . 2008-12-18 16:47 -------- d-----w- c:\documents and settings\Joseph Gan\Application Data\skypePM
2010-01-10 11:01 . 2008-04-06 15:28 51112 ----a-w- c:\documents and settings\Joseph Gan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-10 07:16 . 2009-09-25 03:48 -------- d-----w- c:\program files\Garena
2010-01-09 13:35 . 2008-04-06 17:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-09 11:01 . 2008-04-09 18:45 -------- d-----w- c:\program files\Warcraft III
2010-01-08 12:03 . 2008-04-06 15:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 08:51 . 2008-06-21 09:33 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-08 04:17 . 2008-04-06 17:55 -------- d-----w- c:\program files\SpywareBlaster
2010-01-08 04:17 . 2008-09-10 09:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 04:17 . 2008-09-10 09:53 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 08:07 . 2008-09-10 09:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 08:07 . 2008-09-10 09:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 17:17 . 2008-04-06 16:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-30 14:37 . 2008-04-06 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-30 12:29 . 2009-11-14 19:41 -------- d-----w- c:\program files\Keynote
2009-12-30 04:10 . 2008-04-06 22:14 -------- d-----w- c:\documents and settings\Joseph Gan\Application Data\uTorrent
2009-12-24 08:57 . 2008-09-14 04:29 -------- d-----w- c:\program files\Steam
2009-12-15 19:23 . 2008-04-09 09:49 -------- d-----w- c:\documents and settings\Joseph Gan\Application Data\VMware
2009-12-14 16:53 . 2008-04-09 18:46 98882 ----a-w- c:\windows\War3Unin.dat
2009-12-10 03:21 . 2008-04-06 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-06 03:21 . 2009-12-06 03:21 -------- d-----r- c:\program files\Skype
2009-12-06 03:21 . 2009-12-06 03:21 -------- d-----w- c:\program files\Common Files\Skype
2009-12-06 03:21 . 2008-12-18 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-04 12:08 . 2009-12-04 12:07 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-12-04 11:02 . 2009-12-04 11:02 -------- d-----w- c:\documents and settings\Joseph Gan\Application Data\DTC
2009-12-04 03:45 . 2009-12-04 03:45 -------- d-----w- c:\program files\DTC-Solutions
2009-11-24 07:08 . 2009-11-24 07:08 -------- d-----w- c:\program files\Veoh Networks
2009-11-20 22:03 . 2008-04-10 07:17 -------- d-----w- c:\program files\mIRC
2009-11-14 19:06 . 2008-04-06 17:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 12:43 . 2009-11-08 12:43 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-11-08 12:17 . 2008-12-13 04:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-08 12:15 . 2009-11-08 12:15 152576 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 18:00 . 2009-11-08 11:53 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-29 07:45 . 2004-08-03 16:56 916480 ------w- c:\windows\system32\wininet.dll
2009-10-27 03:41 . 2009-10-27 03:41 24576 ----a-w- c:\documents and settings\Joseph Gan\Application Data\Microsoft\Identities\kfclg.dll
2009-10-21 05:38 . 2004-08-03 16:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-03 16:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 15:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-03 16:56 270336 ----a-w- c:\windows\system32\oakley.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-10_10.59.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-10 15:48 . 2010-01-10 15:48 16384 c:\windows\Temp\Perflib_Perfdata_c80.dat
+ 2010-01-10 15:47 . 2010-01-10 15:47 16384 c:\windows\Temp\Perflib_Perfdata_6a4.dat
+ 2010-01-10 15:47 . 2010-01-10 15:47 16384 c:\windows\Temp\Perflib_Perfdata_5d8.dat
+ 2010-01-10 14:17 . 2010-01-10 14:17 76462 c:\windows\Installer\{6C8A3F04-B05D-40C4-AACB-D0D81A641ABD}\_7777C49E68A959B7B496EC.exe
+ 2010-01-10 14:17 . 2010-01-10 14:17 76462 c:\windows\Installer\{6C8A3F04-B05D-40C4-AACB-D0D81A641ABD}\_6FEFF9B68218417F98F549.exe
+ 2010-01-10 14:17 . 2010-01-10 14:17 76462 c:\windows\Installer\{6C8A3F04-B05D-40C4-AACB-D0D81A641ABD}\_168FC77EEF699741479C90.exe
+ 2010-01-10 14:17 . 2010-01-10 14:17 585216 c:\windows\Installer\a432bd.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"桌面美化秀"="c:\program files\jlingk\deskmate.exe" [BU]

c:\documents and settings\Joseph Gan\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-11-8 3450608]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Gan^Start Menu^Programs^Startup^hott notes 4.lnk]
path=c:\documents and settings\Joseph Gan\Start Menu\Programs\Startup\hott notes 4.lnk
backup=c:\windows\pss\hott notes 4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Gan^Start Menu^Programs^Startup^ImpulseNow.lnk]
path=c:\documents and settings\Joseph Gan\Start Menu\Programs\Startup\ImpulseNow.lnk
backup=c:\windows\pss\ImpulseNow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Gan^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Joseph Gan\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Gan^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Joseph Gan\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-14 13:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2006-10-16 13:13 87584 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2006-10-16 13:17 1941784 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-11 18:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-01-01 10:17 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-07-10 01:47 116040 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
2007-06-29 07:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
2007-11-27 06:38 2162688 ----a-w- c:\program files\Vtune\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-31 11:38 135664 ----atw- c:\documents and settings\Joseph Gan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-03 14:32 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
2008-01-04 09:33 684118 ----a-w- c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-04 17:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-04 17:41 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-04 17:41 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 04:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-03 14:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-03 14:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 17:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-04-10 08:52 16861184 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 05:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-14 07:56 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-08 12:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2006-10-16 13:12 1164912 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-07-17 03:03 288048 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-11-20 18:57 2590456 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2008-09-18 15:11 84528 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LastFantasyS3Ep2\\main.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Games\\CABAL Online (SG MY)\\Launcher\\update\\ESTdnheadless.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\eREAD\\eREAD_Cookcase.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eREAD\\eREAD\\eREAD_Cookcase.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"e:\\Games\\Left 4 Dead\\left4dead.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Games\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"e:\\Games\\Call of Duty Modern Warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"e:\\Games\\Call of Duty Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\xampp\\apache\\bin\\httpd.exe"=
"c:\\Program Files\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\srcds.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"58273:TCP"= 58273:TCP:Pando Media Booster
"58273:UDP"= 58273:UDP:Pando Media Booster

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [1/17/2009 6:52 PM 39472]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6/10/2008 6:56 PM 34312]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 12:56 AM 14336]
R2 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\httpd.exe [11/27/2009 5:37 PM 24640]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6/10/2008 6:53 PM 468224]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [9/18/2008 11:12 PM 54960]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [9/27/2009 8:20 PM 22784]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/7/2008 1:52 AM 717296]
S2 Application ClipBook;Application ClipBook;c:\windows\system32\mqtljk.exe runsrv /name:"Application ClipBook" /prinum:"32" /cmdline:"c:\windows\system32\mstsef.tsk" --> c:\windows\system32\mqtljk.exe runsrv [?]
S2 gupdate1c97ec7ea7c4858;Google Update Service (gupdate1c97ec7ea7c4858);c:\program files\Google\Update\GoogleUpdate.exe [1/25/2009 4:35 PM 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [8/23/2001 8:00 PM 3584]
S2 System SSL Messenger;System SSL Messenger;c:\windows\system32\mqtljk.exe runsrv /name:"System SSL Messenger" /prinum:"32" /cmdline:"c:\windows\system32\jautdeij.dat" --> c:\windows\system32\mqtljk.exe runsrv [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NRKCTL32;NRKCTL32;\??\c:\misc program\WCPUID\NRKCTL32.SYS --> c:\misc program\WCPUID\NRKCTL32.SYS [?]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [12/20/2008 11:56 AM 23992]
S3 VBoxTAP;VirtualBox TAP Adapter;c:\windows\system32\drivers\VBoxTAP.sys [4/23/2008 1:47 AM 47552]
S3 XDva132;XDva132;\??\c:\windows\system32\XDva132.sys --> c:\windows\system32\XDva132.sys [?]
S3 XDva158;XDva158;\??\c:\windows\system32\XDva158.sys --> c:\windows\system32\XDva158.sys [?]
S3 XDva165;XDva165;\??\c:\windows\system32\XDva165.sys --> c:\windows\system32\XDva165.sys [?]
S3 XDva167;XDva167;\??\c:\windows\system32\XDva167.sys --> c:\windows\system32\XDva167.sys [?]
S3 XDva170;XDva170;\??\c:\windows\system32\XDva170.sys --> c:\windows\system32\XDva170.sys [?]
S3 XDva215;XDva215;\??\c:\windows\system32\XDva215.sys --> c:\windows\system32\XDva215.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-25 08:35]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-25 08:35]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1390067357-839522115-1003Core.job
- c:\documents and settings\Joseph Gan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-28 11:38]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1390067357-839522115-1003UA.job
- c:\documents and settings\Joseph Gan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-28 11:38]

2010-01-10 c:\windows\Tasks\User_Feed_Synchronization-{83215FAD-3CAC-4E3E-9EC2-433D638B8644}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 20:31]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Open with &LoadScout... - c:\progra~1\SOFTLO~1\LOADSC~1.0\LoadScout.exe/#164
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Joseph Gan\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.automatic-ntlm-auth.trusted-uris - hxxp://127.0.0.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 23:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1008)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-01-10 23:57:31
ComboFix-quarantined-files.txt 2010-01-10 15:57
ComboFix2.txt 2010-01-10 11:01

Pre-Run: 24,646,361,088 bytes free
Post-Run: 24,612,212,736 bytes free

- - End Of File - - 6F548B4CF71B551DC6A5BB717807EB21

SYSTEMLOOK

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 00:06 on 11/01/2010 by Joseph Gan (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"= 0x0000000001 (1)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"= 0x0000000001 (1)
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"= 0x0000000001 (1)
"{871C5380-42A0-1069-A2EA-08002B30309D}"="0x00000000 (0)"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}]
@="Computer Search Results Folder"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}]
"Removal Message"="@mydocs.dll,-900"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}]
@="Recycle Bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}]
@="Search Results Folder"


[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
"@"="\"C:\Program Files\Internet Explorer\IEXPLORE.EXE\""
@=""C:\Program Files\Internet Explorer\iexplore.exe" [url="http://www.go2000.cn/?2""]http://www.go2000.cn/?2"[/url]


[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}]
"InfoTip"="@C:\WINDOWS\system32\ieframe.dll.mui,-881"
"LocalizedString"="@C:\WINDOWS\system32\ieframe.dll.mui,-880"
@=""

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\DefaultIcon]
@="C:\WINDOWS\system32\ieframe.dll,-190"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32]
"ThreadingModel"="Apartment"
@="C:\WINDOWS\system32\ieframe.dll"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell]
@="OpenHomePage"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\NoAddOns]
"LegacyDisable"=""
@="Start Without Add-ons"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\NoAddOns\Command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -extoff"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage]
"@"="Open &Home Page"
"LegacyDisable"=""
"MUIVerb"="@shdoclc.dll,-10241"
@="Open &Home Page"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
"@"=""%programfiles%\internet explorer\iexplore.exe""
@=""%programfiles%\internet explorer\iexplore.exe""

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex]
(No values found)

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers]
(No values found)

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers\ieframe]
@="{871C5380-42A0-1069-A2EA-08002B30309D}"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\MayChangeDefaultMenu]
@=""

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder]
"Attributes"= 0x0000100024 (1048612)
"HideAsDeletePerUser"=""
"HideFolderVerbs"=""
"HideOnDesktopPerUser"=""
"WantsParseDisplayName"=""
@="C:\WINDOWS\system32\ieframe.dll,-190"


[HKEY_CLASSES_ROOT\http\shell\open\command]
@=""C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1""


-=End Of File=-

SRENGLOG

2010-01-11,00:03:44

System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	Windows Security Update Check
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<MsnMsgr><"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
	<Skype><"C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized>  [(Verified)Skype Technologies SA]
	<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<egui><"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice>  [(Verified)ESET, spol. s r.o.]
	<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<DeathAdder><C:\Program Files\Razer\DeathAdder\razerhid.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
	<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
	<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WebCheck><%Systemroot%\system32\webcheck.dll>  [(Verified)Microsoft Windows]
	<SysTray><%systemroot%\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
	<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
	<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
	<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
	<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
	<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
	<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
	<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
	<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
	<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
	<WinlogonNotify: WgaLogon><WgaLogon.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
	<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{1984DD45-52CF-49cd-AB77-18F378FEA264}><C:\Program Files\Stardock\Fences\FencesMenu.dll>  [(Verified)Stardock Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
	<Internet Explorer Version Update><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
	<Browser Customizations><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Acrobat Assistant 8.0><; "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe">  [(Verified)Adobe Systems, Incorporated]
	<Acronis Scheduler2 Service><; "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe">  [(Verified)Acronis, Inc]
	<AcronisTimounterMonitor><; C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe>  [(Verified)Acronis, Inc]
	<Adobe Reader Speed Launcher><; "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [(Verified)Adobe Systems, Incorporated]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<AdobeUpdater><; "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe">  [(Verified)Adobe Systems Incorporated]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Adobe_ID0EYTHM><; C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE>  [Adobe Systems Incorporated]
	<AppleSyncNotifier><; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe>  [(Verified)Apple Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Comrade.exe><; C:\Program Files\GameSpy\Comrade\Comrade.exe>  [IGN Entertainment Inc.]
	<DAEMON Tools Lite><; "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun>  [(Verified)DAEMON Tools Code Signing Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Gainward><; C:\Program Files\Vtune\TBPanel.exe /A>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Google Update><; "C:\Documents and Settings\Joseph Gan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c>  [(Verified)Google Inc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Name of App><; C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r>  [File is missing]
	<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<nwiz><; nwiz.exe /install>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<PC Suite Tray><; "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray>  [Nokia]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Component Publisher]
	<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Component Publisher]
	<QuickTime Task><; "C:\Program Files\QuickTime\QTTask.exe" -atboottime>  [Apple Inc.]
	<RTHDCPL><; RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Skype><; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized>  [(Verified)Skype Technologies SA]
	<Steam><; C:\Program Files\Steam\Steam.exe -silent>  [(Verified)Valve]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<SunJavaUpdateSched><; "C:\Program Files\Java\jre6\bin\jusched.exe">  [(Verified)Sun Microsystems, Inc.]
	<TrueImageMonitor.exe><; C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe>  [(Verified)Acronis, Inc]
	<UnlockerAssistant><; "C:\Program Files\Unlocker\UnlockerAssistant.exe">  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<uTorrent><; "C:\Program Files\uTorrent\uTorrent.exe">  [(Verified)BitTorrent Inc]
	<VeohPlugin><; "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe">  [(Verified)Veoh Networks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<vmware-tray><; "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe">  [(Verified)VMware, Inc.]

==================================
Startup Folders
[Stardock ObjectDock]
  <C:\Documents and Settings\Joseph Gan\Start Menu\Programs\Startup\Stardock ObjectDock.lnk --> C:\PROGRA~1\Stardock\OBJECT~1\OBJECT~1.EXE [Stardock]><N>

==================================
Services
[Acronis Scheduler2 Service / AcrSch2Svc][Running/Auto Start]
  <"C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"><Acronis>
[Adobe Version Cue CS3 / Adobe Version Cue CS3][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service><Adobe Systems Incorporated>
[Apache2.2 / Apache2.2][Running/Auto Start]
  <"C:\Program Files\xampp\apache\bin\httpd.exe" -k runservice><Apache Software Foundation>
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>
[Application  ClipBook / Application  ClipBook][Stopped/Auto Start]
  <C:\WINDOWS\system32\mqtljk.exe runsrv /name:"Application  ClipBook" /prinum:"32" /cmdline:"C:\WINDOWS\system32\mstsef.tsk"><N/A>
[Bonjour Service / Bonjour Service][Running/Auto Start]
  <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Inc.>
[Eset HTTP Server / EhttpSrv][Stopped/Manual Start]
  <"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"><ESET>
[Eset Service / ekrn][Running/Auto Start]
  <"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"><ESET>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Google Update Service (gupdate1c97ec7ea7c4858) / gupdate1c97ec7ea7c4858][Stopped/Auto Start]
  <"C:\Program Files\Google\Update\GoogleUpdate.exe" /svc><Google Inc.>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
  <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
[MySQL / MySQL][Stopped/Auto Start]
  <"C:\Program Files\xampp\mysql\bin\mysqld.exe" --defaults-file="C:\Program Files\xampp\mysql\bin\my.ini" MySQL><N/A>
[nProtect GameGuard Service / npggsvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\GameMon.des -service><INCA Internet Co., Ltd.>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[PnkBstrA / PnkBstrA][Running/Auto Start]
  <C:\WINDOWS\system32\PnkBstrA.exe><N/A>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
[System  SSL  Messenger / System  SSL  Messenger][Stopped/Auto Start]
  <C:\WINDOWS\system32\mqtljk.exe runsrv /name:"System  SSL  Messenger" /prinum:"32" /cmdline:"C:\WINDOWS\system32\jautdeij.dat"><N/A>
[VMware Agent Service / ufad-ws60][Stopped/Manual Start]
  <"C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml><VMware, Inc.>
[VMware Authorization Service / VMAuthdService][Running/Auto Start]
  <"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe"><VMware, Inc.>
[VMware DHCP Service / VMnetDHCP][Running/Auto Start]
  <C:\WINDOWS\system32\vmnetdhcp.exe><VMware, Inc.>
[VMware NAT Service / VMware NAT Service][Running/Auto Start]
  <C:\WINDOWS\system32\vmnat.exe><VMware, Inc.>

==================================
Drivers
[Cardex / Cardex][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\TBPANEL.SYS><Windows (R) 2000 DDK provider>
[catchme / catchme][Running/Manual Start]
  <\??\C:\DOCUME~1\JOSEPH~1\LOCALS~1\Temp\catchme.sys><N/A>
[DeathAdder Mouse / DAdderFltr][Running/Manual Start]
  <system32\drivers\dadder.sys><Razer (Asia-Pacific) Pte Ltd>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[eamon / eamon][Running/Auto Start]
  <system32\DRIVERS\eamon.sys><ESET>
[easdrv / easdrv][Running/System Start]
  <system32\DRIVERS\easdrv.sys><ESET>
[ENTECH / ENTECH][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys><EnTech Taiwan>
[epfwtdir / epfwtdir][Running/System Start]
  <system32\DRIVERS\epfwtdir.sys><N/A>
[giveio / giveio][Running/Boot Start]
  <\SystemRoot\system32\giveio.sys><N/A>
[VMware hcmon / hcmon][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hcmon.sys><VMware, Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[hotcore3 / hotcore3][Running/Boot Start]
  <\SystemRoot\system32\drivers\hotcore3.sys><Paragon Software Group>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
  <system32\drivers\ccdcmb.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
  <system32\drivers\ccdcmbo.sys><Nokia>
[NRKCTL32 / NRKCTL32][Stopped/Manual Start]
  <\??\C:\Misc Program\WCPUID\NRKCTL32.SYS><N/A>
[NTIDrvr / NTIDrvr][Stopped/Manual Start]
  <\??\C:\Program Files\Common Files\muvee Technologies\071203\mvBurnerDll\NTIDrvr.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start]
  <system32\DRIVERS\pccsmcfd.sys><Nokia>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RivaTuner32 / RivaTuner32][Stopped/Manual Start]
  <\??\C:\Program Files\RivaTuner v2.08\RivaTuner32.sys><N/A>
[rspSanity / rspSanity][Stopped/Manual Start]
  <system32\DRIVERS\rspSanity32.sys><Resplendence Software Projects Sp.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Acronis Snapshots Manager / snapman][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\snapman.sys><Acronis>
[speedfan / speedfan][Running/Boot Start]
  <\SystemRoot\system32\speedfan.sys><Windows (R) 2000 DDK provider>
[sptd / sptd][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><Duplex Secure Ltd.>
[Acronis True Image FS Filter / tifsfilter][Running/Auto Start]
  <system32\DRIVERS\tifsfilt.sys><Acronis>
[Acronis True Image Backup Archive Explorer / timounter][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\timntr.sys><Acronis>
[TVICHW32 / TVICHW32][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS><EnTech Taiwan>
[upperdev / upperdev][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerflt.sys><Windows (R) Codename Longhorn DDK provider>
[LGE Mobile Composite USB Device / usbbus][Stopped/Manual Start]
  <system32\DRIVERS\lgusbbus.sys><LG Electronics Inc.>
[LGE Mobile USB Serial Port / UsbDiag][Stopped/Manual Start]
  <system32\DRIVERS\lgusbdiag.sys><LG Electronics Inc.>
[LGE Mobile USB Modem / USBModem][Stopped/Manual Start]
  <system32\DRIVERS\lgusbmodem.sys><LG Electronics Inc.>
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerfltj.sys><Windows (R) Codename Longhorn DDK provider>
[VirtualBox TAP Adapter / VBoxTAP][Stopped/Manual Start]
  <system32\DRIVERS\VBoxTAP.sys><innotek GmbH>
[VMware vmci / vmci][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\vmci.sys><VMware, Inc.>
[VMware kbd / vmkbd][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\VMkbd.sys><VMware, Inc.>
[VMware Virtual Ethernet Adapter Driver / VMnetAdapter][Running/Manual Start]
  <system32\DRIVERS\vmnetadapter.sys><VMware, Inc.>
[VMware Bridge Protocol / VMnetBridge][Running/Auto Start]
  <system32\DRIVERS\vmnetbridge.sys><VMware, Inc.>
[VMware Network Application Interface / VMnetuserif][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\vmnetuserif.sys><VMware, Inc.>
[VMware vmx86 / vmx86][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\vmx86.sys><VMware, Inc.>
[Vstor2 WS60 Virtual Storage Driver / vstor2-ws60][Running/Auto Start]
  <\??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys><VMware, Inc.>
[XDva132 / XDva132][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\XDva132.sys><N/A>
[XDva158 / XDva158][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\XDva158.sys><N/A>
[XDva165 / XDva165][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\XDva165.sys><N/A>
[XDva167 / XDva167][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\XDva167.sys><N/A>
[XDva170 / XDva170][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\XDva170.sys><N/A>
[XDva215 / XDva215][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\XDva215.sys><N/A>
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
  <system32\DRIVERS\yk51x86.sys><Marvell>
[NTPort Library Driver / zntport][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\zntport.sys><Zeal SoftStudio>

==================================
Browser Add-ons
[SnagIt Toolbar Loader]
  {00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll, (Signed) TechSmith Corporation>
[ContributeBHO Class]
  {074C1DC5-9320-4A9A-947D-C042949C6216} <C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll, Adobe Systems Incorporated.>
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[Easy Read]
  {235A3ACD-EBE5-46b2-9BAE-B1960F9DC791} <C:\Program Files\eREAD\eREAD\EasyRead.dll, (Signed) >
[Spybot-S&D IE Protection]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>
[AddTask Class]
  {6A19C29D-ED45-4483-8999-9F939C8161F2} <C:\Program Files\eREAD\eREAD\WebHook.dll, (Signed) >
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Adobe PDF Conversion Toolbar Helper]
  {AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, (Signed) Adobe Systems Incorporated>
[FDMIECookiesBHO Class]
  {CC59E0F9-7E43-44FA-9FAA-8377850BF205} <C:\Program Files\Free Download Manager\iefdm2.dll, N/A>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[Google Gears Helper]
  {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} <C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll, Google Inc.>
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[Google Gears ToolsMenuItem]
  {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} <C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll, Google Inc.>
[Bonjour]
  {7F9DB11C-E358-4ca6-A83D-ACC663939424} <C:\Program Files\Bonjour\ExplorerPlugin.dll, Apple Inc.>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Spybot-S&D IE Protection]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[SnagIt]
  {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll, (Signed) TechSmith Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, (Signed) Adobe Systems Incorporated>
[Contribute Toolbar]
  {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} <C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll, Adobe Systems Incorporated.>
[Facebook Photo Uploader 5 Control]
  {0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx, (Signed) The Facebook>
[Java Plug-in 1.6.0_17]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[CInstallLPCtrl Object]
  {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} <C:\WINDOWS\Downloaded Program Files\InstallLP.dll, (Signed) SanDisk Corporation>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[MessengerStatsClient Class]
  {C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_17]
  {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_17]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jdk1.6.0_17\bin\npjpi160_17.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[SnagIt Toolbar Loader]
  {00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll, (Signed) TechSmith Corporation>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[ContributeBHO Class]
  {074C1DC5-9320-4A9A-947D-C042949C6216} <C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll, Adobe Systems Incorporated.>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[]
  {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} <, >
[Facebook Photo Uploader 5 Control]
  {0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx, (Signed) The Facebook>
[]
  {166B1BCA-3F9C-11CF-8075-444553540000} <, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.dll, >
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[InformationCardSigninHelper Class]
  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, (Signed) Microsoft Corporation>
[]
  {1E51C7CA-B063-44DD-852A-2D430D11C8E1} <, >
[]
  {201F27D4-3704-41D6-89C1-AA35E39143ED} <, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[Easy Read]
  {235A3ACD-EBE5-46B2-9BAE-B1960F9DC791} <C:\Program Files\eREAD\eREAD\EasyRead.dll, (Signed) >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\MSXML3.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[]
  {3132F1DF-2C69-49F5-ACA5-69965FC18E59} <, >
[Google Update Plugin]
  {33B16641-F94B-4CD0-8D2B-0633B2C35790} <C:\Documents and Settings\Joseph Gan\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll, (Signed) Google Inc.>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, (Signed) Adobe Systems Incorporated>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\MSXML3.dll, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Contribute Toolbar]
  {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} <C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll, Adobe Systems Incorporated.>
[Spybot-S&D IE Protection]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>
[IEWGDM Class]
  {57BDEE5A-1E29-4CFD-AEE7-EF32118EB6D6} <C:\Program Files\Free Download Manager\iefdmdm.dll, N/A>
[]
  {5C255C8A-E604-49B4-9D64-90988571CECB} <, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[AddTask Class]
  {6A19C29D-ED45-4483-8999-9F939C8161F2} <C:\Program Files\eREAD\eREAD\WebHook.dll, (Signed) >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[]
  {7F9DB11C-E358-4CA6-A83D-ACC663939424} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML HTTP 6.0]
  {88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_17]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[]
  {8F460B5C-5500-4A35-A01B-4F10389C8991} <, >
[SnagIt]
  {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll, (Signed) TechSmith Corporation>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {AADAA41D-FFD5-4F38-B35A-8CA640D6C037} <, >
[Adobe PDF Conversion Toolbar Helper]
  {AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, (Signed) Adobe Systems Incorporated>
[Adobe PDF Reader]
  {CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.>
[FDMIECookiesBHO Class]
  {CC59E0F9-7E43-44FA-9FAA-8377850BF205} <C:\Program Files\Free Download Manager\iefdm2.dll, N/A>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
  {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} <, >
[Microsoft Url Search Hook]
  {CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[]
  {D22F6F66-2F47-4184-8625-FBFA4CBDB7CE} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[QuickTimeCheck Class]
  {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, (Signed) Apple Inc.>
[]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <, >
[Microsoft Silverlight]
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll, (Signed)  Microsoft Corporation>
[Google Gears Helper]
  {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} <C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll, Google Inc.>
[]
  {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC1~1.DLL, (Signed) Microsoft Corporation>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\MSXML3.dll, (Signed) Microsoft Corporation>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\MSXML3.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\MSXML3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\MSXML3.dll, (Signed) Microsoft Corporation>
[]
  {F9B72325-A029-4A39-943A-02433C978829} <, >
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[Add to Google Photos Screensa&ver]
  <res://C:\WINDOWS\system32\GPhotos.scr/200, N/A>
[Download all with Free Download Manager]
  <file://C:\Program Files\Free Download Manager\dlall.htm, N/A>
[Download selected with Free Download Manager]
  <file://C:\Program Files\Free Download Manager\dlselected.htm, N/A>
[Download video with Free Download Manager]
  <file://C:\Program Files\Free Download Manager\dlfvideo.htm, N/A>
[Download with Free Download Manager]
  <file://C:\Program Files\Free Download Manager\dllink.htm, N/A>
[Open with &LoadScout...]
  <res://C:\PROGRA~1\SOFTLO~1\LOADSC~1.0\LoadScout.exe/#164, N/A>

==================================
Running Processes
[PID: 868 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 928 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 952 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
	[C:\WINDOWS\system32\WgaLogon.dll]  [, ]
[PID: 996 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 1008 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
	[C:\WINDOWS\system32\relog_ap.dll]  [Acronis, 1,0,0,10]
[PID: 1192 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1240 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1888 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1928 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1972 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 604 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 784 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
	[C:\WINDOWS\system32\AdobePDF.dll]  [Adobe Systems Incorporated., 8.0.0.00]
	[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll]  [Adobe Systems Incorporated., 8.1.3.2008101400]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1308 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1484 / SYSTEM][C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe]  [Acronis, 1,0,0,237]
[PID: 1496 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[c:\program files\common files\akamai\rswin_3629.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1512 / SYSTEM][C:\Program Files\xampp\apache\bin\httpd.exe]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\bin\libapr-1.dll]  [Apache Software Foundation, 1.3.7]
	[C:\Program Files\xampp\apache\bin\libaprutil-1.dll]  [Apache Software Foundation, 1.3.8]
	[C:\Program Files\xampp\apache\bin\libapriconv-1.dll]  [Apache Software Foundation, 1.2.1]
	[C:\Program Files\xampp\apache\bin\libhttpd.dll]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_actions.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_alias.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_asis.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_auth_basic.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_auth_digest.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_authn_default.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_authn_file.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_authz_default.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_authz_groupfile.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_authz_host.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_authz_user.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_cgi.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_dav.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_dav_fs.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_dav_lock.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_dir.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_env.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_headers.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_include.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_info.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_isapi.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_log_config.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_mime.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_negotiation.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_rewrite.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_setenvif.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_ssl.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\bin\LIBEAY32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8k]
	[C:\Program Files\xampp\apache\bin\SSLEAY32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8k]
	[C:\Program Files\xampp\apache\modules\mod_status.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_autoindex_color.so]  [N/A, ]
	[C:\Program Files\xampp\php\php5ts.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\apache\modules\php5apache2_2.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\perl\bin\perl510.dll]  [N/A, ]
	[C:\Program Files\xampp\apache\modules\mod_perl.so]  [N/A, ]
	[C:\Program Files\xampp\php\ext\php_bz2.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_mbstring.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_exif.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_gd2.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_gettext.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_imap.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_mcrypt.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_mysql_libmysql.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\apache\bin\LIBMYSQL.dll]  [N/A, ]
	[C:\Program Files\xampp\php\ext\php_mysqli_libmysql.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_pdo.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_pdo_mysql_libmysql.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_pdo_odbc.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_pdo_sqlite.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_soap.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_sockets.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_sqlite.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_sqlite3.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_xmlrpc.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_zip.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_mime_magic.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_ming.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_pdf.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[C:\Program Files\xampp\perl\site\lib\auto\ModPerl\Util\Util.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\RequestRec\RequestRec.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\RequestIO\RequestIO.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\RequestUtil\RequestUtil.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\Log\Log.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\ServerRec\ServerRec.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\ServerUtil\ServerUtil.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\Connection\Connection.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\Const\Const.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\Const\Const.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\Table\Table.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\Access\Access.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\Module\Module.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\Response\Response.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\SubRequest\SubRequest.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\Filter\Filter.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\Util\Util.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\URI\URI.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\Date\Date.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\Pool\Pool.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\URI\URI.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\Util\Util.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\Brigade\Brigade.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\Bucket\Bucket.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\Fcntl\Fcntl.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\Status\Status.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\ModPerl\Global\Global.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\Digest\MD5\MD5.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\Cwd\Cwd.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\Data\Dumper\Dumper.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\Time\HiRes\HiRes.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\SDBM_File\SDBM_File.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\IO\IO.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\List\Util\Util.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\File\Glob\Glob.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\Compress\Raw\Zlib\Zlib.dll]  [N/A, ]
[PID: 1540 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe]  [Apple Inc., 2.0.28.0]
[PID: 1592 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe]  [Apple Inc., 1,0,6,2]
[PID: 1636 / SYSTEM][C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe]  [ESET, 3.0.667 ]
	[C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll]  [ESET, 3.0.667 ]
	[C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll]  [ESET, 3.0.667 ]
	[C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll]  [ESET, 3.0.667 ]
	[C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll]  [ESET, 3.0.667 ]
	[C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll]  [ESET, 3.0.667 ]
	[C:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll]  [ESET, 3.0.667 ]
	[C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll]  [ESET, 3.0.667 ]
[PID: 1700 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe]  [Sun Microsystems, Inc., 6.0.170.4]
	[C:\Program Files\Java\jre6\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 660 / SYSTEM][C:\Program Files\xampp\apache\bin\httpd.exe]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\bin\libapr-1.dll]  [Apache Software Foundation, 1.3.7]
	[C:\Program Files\xampp\apache\bin\libaprutil-1.dll]  [Apache Software Foundation, 1.3.8]
	[C:\Program Files\xampp\apache\bin\libapriconv-1.dll]  [Apache Software Foundation, 1.2.1]
	[C:\Program Files\xampp\apache\bin\libhttpd.dll]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_actions.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_alias.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_asis.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_auth_basic.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_auth_digest.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_authn_default.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_authn_file.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_authz_default.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_authz_groupfile.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_authz_host.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_authz_user.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_cgi.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_dav.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_dav_fs.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_dav_lock.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_dir.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_env.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_headers.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_include.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_info.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_isapi.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_log_config.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_mime.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_negotiation.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_rewrite.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_setenvif.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_ssl.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\bin\LIBEAY32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8k]
	[C:\Program Files\xampp\apache\bin\SSLEAY32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8k]
	[C:\Program Files\xampp\apache\modules\mod_status.so]  [Apache Software Foundation, 2.2.12]
	[C:\Program Files\xampp\apache\modules\mod_autoindex_color.so]  [N/A, ]
	[C:\Program Files\xampp\php\php5ts.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\apache\modules\php5apache2_2.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\perl\bin\perl510.dll]  [N/A, ]
	[C:\Program Files\xampp\apache\modules\mod_perl.so]  [N/A, ]
	[C:\Program Files\xampp\php\ext\php_bz2.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_mbstring.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_exif.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_gd2.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_gettext.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_imap.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_mcrypt.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_mysql_libmysql.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\apache\bin\LIBMYSQL.dll]  [N/A, ]
	[C:\Program Files\xampp\php\ext\php_mysqli_libmysql.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_pdo.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_pdo_mysql_libmysql.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_pdo_odbc.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_pdo_sqlite.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_soap.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_sockets.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_sqlite.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_sqlite3.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_xmlrpc.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_zip.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_mime_magic.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_ming.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\xampp\php\ext\php_pdf.dll]  [The PHP Group, 5.3.0]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[C:\Program Files\xampp\perl\site\lib\auto\ModPerl\Util\Util.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\RequestRec\RequestRec.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\RequestIO\RequestIO.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\RequestUtil\RequestUtil.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\Log\Log.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\ServerRec\ServerRec.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\ServerUtil\ServerUtil.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\Connection\Connection.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\Const\Const.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\Const\Const.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\Table\Table.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\Access\Access.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\Module\Module.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\Response\Response.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\SubRequest\SubRequest.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\Filter\Filter.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\Util\Util.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\Apache2\URI\URI.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\Date\Date.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\Pool\Pool.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\URI\URI.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\Util\Util.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\Brigade\Brigade.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\Bucket\Bucket.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\Fcntl\Fcntl.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\APR\Status\Status.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\site\lib\auto\ModPerl\Global\Global.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\Digest\MD5\MD5.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\Cwd\Cwd.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\Data\Dumper\Dumper.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\Time\HiRes\HiRes.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\SDBM_File\SDBM_File.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\IO\IO.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\List\Util\Util.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\File\Glob\Glob.dll]  [N/A, ]
	[C:\Program Files\xampp\perl\lib\auto\Compress\Raw\Zlib\Zlib.dll]  [N/A, ]
[PID: 2380 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.11.6921]
	[C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.6921]
[PID: 2488 / SYSTEM][C:\WINDOWS\system32\PnkBstrA.exe]  [N/A, ]
[PID: 2528 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 2908 / SYSTEM][C:\WINDOWS\system32\vmnat.exe]  [VMware, Inc., 6.5.0 build-118166]
[PID: 2992 / SYSTEM][C:\WINDOWS\system32\vmnetdhcp.exe]  [VMware, Inc., 6.5.0 build-118166]
[PID: 3200 / SYSTEM][C:\Program Files\VMware\VMware Workstation\vmware-authd.exe]  [VMware, Inc., 6.5.0 build-118166]
	[C:\Program Files\VMware\VMware Workstation\vmwarebase.DLL]  [VMware, Inc., 6.5.0 build-118166]
	[C:\Program Files\VMware\VMware Workstation\vmcryptolib.DLL]  [VMware, Inc., 6.5.0 build-112107]
	[C:\Program Files\VMware\VMware Workstation\libxml2.dll]  [N/A, ]
	[C:\Program Files\VMware\VMware Workstation\iconv.dll]  [Free Software Foundation, 1.9]
	[C:\Program Files\VMware\VMware Workstation\zlib1.dll]  [, 1.2.3]
[PID: 2040 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[PID: 2736 / Joseph Gan][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 748 / Joseph Gan][C:\WINDOWS\system32\notepad.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 1712 / Joseph Gan][C:\WINDOWS\explorer.exe]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[C:\Program Files\Stardock\Fences\FencesMenu.dll]  [Stardock, 1, 0, 0, 0]
	[c:\program files\stardock\fences\DesktopDock.dll]  [Stardock, 1, 0, 0, 0]
	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 9.0.0.2008061100]
	[C:\PROGRA~1\WINZIP\WZSHLSTB.DLL]  [WinZip Computing LP, 4.1 (32-bit)]
	[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
	[C:\Program Files\TechSmith\SnagIt 9\SnagItShellExtRes.dll]  [TechSmith Corporation, 9.0.0.351]
	[C:\Program Files\Unlocker\UnlockerCOM.dll]  [N/A, ]
	[C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll]  [Malwarebytes Corporation, 1, 3, 0, 0]
	[C:\Program Files\Acronis\TrueImageHome\tishell.dll]  [Acronis, 10,0,0,4871]
	[C:\Program Files\Acronis\TrueImageHome\timounter.dll]  [Acronis, 3.3 build 443]
	[C:\Program Files\TechSmith\SnagIt 9\SnagItShellExt.dll]  [TechSmith Corporation, 9.0.0.351]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.4053]
	[C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll]  [ESET, 3.0.667 ]
	[C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll]  [GlobalSCAPE Texas, LP., 50, 6, 3, 2]
	[C:\PROGRA~1\ESTsoft\ALSee\ASSHLE~1.DLL]  [ESTsoft, 8.3.21.1]
	[C:\PROGRA~1\ESTsoft\ALSee\LTIMGEFX15U.DLL]  [LEAD Technologies, Inc., 15,0,0,3]
	[C:\PROGRA~1\ESTsoft\ALSee\Ltkrn15u.dll]  [LEAD Technologies, Inc., 15,0,0,16]
	[C:\PROGRA~1\ESTsoft\ALSee\Ltdis15u.dll]  [LEAD Technologies, Inc., 15,0,0,4]
	[C:\PROGRA~1\ESTsoft\ALSee\Ltimgutl15u.dll]  [LEAD Technologies, Inc., 15,0,0,5]
	[C:\PROGRA~1\ESTsoft\ALSee\LTFIL15U.DLL]  [LEAD Technologies, Inc., 15,0,0,30]
	[C:\PROGRA~1\ESTsoft\ALSee\LFFax15U.DLL]  [LEAD Technologies, Inc., 15,0,0,5]
	[C:\PROGRA~1\ESTsoft\ALSee\LFCmp15U.DLL]  [LEAD Technologies, Inc., 15,0,0,28]
	[C:\PROGRA~1\ESTsoft\ALSee\LFTif15U.DLL]  [LEAD Technologies, Inc., 15,0,0,17]
	[C:\PROGRA~1\ESTsoft\ALSee\LFJbg15U.DLL]  [LEAD Technologies, Inc., 15,0,0,5]
	[C:\PROGRA~1\ESTsoft\ALSee\LFCal15U.DLL]  [LEAD Technologies, Inc., 15,0,0,2]
	[C:\PROGRA~1\ESTsoft\ALSee\LFImg15U.DLL]  [LEAD Technologies, Inc., 15,0,0,2]
	[C:\PROGRA~1\ESTsoft\ALSee\LFPnm15U.DLL]  [LEAD Technologies, Inc., 15,0,0,2]
	[C:\PROGRA~1\ESTsoft\ALSee\LFPct15U.DLL]  [LEAD Technologies, Inc., 15,0,0,8]
	[C:\PROGRA~1\ESTsoft\ALSee\LFMac15U.DLL]  [LEAD Technologies, Inc., 15,0,0,3]
	[C:\PROGRA~1\ESTsoft\ALSee\LFWmf15U.DLL]  [LEAD Technologies, Inc., 15,0,0,7]
	[C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll]  [Adobe Systems Inc., 8.1.5.2007051000\0]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.4053]
	[C:\WINDOWS\system32\CmdLineExt.dll]  [Sony DADC Austria AG., 1,1,221,0]
	[C:\Program Files\Vtune\TBPanelExt.dll]  [, 1, 0, 0, 2]
	[C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.11.6921]
	[C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.6921]
	[C:\WINDOWS\system32\nvshell.dll]  [, ]
	[C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll]  [Nokia, 7, 1, 105, 0]
	[C:\Program Files\Nokia\Nokia PC Suite 7\NGSCM.DLL]  [Nokia, 7, 1, 151, 0]
	[C:\Program Files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr]  [Nokia, 7, 1, 66, 0]
	[C:\Program Files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr]  [Nokia, 7, 1, 21, 0]
[PID: 524 / Joseph Gan][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.9.1.7]
	[C:\Program Files\Mozilla Firefox\xul.dll]  [Mozilla Foundation, 1.9.1.7]
	[C:\Program Files\Mozilla Firefox\sqlite3.dll]  [sqlite.org, 3.6.16.1]
	[C:\Program Files\Mozilla Firefox\MOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]
	[C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
	[C:\Program Files\Mozilla Firefox\nspr4.dll]  [Mozilla Foundation, 4.8.2]
	[C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.12.4.5 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.12.4.5 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssutil3.dll]  [Mozilla Foundation, 3.12.4.5]
	[C:\Program Files\Mozilla Firefox\plc4.dll]  [Mozilla Foundation, 4.8.2]
	[C:\Program Files\Mozilla Firefox\plds4.dll]  [Mozilla Foundation, 4.8.2]
	[C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.12.4.5 Basic ECC]
	[C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.9.1.7]
	[C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll]  [Mozilla Foundation, 1.9.1.7]
	[C:\Program Files\Google\Google Gears\Firefox\lib\ff35\gears.dll]  [N/A, ]
	[C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll]  [Mozilla Foundation, 1.9.1.7]
	[C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\components\coolirisstub.dll]  [N/A, ]
	[C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\piclens@cooliris.com\libs\cooliris190.dll]  [Cooliris Inc., 1.11.6.31945]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[C:\Program Files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll]  [N/A, ]
	[C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.12.4.5 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssdbm3.dll]  [Mozilla Foundation, 3.12.4.5 Basic ECC]
	[C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.12.4.5 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.75]
	[C:\Documents and Settings\Joseph Gan\Application Data\Mozilla\Firefox\Profiles\f3gvtnnj.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll]  [Mozilla Corporation, 1.9.0.200907222317]
	[C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.6921]
[PID: 3892 / Joseph Gan][C:\PROGRA~1\FREEDO~1\fdm.exe]  [FreeDownloadManager.ORG, 3, 0, 844, 0]
	[C:\PROGRA~1\FREEDO~1\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
	[C:\Program Files\Free Download Manager\fum\fumcore.dll]  [N/A, ]
	[C:\Program Files\Free Download Manager\fdmbtsupp.dll]  [N/A, ]
	[C:\Program Files\Free Download Manager\iefdm2.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 3668 / Joseph Gan][C:\Documents and Settings\Joseph Gan\Desktop\New Folder\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.2.1321]
[PID: 912 / Joseph Gan][C:\Documents and Settings\Joseph Gan\Desktop\New Folder\SRE88a55157.EXE]  [Smallfrogs Studio, 2.8.2.1321]
	[C:\Documents and Settings\Joseph Gan\Desktop\New Folder\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["%SYSTEMROOT%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
VMCI sockets DGRAM
	C:\Program Files\VMware\VMware Workstation\vsocklib.dll(VMware, Inc., VSockets Library)
VMCI sockets STREAM
	C:\Program Files\VMware\VMware Workstation\vsocklib.dll(VMware, Inc., VSockets Library)

==================================
Autorun.Inf
N/A

==================================
HOSTS File
N/A

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3892, C:\PROGRA~1\FREEDO~1\FDM.EXE]

==================================
Scheduled Tasks
[Enabled] User_Feed_Synchronization-{83215FAD-3CAC-4E3E-9EC2-433D638B8644}.job
		C:\WINDOWS\system32\msfeedssync.exe 
[Enabled] GoogleUpdateTaskUserS-1-5-21-796845957-1390067357-839522115-1003UA.job
		C:\Documents and Settings\Joseph Gan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe 
[Enabled] GoogleUpdateTaskUserS-1-5-21-796845957-1390067357-839522115-1003Core.job
		C:\Documents and Settings\Joseph Gan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe 
[Enabled] GoogleUpdateTaskMachineUA.job
		C:\Program Files\Google\Update\GoogleUpdate.exe 
[Enabled] GoogleUpdateTaskMachineCore.job
		C:\Program Files\Google\Update\GoogleUpdate.exe 

==================================
Windows Security Update Check
KB940157,  Windows Search 4.0 for Windows XP (KB940157) 
KB926139,  Windows PowerShell 1.0 for Windows XP (KB926139) 
KB909520,  Microsoft Base Smart Card Cryptographic Service Provider Package: x86 (KB909520) 
KB963663,  Update for Microsoft Office Access 2007 Help (KB963663) 
KB963673,  Update for the 2007 Microsoft Office System Help for Common Features (KB963673) 
KB963671,  Update for Microsoft Script Editor Help (KB963671) 
KB963666,  Update for Microsoft Office Visio 2007 Help (KB963666) 
KB963678,  Update for Microsoft Office Excel 2007 Help (KB963678) 
KB963677,  Update for Microsoft Office Outlook 2007 Help (KB963677) 
KB963669,  Update for Microsoft Office PowerPoint 2007 Help (KB963669) 
KB963665,  Update for Microsoft Office Word 2007 Help (KB963665) 
KB963665,  Office Live add-in 1.4 
KB975364,  Update for Internet Explorer 8 Compatibility View List for Windows XP (KB975364) 
KB971513,  Update for Windows XP (KB971513) 
KB974561,  Update for Microsoft Office Word 2007 (KB974561) 
KB931125,  Update for Root Certificates [November 2009] (KB931125) 
KB955759,  Update for Windows XP (KB955759) 

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

Edited by Nikas, 10 January 2010 - 11:16 AM.


#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:59 PM

Posted 10 January 2010 - 12:06 PM

Hi Nikas,



I have disabled my AV and then COMBOFIX detected a CD Emulator/Emulation and restarted on its own

That is normal. CD Emulator may be acting as a false positive. CF will temporarily close it. After reboot, your desktop should be empty and AV should be closed as well.



Step1

Go to Start>Run>type regedit>and hit Enter. Navigate to and expand the following entries and right click it delete the following bold data which added http://www.go2000.c/?2.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
@=""C:\Program Files\Internet Explorer\iexplore.exe" [url="http://www.go2000.cn/?2""]http://www.go2000.cn/?2"[/url]

Close regedit, and reboot your pc.

Step2
  • Open HiJackThis
  • Click on the button " Open the Misc Tools section"
  • Click on the Box that says "Open hosts File Manager"
  • Click on the button "Open in Notepad"
  • Copy and past the List from the notepad file into your post
  • If it's a large file, save it somewhere you can find it, and attach it in your next reply.
If can't find any Hosts file there, please do the following:

Please download HostsXpert to your desktop
  • Unzip HostsXpert to it's own folder.
  • Run HostsXpert.exe
  • If HostsXpert alerts you, it can't find any Hosts file and need to creat a new one. Please consent.
  • Click "Make Writable?" in the upper left corner.
  • Click "Restore MS Hosts file" and then click OK.
  • Close HostsXpert.
After that, please rerun SystemLook and post the contents in your next reply.

In your next reply, please post back:

1.SystemLook log
2.Hosts log

Tell me if you have any remaining issues on your pc.

#13 Nikas

Nikas
  • Topic Starter

  • Members
  • 650 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:02:59 AM

Posted 10 January 2010 - 09:16 PM

I will do it either on Tue or Thur.

Thanks!

#14 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:59 PM

Posted 10 January 2010 - 09:17 PM

:(

#15 Nikas

Nikas
  • Topic Starter

  • Members
  • 650 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:02:59 AM

Posted 14 January 2010 - 09:41 AM

Hi sundavis,

Sorry for the delay.

I am unable to delete that entry. It says "Unable to delete all specified values".

Below is the entries from the hosts.

218.1.25.1 dl.360safe.com
218.1.25.1 bbs.360safe.com
218.1.25.1 dl.360.cn
218.1.25.1 bbs.360.cn


Below is the SystemLook.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 22:39 on 14/01/2010 by Joseph Gan (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"= 0x0000000001 (1)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"= 0x0000000001 (1)
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"= 0x0000000001 (1)
"{871C5380-42A0-1069-A2EA-08002B30309D}"="0x00000000 (0)"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}]
@="Computer Search Results Folder"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}]
"Removal Message"="@mydocs.dll,-900"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}]
@="Recycle Bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}]
@="Search Results Folder"


[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
"@"="\"C:\Program Files\Internet Explorer\IEXPLORE.EXE\""
@=""C:\Program Files\Internet Explorer\iexplore.exe" [url="http://www.go2000.cn/?2""]http://www.go2000.cn/?2"[/url]


[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}]
"InfoTip"="@C:\WINDOWS\system32\ieframe.dll.mui,-881"
"LocalizedString"="@C:\WINDOWS\system32\ieframe.dll.mui,-880"
@=""

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\DefaultIcon]
@="C:\WINDOWS\system32\ieframe.dll,-190"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32]
"ThreadingModel"="Apartment"
@="C:\WINDOWS\system32\ieframe.dll"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell]
@="OpenHomePage"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\NoAddOns]
"LegacyDisable"=""
@="Start Without Add-ons"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\NoAddOns\Command]
@=""C:\Program Files\Internet Explorer\iexplore.exe" -extoff"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage]
"@"="Open &Home Page"
"LegacyDisable"=""
"MUIVerb"="@shdoclc.dll,-10241"
@="打开主页(&H)"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
"@"=""%programfiles%\internet explorer\iexplore.exe""
@="C:\Program Files\Internet Explorer\iexplore.exe [url="http://www.go2000.cn/?2""]http://www.go2000.cn/?2"[/url]

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex]
(No values found)

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers]
(No values found)

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\ContextMenuHandlers\ieframe]
@="{871C5380-42A0-1069-A2EA-08002B30309D}"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shellex\MayChangeDefaultMenu]
@=""

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder]
"Attributes"= 0x0000100024 (1048612)
"HideAsDeletePerUser"=""
"HideFolderVerbs"=""
"HideOnDesktopPerUser"=""
"WantsParseDisplayName"=""
@="C:\WINDOWS\system32\ieframe.dll,-190"


[HKEY_CLASSES_ROOT\http\shell\open\command]
@=""C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1""


-=End Of File=-

The IE is still directed to go2000.cn.

Edited by Nikas, 14 January 2010 - 09:42 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users