Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Hackers Don't Give Site Owners Time to Patch, Start Exploiting New Drupal Flaw Within Hours

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Photo

TR/Crypt.ZPACK.GEN, TR/Trash.GEN,TR/Dropper.Gen and fake svchost.exe multiple Trojen keep popping up.

Started by woodwind , Feb 25 2010 06:48 AM

  • This topic is locked This topic is locked
13 replies to this topic

#1 woodwind

woodwind

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:10:08 AM

Posted 25 February 2010 - 06:48 AM


Hi,

IT started with fake svchost.exe containing TR/Crypt.ZPACK.GEN keep causing my Antivirus to pop up asking for instruction, but seem that the Antivirus cannot delete or remove it. It just keep popping up. Not there seem to be more other Trojan keep appearing (TR/Trash.GEN TR/Dropper.Gen etc). I am trying to following the guide to prepare the necessary information to submit here for help, but Gmer.exe is not successful it just keep hanging after the scan. I had tried running Gmer.exe for 3 times (everytime it take over 5 hours for scanning), but it just hang after the scan finish. I just cannot get to save the log. So I am attached the hijackthis log instate. Hope some one can help me to solve my problem. Thanks in advance.

Regards,

Dave

Following are the Log as requested except for the Gmer.exe log :




DDS (Ver_09-12-01.01) - NTFSx86
Run by Soon Hin at 18:52:57.59 on Thu 02/25/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1089 [GMT 8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\AsScrPro.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Motorola\Software Update\mumservice.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Program Files\SingTel\McciTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\EnGenius\Common\RaUI.exe
C:\Program Files\bRoad Lanner Wave\GW-US54GXS\GW-US54GXS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\EnGenius\Common\RegistryWriter.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Camfrog Video Chat\Camfrog Video Chat.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\FlashGet\flashget.exe
C:\Documents and Settings\Soon Hin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://sg.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://sg.search.yahoo.com/
mDefault_Page_URL = hxxp://sg.yahoo.com
mDefault_Search_URL = hxxp://sg.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://sg.search.yahoo.com/
mSearch Page = hxxp://sg.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://sg.search.yahoo.com/
mStart Page = hxxp://sg.yahoo.com
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://sg.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://sg.search.yahoo.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Flashget Catch Url Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: FlashGet: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\program files\flashget\fgiebar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Power2GoExpress]
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Vbuzzer Messenger] c:\program files\vbuzzer\VBuzzer.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MsgTranAgt] c:\program files\asus\atk hotkey\MsgTranAgt.exe
mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe
mRun: [ATKHOTKEY] c:\program files\asus\atk hotkey\HControl.exe
mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [Wireless Console 2] "c:\program files\wireless console 2\wcourier.exe"
mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [ACMON] "c:\program files\asus\splendid\ACMON.exe"
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" update "software\cyberlink\powerproducer\4.0"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mumservice] c:\program files\motorola\software update\mumservice.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Google Pinyin 2 Autoupdater] "c:\program files\google\google pinyin 2\GooglePinyinDaemon.exe"
mRun: [SingTel_McciTrayApp] c:\program files\singtel\McciTrayApp.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [Rapget] c:\downloads\rapget 1.41\rapget141\rapget.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\soonhi~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\engeni~1.lnk - c:\program files\engenius\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pcigw-~1.lnk - c:\program files\broad lanner wave\gw-us54gxs\GW-US54GXS.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\rtl8187 wireless lan utility\RtWLan.exe
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
Trusted Zone: singpass-services.gov.sg\www
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.7.1/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxps://www4.snapfish.com.sg/SnapfishActivia.cab
DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} - hxxp://www4.snapfish.com.sg/SnapfishActivia2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = scecli psqlpwd
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\soonhi~1\applic~1\mozilla\firefox\profiles\ubcxzo4g.default\
FF - prefs.js: keyword.URL - hxxp://sg.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_sg&p=
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-22 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-8-19 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-8-19 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-22 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-22 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-22 56816]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2008-11-26 323584]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-12-16 38144]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-15 236368]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\engenius\common\RegistryWriter.exe [2009-12-14 69632]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-15 19160]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-12-5 39072]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-8-19 12872]
S2 gupdate1c9fcc2148b8474;Google Update Service (gupdate1c9fcc2148b8474);c:\program files\google\update\GoogleUpdate.exe [2009-7-5 133104]
S2 marjotcqclxa;\??\c:\windo;\??\c:\windows\temp\zkuhfxikvkozcbu.sys --> c:\windows\temp\zkuhfxikvkozcbu.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-2-17 1691480]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\f:\i386\asprocob.sys --> f:\i386\AsProcOb.sys [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2009-2-18 20608]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [2008-4-7 6656]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-5-21 42112]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-12-14 627072]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2009-12-11 332928]
S3 ZD1211BU(PLANEX COMMUNICATIONS INC.);PCI GW-US54GXS 54Mbps WLAN USB Adapter Driver(PLANEX COMMUNICATIONS INC.);c:\windows\system32\drivers\ZD1211BU.sys [2009-2-18 450560]

=============== Created Last 30 ================

2010-02-25 06:02:42 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-25 06:02:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-02-25 01:03:17 0 d-----w- c:\program files\Enigma Software Group
2010-02-24 05:14:48 20 ----a-w- c:\windows\system32\crt.dat
2010-02-23 04:04:01 0 d-----w- c:\windows\ERUNT
2010-02-22 12:49:25 0 d-----w- c:\docume~1\soonhi~1\applic~1\IObit
2010-02-22 12:49:23 0 d-----w- c:\program files\IObit
2010-02-22 07:45:14 0 ----a-w- c:\documents and settings\soon hin\defogger_reenable
2010-02-22 02:54:39 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-22 02:54:35 0 d-----w- c:\program files\Avira
2010-02-22 02:54:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-02-21 07:04:09 0 d-----w- c:\program files\Super Internet TV
2010-02-19 12:37:17 0 d-----w- c:\program files\WSGConnect
2010-02-05 01:14:25 2000880 ----a-w- c:\windows\system32\GooglePinyin2.ime
2010-01-28 16:30:54 585728 ----a-w- c:\windows\system32\bsratswf.dll
2010-01-28 16:30:54 147456 ----a-w- c:\windows\system32\bsratwmv.dll

==================== Find3M ====================

2010-02-22 23:10:47 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-08 10:45:16 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-02-08 10:45:16 358944 ----a-w- c:\windows\vncutil.exe
2010-02-08 10:45:16 1833504 ----a-w- c:\windows\SkyTel.exe
2010-02-08 10:45:12 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-02-08 10:45:12 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-02-08 10:45:06 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-02-08 10:45:04 18790432 ----a-w- c:\windows\RTHDCPL.EXE
2010-02-08 10:45:04 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-02-08 10:44:58 2177568 ----a-w- c:\windows\MicCal.exe
2010-02-08 10:44:52 64032 ----a-w- c:\windows\ALCMTR.EXE
2010-02-08 10:44:52 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-02-08 10:15:44 5860384 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-02-01 08:14:54 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-01-28 16:31:07 2048 ----a-w- c:\windows\system32\Tr_sttool.dat
2010-01-07 08:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 08:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 11:20:05 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2009-12-19 13:35:20 155648 ----a-w- c:\windows\system32\libssl32.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 00:51:37 537365896 ----a-w- C:\VMWSV7.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 05:36:24 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2007-05-01 14:52:54 28464 ----a-w- c:\windows\inf\vmnetBridge.sys
2007-05-01 14:51:04 50992 ----a-r- c:\windows\inf\vmnetBridge.dll
2007-05-01 14:51:02 30768 ----a-r- c:\windows\inf\vmusb.sys
2007-05-01 14:51:02 17712 ----a-r- c:\windows\inf\vmnet.sys
2007-05-01 14:51:02 16816 ----a-r- c:\windows\inf\vmnetAdapter.sys
2007-05-01 14:51:02 13104 ----a-r- c:\windows\inf\vnetinst.dll

============= FINISH: 18:57:51.53 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/5/2008 1:15:50 PM
System Uptime: 2/25/2010 4:56:24 PM (2 hours ago)

Motherboard: ASUSTeK Computer Inc. | | N10Jc
Processor: Intel® Atom™ CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 78 GiB total, 38.28 GiB free.
D: is FIXED (NTFS) - 138 GiB total, 116.374 GiB free.
E: is FIXED (NTFS) - 82 GiB total, 31.788 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP276: 11/25/2009 1:12:45 PM - Software Distribution Service 3.0
RP277: 11/27/2009 8:37:39 AM - System Checkpoint
RP278: 11/29/2009 1:49:23 AM - System Checkpoint
RP279: 12/1/2009 11:34:16 AM - System Checkpoint
RP280: 12/2/2009 5:14:33 PM - System Checkpoint
RP281: 12/3/2009 9:12:47 PM - System Checkpoint
RP282: 12/5/2009 6:15:50 AM - System Checkpoint
RP283: 12/7/2009 11:25:37 AM - System Checkpoint
RP284: 12/8/2009 4:43:53 PM - System Checkpoint
RP285: 12/9/2009 2:00:33 PM - Software Distribution Service 3.0
RP286: 12/10/2009 7:27:36 PM - System Checkpoint
RP287: 12/11/2009 8:44:47 PM - System Checkpoint
RP288: 12/11/2009 11:13:11 PM - Installed REALTEK USB Wireless LAN Driver and Utility
RP289: 12/12/2009 12:11:58 AM - Removed REALTEK USB Wireless LAN Driver and Utility
RP290: 12/12/2009 12:49:36 AM - Installed REALTEK RTL8187 Wireless LAN Driver and Utility
RP291: 12/13/2009 1:23:37 AM - Installed REALTEK RTL8187 Wireless LAN Driver and Utility
RP292: 12/13/2009 4:50:48 PM - Installed HP USB Disk Storage Format Tool
RP293: 12/14/2009 1:32:00 PM - Installed EnGenius Wireless LAN
RP294: 12/14/2009 5:46:09 PM - Removed PCI GW-US54GXS 54Mbps WLAN USB Adapter
RP295: 12/14/2009 5:47:23 PM - Installed PCI GW-US54GXS 54Mbps WLAN USB Adapter
RP296: 12/14/2009 5:49:46 PM - Unsigned driver install
RP297: 12/15/2009 3:41:43 PM - Avg8 Update
RP298: 12/15/2009 3:42:31 PM - Avg8 Update
RP299: 12/16/2009 1:49:50 PM - Installed REALTEK RTL8187 Wireless LAN Driver and Utility
RP300: 12/18/2009 8:58:11 AM - Unsigned driver install
RP301: 12/20/2009 8:45:06 PM - System Checkpoint
RP302: 12/23/2009 8:07:16 PM - System Checkpoint
RP303: 12/28/2009 8:05:34 PM - System Checkpoint
RP304: 12/30/2009 12:40:01 AM - System Checkpoint
RP305: 12/31/2009 1:43:20 AM - System Checkpoint
RP306: 1/2/2010 6:12:51 PM - System Checkpoint
RP307: 1/7/2010 9:07:26 AM - System Checkpoint
RP308: 1/8/2010 10:58:58 PM - System Checkpoint
RP309: 1/12/2010 11:33:25 PM - System Checkpoint
RP310: 1/12/2010 11:48:08 PM - Avg8 Update
RP311: 1/13/2010 2:00:26 PM - Software Distribution Service 3.0
RP312: 1/18/2010 8:04:04 PM - System Checkpoint
RP313: 1/20/2010 2:00:20 PM - Software Distribution Service 3.0
RP314: 1/22/2010 2:00:21 PM - Software Distribution Service 3.0
RP315: 2/2/2010 10:06:39 AM - System Checkpoint
RP316: 2/5/2010 7:44:09 AM - Avg8 Update
RP317: 2/12/2010 12:57:23 AM - Software Distribution Service 3.0
RP318: 2/13/2010 12:43:35 AM - Software Distribution Service 3.0
RP319: 2/17/2010 11:19:12 AM - Removed Realtek High Definition Audio Driver
RP320: 2/17/2010 12:57:43 PM - Installed Realtek High Definition Audio Driver
RP321: 2/19/2010 11:28:11 AM - System Checkpoint
RP322: 2/22/2010 10:53:16 AM - Avira AntiVir Personal - 2/22/2010 10:53
RP323: 2/22/2010 11:17:26 AM - Removed AVG Free 8.5
RP324: 2/22/2010 11:20:29 AM - Installed AVG Free 8.5
RP325: 2/22/2010 10:43:16 PM - Software Distribution Service 3.0
RP326: 2/24/2010 10:16:25 AM - Software Distribution Service 3.0

==== Installed Programs ======================

??????? 2.2
32 Bit HP CIO Components Installer
AAC Decoder
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9.3.1 - CPSID_50570
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Advanced RAR Repair v1.2
Apple Mobile Device Support
Apple Software Update
ASUS Live Update
ASUS MultiFrame
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WL-330gE Wireless AP
ASUS Zoom In
ASUS_Notebook_N10 Screen Saver
Atheros Client Installation Program
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Bluetooth Stack for Windows by Toshiba
Bonjour
BPD_Scan
BroadBand on Mobile
BSR Screen Recorder 4
Camfrog Video Chat 5.4
Canon iP1800 series
Connection Manager
Critical Update for Windows Media Player 11 (KB959772)
CyberLink DVD Suite
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
eMule
EnGenius EnGenius 11n Wireless USB Adapter
ERUNT 1.1j
Eudora
Express Gate
ffdshow (remove only)
FlashGet(Jetcar) 1.80
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google Update Helper
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Drive Key Boot Utility
HP Officejet J3500 Series
HP USB Disk Storage Format Tool
ImgBurn
iTunes
Java™ 6 Update 17
Junk Mail filter update
LabelPrint
LifeFrame2
LightScribe System Software 1.12.37.1
Loki ActiveX Control
Malwarebytes' Anti-Malware
MediaShow
MFM-Garmin 100118
MFM v1.74
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
Mobile Partner
Motorola Software Update
Mozilla Firefox (3.5.7)
Mozilla Thunderbird (2.0.0.23)
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Multimedia Card Reader
NB Probe
Nero OEM
Nokia Connectivity Cable Driver
Nokia Download!
Nokia Lifeblog 2.5
Nokia Map Loader
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Suite
Nokia Software Updater
NVIDIA Drivers
OGA Notifier 1.7.0105.35.0
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PCI GW-US54GXS 54Mbps WLAN USB Adapter
PhotoNow!
Power2Go
Power4 Gear
PowerDirector
PowerDVD
PowerProducer
Protector Suite QL 5.8
QuickTime
RAR Repair Tool v.4.0.1
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
REALTEK RTL8187 Wireless LAN Driver and Utility
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Samsung Mobile USB Modem Software
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SingTel Wireless Connection Manager
Skype web features
Skype™ 4.1
Smart Defrag
Spybot - Search & Destroy
Super Internet TV v8.0 (Premium Edition)
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB 2.0 1.3M UVC WebCam
v1.61u
VC80CRTRedist - 8.0.50727.4053
VMware Workstation
WBFS Manager 3.0
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
WinFlash
WinImage
WinRAR archiver
Wireless Console 2
Wireless@SG SingTel (1.0.0.0)
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

2/25/2010 8:32:03 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the VMware Authorization Service service to connect.
2/25/2010 8:32:03 AM, error: Service Control Manager [7000] - The VMware Authorization Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/25/2010 1:17:35 AM, error: Dhcp [1002] - The IP address lease 192.168.1.66 for the Network Card with network address 00224352567F has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
2/24/2010 3:01:00 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
2/24/2010 12:05:00 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{BB5914CC-698A-4B78-AAB8-BD1394F615BE} because another computer on the network has the same name. The server could not start.
2/23/2010 8:15:50 AM, error: Service Control Manager [7000] - The SABProcEnum service failed to start due to the following error: The system cannot find the file specified.
2/22/2010 2:53:24 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
2/22/2010 10:11:06 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
2/22/2010 10:09:37 AM, error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 10047 (0x273F).
2/22/2010 10:08:32 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
2/22/2010 10:08:32 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
2/19/2010 8:21:00 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 00224352567F has been denied by the DHCP server 127.133.31.254 (The DHCP Server sent a DHCPNACK message).
2/19/2010 7:43:32 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
2/19/2010 7:42:09 AM, error: Service Control Manager [7022] - The IPv6 Helper Service service hung on starting.

==== End Of File ===========================


HIJACKTHIS LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:09 PM, on 2/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\AsScrPro.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Motorola\Software Update\mumservice.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Program Files\SingTel\McciTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\EnGenius\Common\RaUI.exe
C:\Program Files\bRoad Lanner Wave\GW-US54GXS\GW-US54GXS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\EnGenius\Common\RegistryWriter.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Camfrog Video Chat\Camfrog Video Chat.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Downloads\HijackThis.exe
C:\WINDOWS\system32\msfeedssync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sg.rd.yahoo.com/customize/ie/defaul...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sg.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://sg.rd.yahoo.com/customize/ie/defaul...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sg.rd.yahoo.com/customize/ie/defaul...arch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.rd.yahoo.com/customize/ie/defaul...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MsgTranAgt] C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKHOTKEY] C:\Program Files\ASUS\ATK Hotkey\HControl.exe
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Pinyin 2 Autoupdater] "C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [SingTel_McciTrayApp] C:\Program Files\SingTel\McciTrayApp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [Rapget] C:\Downloads\RapGet 1.41\rapget141\rapget.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Vbuzzer Messenger] C:\Program Files\vbuzzer\VBuzzer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: EnGenius Wireless Utility.lnk = C:\Program Files\EnGenius\Common\RaUI.exe
O4 - Global Startup: PCI GW-US54GXS Utility.lnk = C:\Program Files\bRoad Lanner Wave\GW-US54GXS\GW-US54GXS.exe
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.7.1/GarminAxControl.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - https://www4.snapfish.com.sg/SnapfishActivia.cab
O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} (Snapfish Activia2) - http://www4.snapfish.com.sg/SnapfishActivia2.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9fcc2148b8474) (gupdate1c9fcc2148b8474) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\EnGenius\Common\RegistryWriter.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 18175 bytes


BC AdBot (Login to Remove)

 

#2 woodwind

woodwind
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:10:08 AM

Posted 25 February 2010 - 07:38 PM

Hi

Wonder any Guru able to help me get this problems solved? Greatly appreciated.

Thanks in Advance.

Regards,


Dave

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our Malware Removal Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the Malware Removal Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another MRT member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Pandy~
Forum Moderator

Edited by Pandy, 26 February 2010 - 01:32 AM.

#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:08 AM

Posted 27 February 2010 - 05:02 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    proquota.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

unite.jpg

#4 woodwind

woodwind
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:10:08 AM

Posted 28 February 2010 - 12:15 AM


Hi Syler,

Thank you very much for attending to my problems, greatly appreciate you kind help and assistant.

Following is the OTL and Extra Report you had asked for :

OTL logfile created on: 2/28/2010 12:54:08 PM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\Soon Hin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 38.13 Gb Free Space | 48.81% Space Free | Partition Type: NTFS
Drive D: | 137.89 Gb Total Space | 113.12 Gb Free Space | 82.03% Space Free | Partition Type: NTFS
Drive E: | 82.07 Gb Total Space | 31.88 Gb Free Space | 38.84% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SOON-251939208E
Current User Name: Soon Hin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/25 02:00:11 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Soon Hin\Desktop\OTL.exe
PRC - [2010/02/19 07:43:28 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/02/08 18:45:04 | 018,790,432 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2010/02/05 09:14:25 | 001,193,456 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
PRC - [2010/02/05 09:14:25 | 000,761,840 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
PRC - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/12/18 21:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/26 10:20:02 | 001,499,136 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2009/10/22 04:59:24 | 000,129,584 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/16 22:54:05 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/02 16:11:02 | 000,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/04/02 16:10:56 | 000,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/26 15:31:20 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/25 10:07:44 | 000,996,608 | ---- | M] (Motorola) -- C:\Program Files\Motorola\Software Update\mumservice.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/06 18:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/02/04 16:57:42 | 000,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/05 15:36:25 | 003,054,136 | ---- | M] (ASUS) -- C:\WINDOWS\AsScrPro.exe
PRC - [2008/11/26 10:36:12 | 000,323,584 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2008/10/25 08:18:50 | 000,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/09/12 14:01:56 | 001,453,568 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SingTel\McciTrayApp.exe
PRC - [2008/09/05 11:39:28 | 001,642,496 | ---- | M] (EnGenius Technologies.) -- C:\Program Files\EnGenius\Common\RaUI.exe
PRC - [2008/08/04 19:20:10 | 000,217,088 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2008/07/26 07:31:00 | 000,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/07/21 04:33:42 | 000,450,649 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2008/07/21 04:33:24 | 000,467,029 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/06/23 20:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/06/19 11:17:00 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008/05/30 16:53:48 | 000,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/05/13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\EnGenius\Common\RegistryWriter.exe
PRC - [2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/17 18:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/02/01 14:29:32 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2008/01/23 15:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2008/01/23 10:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/01/15 17:27:10 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008/01/11 22:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2007/12/03 15:40:24 | 000,815,104 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
PRC - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/11/04 19:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
PRC - [2007/08/15 11:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/08/02 19:41:52 | 002,760,704 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007/07/13 17:53:34 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007/07/05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007/02/27 20:21:08 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/09 10:25:29 | 000,272,024 | R--- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/10/12 18:55:00 | 000,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/08/10 22:16:22 | 000,499,712 | ---- | M] (PLANEX COMMUNICATIONS INC.) -- C:\Program Files\bRoad Lanner Wave\GW-US54GXS\GW-US54GXS.exe
PRC - [2006/07/26 18:01:06 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
PRC - [2006/01/23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005/07/06 15:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\WINDOWS\system32\ACEngSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/02/25 02:00:11 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Soon Hin\Desktop\OTL.exe
MOD - [2009/09/16 22:55:32 | 000,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/08/13 21:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2008/12/16 15:07:53 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2006/12/02 02:51:44 | 000,032,768 | ---- | M] (www.flashget.com) -- C:\Program Files\FlashGet\fgmgr.dll
MOD - [2006/07/11 18:35:42 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/05 00:11:07 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9fcc2148b8474) Google Update Service (gupdate1c9fcc2148b8474)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/02 16:10:56 | 000,656,168 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/03/26 15:31:20 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/16 14:33:08 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/26 10:36:12 | 000,323,584 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/26 07:31:00 | 000,159,812 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/07/21 04:33:24 | 000,467,029 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/05/30 16:53:48 | 000,303,104 | ---- | M] (Motive Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/05/13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\EnGenius\Common\RegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008/04/14 20:00:00 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)
SRV - [2008/03/17 18:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/09 10:25:29 | 000,272,024 | R--- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2007/01/02 17:27:38 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2006/11/08 16:35:38 | 000,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/02/23 08:16:30 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/02/19 07:43:28 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 07:43:28 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 07:43:28 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/08 18:15:44 | 005,860,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/14 13:36:29 | 000,021,361 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/22 05:00:50 | 000,032,688 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 05:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 05:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 05:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 05:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 03:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 00:13:36 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2009/10/22 00:13:32 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/06/03 22:05:26 | 001,570,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/26 15:23:46 | 000,036,864 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/03/19 16:32:48 | 000,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/07 00:37:28 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/08/28 16:52:36 | 000,627,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/26 07:31:00 | 006,597,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/06/27 09:39:42 | 000,332,928 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2008/06/26 04:05:08 | 000,039,072 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008/06/20 19:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/06/09 16:45:08 | 001,748,352 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/05/30 16:44:49 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/05/30 16:44:49 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/14 20:00:00 | 000,163,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR)
DRV - [2008/04/14 20:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 20:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 20:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 20:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008/04/14 20:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 20:00:00 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 20:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/14 20:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/04/14 00:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/14 00:15:40 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/07 14:00:46 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CRFILTER.sys -- (CRFILTER)
DRV - [2008/03/17 11:03:46 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/02/08 08:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/01/30 16:15:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2008/01/30 16:15:19 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2008/01/30 04:45:38 | 000,050,576 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2008/01/03 07:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/10/10 17:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/10/09 13:13:00 | 000,038,144 | ---- | M] (Realtek) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EAPPkt.sys -- (EAPPkt)
DRV - [2007/08/24 11:46:48 | 000,005,760 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007/08/03 12:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/24 11:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/07/03 16:59:10 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/11 14:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/05/24 14:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/24 13:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/03/01 16:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/01/24 18:08:40 | 000,005,632 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007/01/22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006/12/03 22:32:53 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/12/03 22:32:39 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2006/12/03 22:32:36 | 000,049,920 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/11/20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/12 18:28:00 | 000,198,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/27 14:32:00 | 000,450,560 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(PLANEX COMMUNICATIONS INC.)) PCI GW-US54GXS 54Mbps WLAN USB Adapter Driver(PLANEX COMMUNICATIONS INC.)
DRV - [2005/06/08 18:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BRGSp50.sys -- (BRGSp50)
DRV - [2005/03/21 11:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\sabprocenum.sys -- (SABProcEnum)
DRV - [2005/01/07 05:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/05/27 18:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASNDIS5.SYS -- (ASNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sg.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://sg.rd.yahoo.com/customize/ie/defaul...arch.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://sg.rd.yahoo.com/customize/ie/defaul...arch.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-790525478-2000478354-527237240-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://sg.rd.yahoo.com/customize/ie/defaul...arch.yahoo.com/
IE - HKU\S-1-5-21-790525478-2000478354-527237240-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-790525478-2000478354-527237240-1003\S-1-5-21-790525478-2000478354-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-790525478-2000478354-527237240-1003\S-1-5-21-790525478-2000478354-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {5e594888-3e8e-47da-b2c6-b0b545112f84}:1.2.7
FF - prefs.js..keyword.URL: "http://sg.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_sg&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/11/15 21:20:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2009/12/08 09:20:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/26 09:56:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/26 09:56:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/16 22:55:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/01/26 16:11:19 | 000,000,000 | ---D | M]

[2008/12/16 14:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Soon Hin\Application Data\Mozilla\Extensions
[2010/02/26 10:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Soon Hin\Application Data\Mozilla\Firefox\Profiles\ubcxzo4g.default\extensions
[2009/12/21 00:42:20 | 000,000,000 | ---D | M] (Save Image in Folder) -- C:\Documents and Settings\Soon Hin\Application Data\Mozilla\Firefox\Profiles\ubcxzo4g.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}
[2010/02/26 10:07:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/25 16:09:47 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Flashget Catch Url Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKU\S-1-5-21-790525478-2000478354-527237240-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-790525478-2000478354-527237240-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKHOTKEY] C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Google Pinyin 2 Autoupdater] C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe (Google Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MsgTranAgt] C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe ()
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe (Motorola)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Rapget] C:\Downloads\RapGet 1.41\rapget141\rapget.exe File not found
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SingTel_McciTrayApp] C:\Program Files\SingTel\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKU\S-1-5-21-790525478-2000478354-527237240-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-790525478-2000478354-527237240-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-790525478-2000478354-527237240-1003..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-21-790525478-2000478354-527237240-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-790525478-2000478354-527237240-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-790525478-2000478354-527237240-1003..\Run: [Vbuzzer Messenger] C:\Program Files\vbuzzer\VBuzzer.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EnGenius Wireless Utility.lnk = C:\Program Files\EnGenius\Common\RaUI.exe (EnGenius Technologies.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PCI GW-US54GXS Utility.lnk = C:\Program Files\bRoad Lanner Wave\GW-US54GXS\GW-US54GXS.exe (PLANEX COMMUNICATIONS INC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\Soon Hin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-790525478-2000478354-527237240-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-790525478-2000478354-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-2000478354-527237240-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-790525478-2000478354-527237240-1003\..Trusted Domains: singpass-services.gov.sg ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-790525478-2000478354-527237240-1003\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} https://www4.snapfish.com.sg/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} http://www4.snapfish.com.sg/SnapfishActivia2.cab (Snapfish Activia2)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.7.1/GarminAxControl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Soon Hin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Soon Hin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/05 13:12:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1d459f8c-31b7-11de-951b-002215f748a6}\Shell\AutoRun\command - "" = F:\svchost.exe -- File not found
O33 - MountPoints2\{24e90fe0-a392-11de-96ba-00224352567f}\Shell - "" = AutoRun
O33 - MountPoints2\{24e90fe0-a392-11de-96ba-00224352567f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24e90fe0-a392-11de-96ba-00224352567f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{24e90fe1-a392-11de-96ba-00224352567f}\Shell - "" = AutoRun
O33 - MountPoints2\{24e90fe1-a392-11de-96ba-00224352567f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24e90fe1-a392-11de-96ba-00224352567f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{257b3ab0-cb2e-11dd-acd1-00224352567f}\Shell - "" = AutoRun
O33 - MountPoints2\{257b3ab0-cb2e-11dd-acd1-00224352567f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{257b3ab0-cb2e-11dd-acd1-00224352567f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{5c7c01f6-caa3-11dd-accd-00224352567f}\Shell - "" = AutoRun
O33 - MountPoints2\{5c7c01f6-caa3-11dd-accd-00224352567f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5c7c01f6-caa3-11dd-accd-00224352567f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{6139c851-3ad7-11de-9540-002215f748a6}\Shell - "" = AutoRun
O33 - MountPoints2\{6139c851-3ad7-11de-9540-002215f748a6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6139c851-3ad7-11de-9540-002215f748a6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6cfddeb7-b856-11de-96f7-00224352567f}\Shell - "" = AutoRun
O33 - MountPoints2\{6cfddeb7-b856-11de-96f7-00224352567f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6cfddeb7-b856-11de-96f7-00224352567f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{6cfddeb8-b856-11de-96f7-00224352567f}\Shell - "" = AutoRun
O33 - MountPoints2\{6cfddeb8-b856-11de-96f7-00224352567f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6cfddeb8-b856-11de-96f7-00224352567f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{755bcdf6-7d7b-11de-9636-00224352567f}\Shell - "" = AutoRun
O33 - MountPoints2\{755bcdf6-7d7b-11de-9636-00224352567f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{755bcdf6-7d7b-11de-9636-00224352567f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7a08b957-b654-11de-96f2-00224352567f}\Shell\AutoRun\command - "" = I:\svchost.exe -- File not found
O33 - MountPoints2\{88b4d4e8-a31d-11de-96b9-00224352567f}\Shell - "" = AutoRun
O33 - MountPoints2\{88b4d4e8-a31d-11de-96b9-00224352567f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{88b4d4e8-a31d-11de-96b9-00224352567f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{88b4d4e9-a31d-11de-96b9-00224352567f}\Shell - "" = AutoRun
O33 - MountPoints2\{88b4d4e9-a31d-11de-96b9-00224352567f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{88b4d4e9-a31d-11de-96b9-00224352567f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{88b4d4ec-a31d-11de-96b9-00224352567f}\Shell - "" = AutoRun
O33 - MountPoints2\{88b4d4ec-a31d-11de-96b9-00224352567f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{88b4d4ec-a31d-11de-96b9-00224352567f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{9bf69db2-c9a1-11dd-acc8-00224352567f}\Shell - "" = AutoRun
O33 - MountPoints2\{9bf69db2-c9a1-11dd-acc8-00224352567f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9bf69db2-c9a1-11dd-acc8-00224352567f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{cfd56d34-cbf4-11dd-acd8-00224352567f}\Shell - "" = AutoRun
O33 - MountPoints2\{cfd56d34-cbf4-11dd-acd8-00224352567f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cfd56d34-cbf4-11dd-acd8-00224352567f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{cfd56d35-cbf4-11dd-acd8-00224352567f}\Shell\AutoRun\command - "" = H:\svchost.exe -- File not found
O33 - MountPoints2\{db935915-96f2-11de-9690-00224352567f}\Shell\AutoRun\command - "" = G:\2nuk.com -- File not found
O33 - MountPoints2\{db935915-96f2-11de-9690-00224352567f}\Shell\open\Command - "" = G:\2nuk.com -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/12/06 04:49:53 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: eMuleAutoStart - hkey= - key= - C:\Program Files\eMule\emule.exe (http://www.emule-project.net)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NSLauncher - hkey= - key= - C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe File not found
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17736316556935168)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/28 12:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\VMware
[2010/02/25 22:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/02/25 22:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/02/25 22:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/25 21:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/02/25 21:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/25 15:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Desktop\Comm
[2010/02/25 15:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Desktop\ASUS
[2010/02/25 14:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/25 14:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/25 12:14:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Desktop\2-25-2010
[2010/02/25 12:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/25 09:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/02/25 02:00:11 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Soon Hin\Desktop\OTL.exe
[2010/02/23 12:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Application Data\WinRAR
[2010/02/23 12:04:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/02/23 11:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Desktop\SDFix
[2010/02/22 21:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Desktop\Data
[2010/02/22 21:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Desktop\Antivirus
[2010/02/22 21:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Desktop\PC report
[2010/02/22 20:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Application Data\IObit
[2010/02/22 20:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/02/22 11:20:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/22 11:20:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/22 11:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/22 10:54:39 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/02/22 10:54:39 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/22 10:54:39 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/02/22 10:54:39 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/02/22 10:54:37 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/02/22 10:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/02/22 10:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/02/21 21:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/21 15:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Local Settings\Application Data\Super Internet TV
[2010/02/21 15:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Super Internet TV
[2010/02/19 20:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\WSGConnect
[2010/02/17 12:57:58 | 001,833,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2010/02/17 12:57:58 | 000,887,328 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2010/02/17 12:57:58 | 000,358,944 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/02/17 12:57:58 | 000,084,512 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2010/02/17 12:57:57 | 001,489,440 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2010/02/17 12:57:56 | 009,721,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2010/02/17 12:57:54 | 005,860,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2010/02/17 12:57:53 | 000,129,568 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/02/17 12:57:53 | 000,051,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2010/02/17 12:57:51 | 018,790,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2010/02/17 12:57:50 | 002,177,568 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2010/02/17 12:57:50 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2010/02/17 12:57:45 | 002,815,520 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/02/17 12:57:45 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010/02/17 12:57:45 | 000,285,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2010/02/17 12:57:44 | 000,064,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2010/02/17 12:57:29 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2010/02/05 09:14:25 | 002,000,880 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GooglePinyin2.ime
[2009/11/01 13:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2009/11/01 11:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2009/07/05 00:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/05 00:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/05/20 11:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/12/05 15:09:51 | 000,005,632 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2010/02/28 12:51:15 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8480F015-1646-4E8C-9042-40122F42ED89}.job
[2010/02/28 12:47:55 | 000,189,747 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/28 12:47:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/28 12:47:48 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/02/28 12:47:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/28 12:47:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/28 12:43:30 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Soon Hin\ntuser.dat
[2010/02/28 12:43:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Soon Hin\ntuser.ini
[2010/02/28 00:18:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/26 12:37:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/25 23:02:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2010/02/25 22:26:33 | 000,142,848 | ---- | M] () -- C:\Documents and Settings\Soon Hin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/25 17:02:53 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/25 16:09:47 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/02/25 12:13:43 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\Soon Hin\Desktop\NTREGOPT.lnk
[2010/02/25 08:30:46 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\crt.dat
[2010/02/25 02:00:11 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Soon Hin\Desktop\OTL.exe
[2010/02/24 17:57:33 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/02/24 15:22:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/02/24 15:01:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/02/23 11:42:14 | 000,014,258 | ---- | M] () -- C:\Documents and Settings\Soon Hin\My Documents\SDfix.pdf
[2010/02/23 08:16:30 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/23 07:10:47 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/02/22 20:49:31 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/02/22 15:47:02 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Soon Hin\Desktop\dds.scr
[2010/02/22 15:45:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Soon Hin\defogger_reenable
[2010/02/21 15:04:24 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Soon Hin\Desktop\Super Internet TV.lnk
[2010/02/17 11:14:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/13 00:44:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/08 18:45:16 | 001,833,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2010/02/08 18:45:16 | 000,358,944 | ---- | M] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/02/08 18:45:16 | 000,084,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2010/02/08 18:45:12 | 009,721,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2010/02/08 18:45:12 | 001,489,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2010/02/08 18:45:12 | 000,887,328 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2010/02/08 18:45:06 | 000,051,232 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2010/02/08 18:45:04 | 018,790,432 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2010/02/08 18:45:04 | 000,129,568 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/02/08 18:44:58 | 002,177,568 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2010/02/08 18:44:52 | 002,815,520 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/02/08 18:44:52 | 000,285,216 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2010/02/08 18:44:52 | 000,064,032 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2010/02/08 18:15:44 | 005,860,384 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2010/02/05 09:14:25 | 002,000,880 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GooglePinyin2.ime
[2010/02/01 16:14:54 | 001,247,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2010/01/30 15:25:12 | 003,231,102 | -H-- | M] () -- C:\Documents and Settings\Soon Hin\Local Settings\Application Data\IconCache.db

========== Files Created - No Company Name ==========

[2010/02/25 18:52:19 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Soon Hin\Desktop\dds.scr
[2010/02/25 12:13:43 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\Soon Hin\Desktop\NTREGOPT.lnk
[2010/02/24 13:14:48 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\crt.dat
[2010/02/23 11:42:14 | 000,014,258 | ---- | C] () -- C:\Documents and Settings\Soon Hin\My Documents\SDfix.pdf
[2010/02/22 20:49:31 | 000,000,390 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/02/22 15:53:47 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Soon Hin\Desktop\gmer.exe
[2010/02/22 15:45:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Soon Hin\defogger_reenable
[2010/02/21 15:04:24 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Soon Hin\Desktop\Super Internet TV.lnk
[2010/02/21 15:03:46 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/02/21 15:03:45 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/01/29 00:30:54 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll
[2010/01/29 00:30:54 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll
[2009/12/19 21:35:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2009/11/05 13:06:55 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/10/20 10:14:45 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Soon Hin\Application Data\$_hpcst$.hpc
[2009/09/16 22:59:25 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/21 02:59:25 | 000,339,672 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/06/27 23:38:48 | 000,000,388 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2009/06/25 11:07:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/25 00:28:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/03/20 21:42:19 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/19 08:23:07 | 000,000,024 | ---- | C] () -- C:\WINDOWS\ATKPF.ini
[2009/02/18 09:52:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/02/18 09:52:58 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2009/01/11 18:18:57 | 000,000,096 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/01/10 23:11:57 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/12/31 17:04:42 | 000,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/12/28 17:25:29 | 000,142,848 | ---- | C] () -- C:\Documents and Settings\Soon Hin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/16 13:23:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/05 16:10:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/12/05 15:28:14 | 000,262,217 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/12/05 15:26:23 | 001,748,352 | R--- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/12/05 15:26:23 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008/12/05 14:59:48 | 000,005,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2008/07/26 07:31:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/26 07:31:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/07/26 07:31:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/26 07:31:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/04/07 14:00:46 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\CRFILTER.dll
[2007/06/21 10:49:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/03/18 18:40:32 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/03/18 18:40:24 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2010/01/05 18:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/01/05 18:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2009/12/16 08:51:37 | 537,365,896 | ---- | M] (VMware, Inc.) -- C:\VMWSV7.exe


< MD5 for: AGP440.SYS >
[2008/04/14 20:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 20:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/02/23 07:10:47 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/02/23 07:10:47 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 20:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 20:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 20:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2007/01/12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: PROQUOTA.EXE >
[2008/04/14 20:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\dllcache\proquota.exe
[2008/04/14 20:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2008/04/14 20:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 20:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >

OTL Extras logfile created on: 2/28/2010 12:54:08 PM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\Soon Hin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 38.13 Gb Free Space | 48.81% Space Free | Partition Type: NTFS
Drive D: | 137.89 Gb Total Space | 113.12 Gb Free Space | 82.03% Space Free | Partition Type: NTFS
Drive E: | 82.07 Gb Total Space | 31.88 Gb Free Space | 38.84% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SOON-251939208E
Current User Name: Soon Hin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-790525478-2000478354-527237240-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Disabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Motorola\Software Update\msu.exe" = C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu -- (Motorola)
"C:\Program Files\Motorola\Software Update\mumapp.exe" = C:\Program Files\Motorola\Software Update\mumapp.exe:*:Enabled:mumapp -- ()
"C:\Program Files\ASUS\WL-330gE Wireless AP Utilities\Discovery.exe" = C:\Program Files\ASUS\WL-330gE Wireless AP Utilities\Discovery.exe:*:Enabled:ASUS Device Discovery Application -- (ASUSTeK COMPUTER INC.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation)
"C:\Program Files\vbuzzer\VBuzzer.exe" = C:\Program Files\vbuzzer\VBuzzer.exe:*:Enabled:VBuzzer Messenger -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"D:\Camfrog Video Chat\Camfrog Video Chat.exe" = D:\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module -- (Camshare LC)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{10A8358B-78A0-463B-9291-E66AD02946EB}" = PCI GW-US54GXS 54Mbps WLAN USB Adapter
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series" = Canon iP1800 series
"{1268E742-C02A-489F-A8A3-BAE48FCED6E9}" = Connection Manager
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18B5996A-643E-4176-9BEB-27C45C9F1FC3}" = Nokia Map Loader
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5992416F-A35D-42AE-8C30-DA77ABE4A0B9}" = ASUS Zoom In
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{702563CE-516C-40CF-B69C-A4E2A8FC8F14}" = OviMPlatform
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79895CF2-DC9B-42F9-96BC-4BD9C01D3DE5}" = Eudora
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82E16F2D-804A-4990-BEEF-C9DB44AE844B}" = Nokia Ovi Suite
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8852753D-9E27-41F6-9A20-1D4E02B013FC}" = Nokia Download!
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BAC9CCE-A0F6-4A05-A8B2-1FE2F4D3E44C}" = ASUS WL-330gE Wireless AP
"{8CE4CB34-8187-42A1-B597-517760BEE8EC}" = BPD_Scan
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = EnGenius EnGenius 11n Wireless USB Adapter
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A620E308-2124-4A35-BA95-F1CAEF538CB9}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_931" = Adobe Acrobat 9.3.1 - CPSID_50570
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF595D08-64AC-428B-8FB8-EEC70CCB8803}" = Ovi Desktop Sync Engine
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B311BDA3-CFA5-48b3-8483-96609A1CC6BB}" = HP Officejet J3500 Series
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK RTL8187 Wireless LAN Driver and Utility
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E94603CA-2996-4154-8EE2-A5FCD4BFB500}" = Nokia Lifeblog 2.5
"{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}" = Garmin MapSource
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE155C7A-E4B9-4D98-ADB2-BC4CFFB2A12C}" = Motorola Software Update
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced RAR Repair v1.2" = Advanced RAR Repair v1.2
"ASUS_Notebook_N10" = ASUS_Notebook_N10 Screen Saver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BroadBand on Mobile" = BroadBand on Mobile
"BulentsScreenRecorder4" = BSR Screen Recorder 4
"Camfrog 5.4" = Camfrog Video Chat 5.4
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"ffdshow" = ffdshow (remove only)
"FlashGet(Jetcar) 1.80" = FlashGet(Jetcar) 1.80
"Free Indonesia Map_is1" = v1.61u
"Google Chrome" = Google Chrome
"GooglePinyin2" = 谷歌拼音输入法 2.2
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Drive Key Boot Utility" = HP Drive Key Boot Utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{A620E308-2124-4A35-BA95-F1CAEF538CB9}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Loki ActiveX Control" = Loki ActiveX Control
"Malfreemaps Garmin Map_is1" = MFM-Garmin 100118
"Malfreemaps MY/SG/BN Map_is1" = MFM v1.74
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"RAR Repair Tool_is1" = RAR Repair Tool v.4.0.1
"RealPlayer 12.0" = RealPlayer
"Samsung Mobile USB Modem" = Samsung Mobile USB Modem Software
"SingTelWCM Wireless Connection Client" = SingTel Wireless Connection Manager
"Smart Defrag_is1" = Smart Defrag
"Super Internet TV (Premium Edition)_is1" = Super Internet TV v8.0 (Premium Edition)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"VMware_Workstation" = VMware Workstation
"WBFS Manager 3.0" = WBFS Manager 3.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wireless@SG SingTel" = Wireless@SG SingTel (1.0.0.0)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-790525478-2000478354-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinImage" = WinImage

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/28/2010 12:38:33 AM | Computer Name = SOON-251939208E | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/28/2010 12:38:33 AM | Computer Name = SOON-251939208E | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/28/2010 12:45:25 AM | Computer Name = SOON-251939208E | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/28/2010 12:45:25 AM | Computer Name = SOON-251939208E | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/28/2010 12:45:25 AM | Computer Name = SOON-251939208E | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/28/2010 12:45:26 AM | Computer Name = SOON-251939208E | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/28/2010 12:47:48 AM | Computer Name = SOON-251939208E | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/28/2010 12:47:48 AM | Computer Name = SOON-251939208E | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/28/2010 12:47:48 AM | Computer Name = SOON-251939208E | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/28/2010 12:47:48 AM | Computer Name = SOON-251939208E | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 2/28/2010 12:43:28 AM | Computer Name = SOON-251939208E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/28/2010 12:45:18 AM | Computer Name = SOON-251939208E | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2/28/2010 12:45:18 AM | Computer Name = SOON-251939208E | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2/28/2010 12:47:41 AM | Computer Name = SOON-251939208E | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2/28/2010 12:47:41 AM | Computer Name = SOON-251939208E | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2/28/2010 12:50:25 AM | Computer Name = SOON-251939208E | Source = Service Control Manager | ID = 7022
Description = The IPv6 Helper Service service hung on starting.

Error - 2/28/2010 12:51:23 AM | Computer Name = SOON-251939208E | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 2/28/2010 12:54:32 AM | Computer Name = SOON-251939208E | Source = Service Control Manager | ID = 7028
Description = The agisr Registry key denied access to SYSTEM account programs so
the Service Control Manager took ownership of the Registry key.

Error - 2/28/2010 12:54:33 AM | Computer Name = SOON-251939208E | Source = Service Control Manager | ID = 7028
Description = The agisr Registry key denied access to SYSTEM account programs so
the Service Control Manager took ownership of the Registry key.

Error - 2/28/2010 12:54:33 AM | Computer Name = SOON-251939208E | Source = Service Control Manager | ID = 7028
Description = The agisr Registry key denied access to SYSTEM account programs so
the Service Control Manager took ownership of the Registry key.


< End of report >

Awaiting your next reply.

Regards,

Dave

#5 woodwind

woodwind
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:10:08 AM

Posted 28 February 2010 - 11:36 AM

Hi Syler,

I did have problem starting up my laptop, it take a long time to finish booting up, Giving me an impression that it had hanged. I try a few time it just stop workin after boting up to Desktop, mouse will not move at all so I shut down eventual. But this morning I start up again and left it to boot for about 30 minutes. When I am back the laptop can be operate again, I believe something had slow down the boot up which make me mistaken the laptop had hanged. I hope you can help me to solved this problems.

Thanks and regards,


Dave

Edited by woodwind, 28 February 2010 - 08:05 PM.

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:08 AM

Posted 01 March 2010 - 01:48 AM

Hi Dave,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg

#7 woodwind

woodwind
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:10:08 AM

Posted 01 March 2010 - 08:00 AM


Hi Syler,

Below please find the Combofix Log as you had requested :

ComboFix 10-02-28.03 - Soon Hin 03/01/2010 20:36:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1629 [GMT 8:00]
Running from: c:\documents and settings\Soon Hin\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\crt.dat

----- BITS: Possible infected sites -----

hxxp://armmf.adobe.com
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-03-01 06:20 . 2010-03-01 06:20 -------- d-----w- c:\documents and settings\Soon Hin\Local Settings\Application Data\Nokia
2010-03-01 06:19 . 2010-03-01 06:19 -------- d-----w- c:\documents and settings\Soon Hin\Local Settings\Application Data\NokiaAccount
2010-03-01 05:16 . 2010-03-01 05:16 -------- d-----w- c:\program files\ESET
2010-02-25 13:34 . 2010-02-25 13:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-02-25 06:02 . 2010-02-25 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-25 06:02 . 2010-02-25 06:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-25 04:13 . 2010-02-25 04:13 -------- d-----w- c:\program files\ERUNT
2010-02-25 01:03 . 2010-02-25 01:03 -------- d-----w- c:\program files\Enigma Software Group
2010-02-23 04:04 . 2010-02-23 04:04 -------- d-----w- c:\windows\ERUNT
2010-02-22 12:49 . 2010-02-22 12:49 -------- d-----w- c:\documents and settings\Soon Hin\Application Data\IObit
2010-02-22 12:49 . 2010-02-22 12:49 -------- d-----w- c:\program files\IObit
2010-02-22 02:54 . 2010-02-23 00:16 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-22 02:54 . 2009-03-30 01:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-22 02:54 . 2009-02-13 03:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-02-22 02:54 . 2009-02-13 03:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-02-22 02:54 . 2010-02-22 02:54 -------- d-----w- c:\program files\Avira
2010-02-22 02:54 . 2010-02-22 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-02-21 07:04 . 2010-02-21 07:08 -------- d-----w- c:\documents and settings\Soon Hin\Local Settings\Application Data\Super Internet TV
2010-02-19 12:37 . 2010-02-19 12:37 -------- d-----w- c:\program files\WSGConnect

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 12:33 . 2008-12-18 11:16 -------- d-----w- c:\program files\FlashGet
2010-03-01 08:16 . 2009-03-20 00:12 117760 ----a-w- c:\documents and settings\Soon Hin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-01 07:22 . 2009-01-11 16:24 -------- d-----w- c:\program files\Google
2010-03-01 07:11 . 2009-12-11 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-03-01 06:55 . 2009-03-18 07:03 -------- d-----w- c:\program files\ffdshow
2010-03-01 06:51 . 2008-12-13 08:31 -------- d-----w- c:\program files\Nokia
2010-03-01 06:36 . 2009-01-19 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-03-01 06:36 . 2008-12-14 09:21 -------- d-----w- c:\program files\Common Files\Nokia
2010-02-28 23:57 . 2009-12-16 03:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-02-24 10:06 . 2009-02-20 04:30 -------- d-----w- c:\documents and settings\Soon Hin\Application Data\Skype
2010-02-24 09:51 . 2009-02-20 04:30 -------- d-----w- c:\documents and settings\Soon Hin\Application Data\skypePM
2010-02-23 03:17 . 2009-08-26 13:46 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-22 23:10 . 2008-04-14 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-18 23:43 . 2008-12-17 23:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-05 01:14 . 2010-02-05 01:14 2217968 ----a-w- c:\documents and settings\Soon Hin\Application Data\Google\Google Pinyin 2\pinyin-2.2.11.69\GooglePinyinUpdater.exe
2010-02-01 08:14 . 2010-02-17 04:57 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-01-28 16:31 . 2009-07-24 17:04 2048 ----a-w- c:\windows\system32\Tr_sttool.dat
2010-01-28 16:31 . 2009-07-24 17:02 -------- d-----w- c:\program files\BSR Screen Recorder 4
2010-01-28 16:30 . 2010-01-28 16:30 585728 ----a-w- c:\windows\system32\bsratswf.dll
2010-01-28 16:30 . 2010-01-28 16:30 147456 ----a-w- c:\windows\system32\bsratwmv.dll
2010-01-27 16:08 . 2010-01-09 07:44 -------- d-----w- c:\documents and settings\Soon Hin\Application Data\Camfrog
2010-01-23 11:38 . 2009-12-15 03:55 -------- d-----w- c:\program files\eMule
2010-01-22 11:00 . 2009-03-18 03:23 -------- d-----w- c:\documents and settings\Soon Hin\Application Data\GARMIN
2010-01-21 15:18 . 2009-08-20 18:59 339672 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-20 12:48 . 2009-03-09 01:07 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-15 04:07 . 2010-01-15 04:07 -------- d-----w- c:\documents and settings\Soon Hin\Application Data\Malwarebytes
2010-01-15 04:07 . 2010-01-15 04:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 04:07 . 2010-01-15 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-12 15:46 . 2009-12-21 13:57 52224 ----a-w- c:\documents and settings\Soon Hin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-07 08:07 . 2010-01-15 04:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 08:07 . 2010-01-15 04:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2009-08-30 01:48 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 11:20 . 2010-01-26 08:12 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2009-12-19 13:35 . 2009-12-19 13:35 155648 ----a-w- c:\windows\system32\libssl32.dll
2009-12-16 18:43 . 2008-12-05 05:07 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 00:51 . 2009-12-16 01:25 537365896 ----a-w- C:\VMWSV7.exe
2009-12-14 07:08 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 05:36 . 2009-12-11 15:13 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-12-14 05:36 . 2009-12-14 05:32 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2009-12-10 08:06 . 2008-12-24 18:06 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-08 19:26 . 2008-04-14 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2008-04-14 00:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 01:20 . 2009-12-08 01:20 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-12-08 01:20 . 2009-12-08 01:20 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-12-08 01:20 . 2009-12-08 01:20 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-08 01:20 . 2009-12-08 01:20 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-12-08 01:20 . 2009-12-08 01:20 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-12-08 01:20 . 2009-12-08 01:20 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc.exe
2009-12-08 01:12 . 2009-12-08 01:12 94628904 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_PCS_Update.exe
2009-12-04 18:22 . 2008-04-14 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-06-19 03:47 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-06-19 03:47 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-04 4363504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13541376]
"nwiz"="nwiz.exe" [2008-07-25 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 86016]
"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-08-04 217088]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-06-19 49928]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-07-20 450649]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-01-15 851968]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-12-05 3054136]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2009-03-25 996608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-16 198160]
"Google Pinyin 2 Autoupdater"="c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe" [2010-02-05 1193456]
"SingTel_McciTrayApp"="c:\program files\SingTel\McciTrayApp.exe" [2008-09-12 1453568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
"RTHDCPL"="RTHDCPL.EXE" [2010-02-08 18790432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\Soon Hin\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-8-2 2760704]
EnGenius Wireless Utility.lnk - c:\program files\EnGenius\Common\RaUI.exe [2009-12-14 1642496]
PCI GW-US54GXS Utility.lnk - c:\program files\bRoad Lanner Wave\GW-US54GXS\GW-US54GXS.exe [2009-12-14 499712]
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe [2009-12-16 815104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2005-08-09 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 23:48 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-06-19 03:34 96008 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-21 10:35 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-12-21 17:26 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
2009-02-22 19:15 5668864 ----a-w- c:\program files\eMule\emule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2008-02-22 03:19 62760 -c--a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-03-17 09:59 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 21:42 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-04-02 11:09 87336 -c----w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Motorola\\Software Update\\mumapp.exe"=
"c:\\Program Files\\ASUS\\WL-330gE Wireless AP Utilities\\Discovery.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [8/19/2008 11:34 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/19/2008 11:34 PM 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/22/2010 10:54 AM 108289]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [11/26/2008 10:36 AM 323584]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [12/16/2009 1:50 PM 38144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/15/2010 12:07 PM 236368]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\EnGenius\Common\RegistryWriter.exe [12/14/2009 1:32 PM 69632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/15/2010 12:07 PM 19160]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/5/2008 2:46 PM 39072]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/19/2008 11:34 PM 12872]
S2 agisr;\??\C;\??\c:\windows\TEMP\sneikhvqmyhcz.sys --> c:\windows\TEMP\sneikhvqmyhcz.sys [?]
S2 gupdate1c9fcc2148b8474;Google Update Service (gupdate1c9fcc2148b8474);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2009 12:11 AM 133104]
S2 marjotcqclxa;\??\c:\windo;\??\c:\windows\TEMP\zkuhfxikvkozcbu.sys --> c:\windows\TEMP\zkuhfxikvkozcbu.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/17/2010 12:57 PM 1691480]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\f:\i386\AsProcOb.sys --> f:\i386\AsProcOb.sys [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2/18/2009 9:53 AM 20608]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [4/7/2008 2:00 PM 6656]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [5/21/2009 12:53 AM 42112]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [12/14/2009 1:32 PM 627072]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [12/11/2009 7:02 PM 332928]
S3 ZD1211BU(PLANEX COMMUNICATIONS INC.);PCI GW-US54GXS 54Mbps WLAN USB Adapter Driver(PLANEX COMMUNICATIONS INC.);c:\windows\system32\drivers\ZD1211BU.sys [2/18/2009 9:53 AM 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 09:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 16:11]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 16:11]

2010-02-25 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 09:04]

2010-03-01 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 09:04]

2010-02-22 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-02-22 05:48]

2010-03-01 c:\windows\Tasks\User_Feed_Synchronization-{8480F015-1646-4E8C-9042-40122F42ED89}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://sg.yahoo.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://sg.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://sg.search.yahoo.com/
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: singpass-services.gov.sg\www
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.7.1/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} - hxxp://www4.snapfish.com.sg/SnapfishActivia2.cab
FF - ProfilePath - c:\documents and settings\Soon Hin\Application Data\Mozilla\Firefox\Profiles\ubcxzo4g.default\
FF - prefs.js: keyword.URL - hxxp://sg.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_sg&p=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Power2GoExpress - (no file)
HKCU-Run-Vbuzzer Messenger - c:\program files\vbuzzer\VBuzzer.exe
HKLM-Run-Rapget - c:\downloads\RapGet 1.41\rapget141\rapget.exe
MSConfigStartUp-NSLauncher - c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
AddRemove-SingTelWCM Wireless Connection Client - c:\program files\SingTelWCM\WCMuninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 20:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-790525478-2000478354-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{30A39A4F-5BAD-824E-C0EA-E7C65DA90EF6}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abogkajfnijochlnooinkjkjmgjappgkcp"=hex:61,61,00,ff
"mabhnahcpgpnihnccbdepldmpp"=hex:61,61,00,ff
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1196)
c:\windows\system32\vrlogon.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\qlbase.dll
c:\program files\Protector Suite QL\otp.dll
c:\program files\Protector Suite QL\psqltray.dll

- - - - - - - > 'lsass.exe'(1252)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll

- - - - - - - > 'explorer.exe'(3836)
c:\windows\system32\WININET.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Google\Google Pinyin 2\GooglePinyinService.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Completion time: 2010-03-01 20:53:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-01 12:53

Pre-Run: 44,784,300,032 bytes free
Post-Run: 45,230,067,712 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 3FC8AA6CDAE5FD96A6538C6B5DF4F6BD

Awaiting your next instruction.

Regards,


Dave

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:08 AM

Posted 01 March 2010 - 03:21 PM

Hi Dave,

Can you tell me how the coputers running and if you have any more problems?

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.7.1/GarminAxControl.CAB (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O33 - MountPoints2\{1d459f8c-31b7-11de-951b-002215f748a6}\Shell\AutoRun\command - "" = F:\svchost.exe -- File not found
    O33 - MountPoints2\{24e90fe0-a392-11de-96ba-00224352567f}\Shell - "" = AutoRun
    O33 - MountPoints2\{24e90fe0-a392-11de-96ba-00224352567f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{24e90fe0-a392-11de-96ba-00224352567f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
    O33 - MountPoints2\{24e90fe1-a392-11de-96ba-00224352567f}\Shell - "" = AutoRun
    O33 - MountPoints2\{24e90fe1-a392-11de-96ba-00224352567f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{24e90fe1-a392-11de-96ba-00224352567f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{257b3ab0-cb2e-11dd-acd1-00224352567f}\Shell - "" = AutoRun
    O33 - MountPoints2\{257b3ab0-cb2e-11dd-acd1-00224352567f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{257b3ab0-cb2e-11dd-acd1-00224352567f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{5c7c01f6-caa3-11dd-accd-00224352567f}\Shell - "" = AutoRun
    O33 - MountPoints2\{5c7c01f6-caa3-11dd-accd-00224352567f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{5c7c01f6-caa3-11dd-accd-00224352567f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{6139c851-3ad7-11de-9540-002215f748a6}\Shell - "" = AutoRun
    O33 - MountPoints2\{6139c851-3ad7-11de-9540-002215f748a6}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6139c851-3ad7-11de-9540-002215f748a6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{6cfddeb7-b856-11de-96f7-00224352567f}\Shell - "" = AutoRun
    O33 - MountPoints2\{6cfddeb7-b856-11de-96f7-00224352567f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6cfddeb7-b856-11de-96f7-00224352567f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
    O33 - MountPoints2\{6cfddeb8-b856-11de-96f7-00224352567f}\Shell - "" = AutoRun
    O33 - MountPoints2\{6cfddeb8-b856-11de-96f7-00224352567f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6cfddeb8-b856-11de-96f7-00224352567f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
    O33 - MountPoints2\{755bcdf6-7d7b-11de-9636-00224352567f}\Shell - "" = AutoRun
    O33 - MountPoints2\{755bcdf6-7d7b-11de-9636-00224352567f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{755bcdf6-7d7b-11de-9636-00224352567f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{7a08b957-b654-11de-96f2-00224352567f}\Shell\AutoRun\command - "" = I:\svchost.exe -- File not found
    O33 - MountPoints2\{88b4d4e8-a31d-11de-96b9-00224352567f}\Shell - "" = AutoRun
    O33 - MountPoints2\{88b4d4e8-a31d-11de-96b9-00224352567f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{88b4d4e8-a31d-11de-96b9-00224352567f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
    O33 - MountPoints2\{88b4d4e9-a31d-11de-96b9-00224352567f}\Shell - "" = AutoRun
    O33 - MountPoints2\{88b4d4e9-a31d-11de-96b9-00224352567f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{88b4d4e9-a31d-11de-96b9-00224352567f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
    O33 - MountPoints2\{88b4d4ec-a31d-11de-96b9-00224352567f}\Shell - "" = AutoRun
    O33 - MountPoints2\{88b4d4ec-a31d-11de-96b9-00224352567f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{88b4d4ec-a31d-11de-96b9-00224352567f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
    O33 - MountPoints2\{9bf69db2-c9a1-11dd-acc8-00224352567f}\Shell - "" = AutoRun
    O33 - MountPoints2\{9bf69db2-c9a1-11dd-acc8-00224352567f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9bf69db2-c9a1-11dd-acc8-00224352567f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{cfd56d34-cbf4-11dd-acd8-00224352567f}\Shell - "" = AutoRun
    O33 - MountPoints2\{cfd56d34-cbf4-11dd-acd8-00224352567f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{cfd56d34-cbf4-11dd-acd8-00224352567f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{cfd56d35-cbf4-11dd-acd8-00224352567f}\Shell\AutoRun\command - "" = H:\svchost.exe -- File not found
    O33 - MountPoints2\{db935915-96f2-11de-9690-00224352567f}\Shell\AutoRun\command - "" = G:\2nuk.com -- File not found
    O33 - MountPoints2\{db935915-96f2-11de-9690-00224352567f}\Shell\open\Command - "" = G:\2nuk.com -- File not found
    [2010/02/24 15:22:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2010/02/24 15:01:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    MsConfig - StartUpReg: NSLauncher - hkey= - key= - C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe File not found
    :Commands
    [purity]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.


Then please post back here with the following logs:
  • MBAM log
  • OTL results
  • New OTL log

Thanks

unite.jpg

#9 woodwind

woodwind
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:10:08 AM

Posted 01 March 2010 - 08:53 PM

Hi Syler,

The laptop seem to be fine after Combofix, the virus warning did not pop out any more. Below are the Malware Log, OTL fixed log and OTL Log.

Malwarebytes' Anti-Malware 1.44
Database version: 3811
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/2/2010 9:13:16 AM
mbam-log-2010-03-02 (09-13-16).txt

Scan type: Quick Scan
Objects scanned: 128033
Time elapsed: 7 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d459f8c-31b7-11de-951b-002215f748a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d459f8c-31b7-11de-951b-002215f748a6}\ not found.
File F:\svchost.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24e90fe0-a392-11de-96ba-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24e90fe0-a392-11de-96ba-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24e90fe0-a392-11de-96ba-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24e90fe0-a392-11de-96ba-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24e90fe0-a392-11de-96ba-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24e90fe0-a392-11de-96ba-00224352567f}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24e90fe1-a392-11de-96ba-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24e90fe1-a392-11de-96ba-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24e90fe1-a392-11de-96ba-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24e90fe1-a392-11de-96ba-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24e90fe1-a392-11de-96ba-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24e90fe1-a392-11de-96ba-00224352567f}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{257b3ab0-cb2e-11dd-acd1-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257b3ab0-cb2e-11dd-acd1-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{257b3ab0-cb2e-11dd-acd1-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257b3ab0-cb2e-11dd-acd1-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{257b3ab0-cb2e-11dd-acd1-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257b3ab0-cb2e-11dd-acd1-00224352567f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c7c01f6-caa3-11dd-accd-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c7c01f6-caa3-11dd-accd-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c7c01f6-caa3-11dd-accd-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c7c01f6-caa3-11dd-accd-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c7c01f6-caa3-11dd-accd-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c7c01f6-caa3-11dd-accd-00224352567f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6139c851-3ad7-11de-9540-002215f748a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6139c851-3ad7-11de-9540-002215f748a6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6139c851-3ad7-11de-9540-002215f748a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6139c851-3ad7-11de-9540-002215f748a6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6139c851-3ad7-11de-9540-002215f748a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6139c851-3ad7-11de-9540-002215f748a6}\ not found.
File H:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cfddeb7-b856-11de-96f7-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cfddeb7-b856-11de-96f7-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cfddeb7-b856-11de-96f7-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cfddeb7-b856-11de-96f7-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cfddeb7-b856-11de-96f7-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cfddeb7-b856-11de-96f7-00224352567f}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cfddeb8-b856-11de-96f7-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cfddeb8-b856-11de-96f7-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cfddeb8-b856-11de-96f7-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cfddeb8-b856-11de-96f7-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cfddeb8-b856-11de-96f7-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cfddeb8-b856-11de-96f7-00224352567f}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{755bcdf6-7d7b-11de-9636-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{755bcdf6-7d7b-11de-9636-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{755bcdf6-7d7b-11de-9636-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{755bcdf6-7d7b-11de-9636-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{755bcdf6-7d7b-11de-9636-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{755bcdf6-7d7b-11de-9636-00224352567f}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a08b957-b654-11de-96f2-00224352567f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a08b957-b654-11de-96f2-00224352567f}\ not found.
File I:\svchost.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88b4d4e8-a31d-11de-96b9-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88b4d4e8-a31d-11de-96b9-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88b4d4e8-a31d-11de-96b9-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88b4d4e8-a31d-11de-96b9-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88b4d4e8-a31d-11de-96b9-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88b4d4e8-a31d-11de-96b9-00224352567f}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88b4d4e9-a31d-11de-96b9-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88b4d4e9-a31d-11de-96b9-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88b4d4e9-a31d-11de-96b9-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88b4d4e9-a31d-11de-96b9-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88b4d4e9-a31d-11de-96b9-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88b4d4e9-a31d-11de-96b9-00224352567f}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88b4d4ec-a31d-11de-96b9-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88b4d4ec-a31d-11de-96b9-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88b4d4ec-a31d-11de-96b9-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88b4d4ec-a31d-11de-96b9-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88b4d4ec-a31d-11de-96b9-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88b4d4ec-a31d-11de-96b9-00224352567f}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf69db2-c9a1-11dd-acc8-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bf69db2-c9a1-11dd-acc8-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf69db2-c9a1-11dd-acc8-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bf69db2-c9a1-11dd-acc8-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf69db2-c9a1-11dd-acc8-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bf69db2-c9a1-11dd-acc8-00224352567f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd56d34-cbf4-11dd-acd8-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfd56d34-cbf4-11dd-acd8-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd56d34-cbf4-11dd-acd8-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfd56d34-cbf4-11dd-acd8-00224352567f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd56d34-cbf4-11dd-acd8-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfd56d34-cbf4-11dd-acd8-00224352567f}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd56d35-cbf4-11dd-acd8-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfd56d35-cbf4-11dd-acd8-00224352567f}\ not found.
File H:\svchost.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db935915-96f2-11de-9690-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db935915-96f2-11de-9690-00224352567f}\ not found.
File G:\2nuk.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db935915-96f2-11de-9690-00224352567f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db935915-96f2-11de-9690-00224352567f}\ not found.
File G:\2nuk.com not found.
File C:\WINDOWS\tasks\At1.job not found.
File C:\WINDOWS\tasks\At2.job not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NSLauncher\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ICE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Soon Hin
->Temp folder emptied: 1273199 bytes
->Temporary Internet Files folder emptied: 11384971 bytes
->Java cache emptied: 12118713 bytes
->FireFox cache emptied: 27350302 bytes
->Google Chrome cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 50.00 mb


OTL by OldTimer - Version 3.1.30.2 log created on 03022010_091904

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



OTL logfile created on: 3/2/2010 9:29:14 AM - Run 2
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\Soon Hin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 42.17 Gb Free Space | 53.98% Space Free | Partition Type: NTFS
Drive D: | 137.89 Gb Total Space | 113.23 Gb Free Space | 82.11% Space Free | Partition Type: NTFS
Drive E: | 82.07 Gb Total Space | 32.39 Gb Free Space | 39.46% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SOON-251939208E
Current User Name: Soon Hin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/25 02:00:11 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Soon Hin\Desktop\OTL.exe
PRC - [2010/02/19 07:43:28 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/02/08 18:45:04 | 018,790,432 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2010/02/05 09:14:25 | 001,193,456 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
PRC - [2010/02/05 09:14:25 | 000,761,840 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
PRC - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/12/18 21:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/16 22:54:05 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/02 16:11:02 | 000,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/04/02 16:10:56 | 000,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/26 15:31:20 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/25 10:07:44 | 000,996,608 | ---- | M] (Motorola) -- C:\Program Files\Motorola\Software Update\mumservice.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/06 18:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/02/04 16:57:42 | 000,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2008/12/05 15:36:25 | 003,054,136 | ---- | M] (ASUS) -- C:\WINDOWS\AsScrPro.exe
PRC - [2008/11/26 10:36:12 | 000,323,584 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2008/10/25 08:18:50 | 000,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/09/12 14:01:56 | 001,453,568 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SingTel\McciTrayApp.exe
PRC - [2008/09/05 11:39:28 | 001,642,496 | ---- | M] (EnGenius Technologies.) -- C:\Program Files\EnGenius\Common\RaUI.exe
PRC - [2008/08/04 19:20:10 | 000,217,088 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2008/07/26 07:31:00 | 000,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/07/21 04:33:42 | 000,450,649 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2008/07/21 04:33:24 | 000,467,029 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/06/23 20:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/06/19 11:17:00 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008/05/30 16:53:48 | 000,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/05/13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\EnGenius\Common\RegistryWriter.exe
PRC - [2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/17 18:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/02/01 14:29:32 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2008/01/23 15:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2008/01/23 10:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/01/15 17:27:10 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008/01/11 22:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2007/12/03 15:40:24 | 000,815,104 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
PRC - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/11/04 19:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
PRC - [2007/08/15 11:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/08/02 19:41:52 | 002,760,704 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007/07/13 17:53:34 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007/07/05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007/02/27 20:21:08 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/09 10:25:29 | 000,272,024 | R--- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/10/12 18:55:00 | 000,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/08/10 22:16:22 | 000,499,712 | ---- | M] (PLANEX COMMUNICATIONS INC.) -- C:\Program Files\bRoad Lanner Wave\GW-US54GXS\GW-US54GXS.exe
PRC - [2006/07/26 18:01:06 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
PRC - [2006/01/23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005/07/06 15:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\WINDOWS\system32\ACEngSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/02/25 02:00:11 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Soon Hin\Desktop\OTL.exe
MOD - [2006/12/02 02:51:44 | 000,032,768 | ---- | M] (www.flashget.com) -- C:\Program Files\FlashGet\fgmgr.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/02 16:10:56 | 000,656,168 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/03/26 15:31:20 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/16 14:33:08 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/26 10:36:12 | 000,323,584 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/26 07:31:00 | 000,159,812 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/07/21 04:33:24 | 000,467,029 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/05/30 16:53:48 | 000,303,104 | ---- | M] (Motive Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/05/13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\EnGenius\Common\RegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008/04/14 20:00:00 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)
SRV - [2008/03/17 18:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/09 10:25:29 | 000,272,024 | R--- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2007/01/02 17:27:38 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2006/11/08 16:35:38 | 000,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/02/23 08:16:30 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/02/19 07:43:28 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 07:43:28 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 07:43:28 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/08 18:15:44 | 005,860,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/14 13:36:29 | 000,021,361 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/06/03 22:05:26 | 001,570,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/26 15:23:46 | 000,036,864 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/03/19 16:32:48 | 000,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/07 00:37:28 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/08/28 16:52:36 | 000,627,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/26 07:31:00 | 006,597,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/06/27 09:39:42 | 000,332,928 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2008/06/26 04:05:08 | 000,039,072 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008/06/20 19:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/06/09 16:45:08 | 001,748,352 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/05/30 16:44:49 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/05/30 16:44:49 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/14 20:00:00 | 000,163,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR)
DRV - [2008/04/14 20:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 20:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 20:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 20:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008/04/14 20:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 20:00:00 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 20:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/14 20:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/04/14 00:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/14 00:15:40 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/07 14:00:46 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CRFILTER.sys -- (CRFILTER)
DRV - [2008/03/17 11:03:46 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/02/08 08:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/01/30 16:15:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2008/01/30 16:15:19 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2008/01/30 04:45:38 | 000,050,576 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2008/01/03 07:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/10/10 17:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/10/09 13:13:00 | 000,038,144 | ---- | M] (Realtek) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EAPPkt.sys -- (EAPPkt)
DRV - [2007/08/24 11:46:48 | 000,005,760 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007/08/03 12:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/24 11:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/07/03 16:59:10 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/11 14:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/05/24 14:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/24 13:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/03/01 16:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/01/24 18:08:40 | 000,005,632 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007/01/22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006/12/03 22:32:53 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/12/03 22:32:39 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2006/12/03 22:32:36 | 000,049,920 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/11/20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/12 18:28:00 | 000,198,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/27 14:32:00 | 000,450,560 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(PLANEX COMMUNICATIONS INC.)) PCI GW-US54GXS 54Mbps WLAN USB Adapter Driver(PLANEX COMMUNICATIONS INC.)
DRV - [2005/06/08 18:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BRGSp50.sys -- (BRGSp50)
DRV - [2005/03/21 11:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\sabprocenum.sys -- (SABProcEnum)
DRV - [2005/01/07 05:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/05/27 18:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASNDIS5.SYS -- (ASNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-790525478-2000478354-527237240-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-790525478-2000478354-527237240-1003\S-1-5-21-790525478-2000478354-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-790525478-2000478354-527237240-1003\S-1-5-21-790525478-2000478354-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {5e594888-3e8e-47da-b2c6-b0b545112f84}:1.2.7
FF - prefs.js..keyword.URL: "http://sg.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_sg&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/26 09:56:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/26 09:56:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/16 22:55:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/01/26 16:11:19 | 000,000,000 | ---D | M]

[2008/12/16 14:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Soon Hin\Application Data\Mozilla\Extensions
[2010/02/26 10:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Soon Hin\Application Data\Mozilla\Firefox\Profiles\ubcxzo4g.default\extensions
[2009/12/21 00:42:20 | 000,000,000 | ---D | M] (Save Image in Folder) -- C:\Documents and Settings\Soon Hin\Application Data\Mozilla\Firefox\Profiles\ubcxzo4g.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}
[2010/02/26 10:07:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/01 20:46:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Flashget Catch Url Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKU\S-1-5-21-790525478-2000478354-527237240-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-790525478-2000478354-527237240-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKHOTKEY] C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Google Pinyin 2 Autoupdater] C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe (Google Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MsgTranAgt] C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe ()
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe (Motorola)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SingTel_McciTrayApp] C:\Program Files\SingTel\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKU\S-1-5-21-790525478-2000478354-527237240-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-790525478-2000478354-527237240-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-790525478-2000478354-527237240-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-790525478-2000478354-527237240-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EnGenius Wireless Utility.lnk = C:\Program Files\EnGenius\Common\RaUI.exe (EnGenius Technologies.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PCI GW-US54GXS Utility.lnk = C:\Program Files\bRoad Lanner Wave\GW-US54GXS\GW-US54GXS.exe (PLANEX COMMUNICATIONS INC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\Soon Hin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-2000478354-527237240-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-2000478354-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-790525478-2000478354-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-790525478-2000478354-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-790525478-2000478354-527237240-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-790525478-2000478354-527237240-1003\..Trusted Domains: singpass-services.gov.sg ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-790525478-2000478354-527237240-1003\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} https://www4.snapfish.com.sg/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} http://www4.snapfish.com.sg/SnapfishActivia2.cab (Snapfish Activia2)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.1.58 218.186.1.88 202.156.1.48
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) - C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Soon Hin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Soon Hin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/05 13:12:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/02 08:51:56 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/02 08:51:57 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/02 08:51:57 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/12/06 04:49:53 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: eMuleAutoStart - hkey= - key= - C:\Program Files\eMule\emule.exe (http://www.emule-project.net)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/02 09:19:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/02 09:19:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/02 08:52:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Soon Hin\UserData
[2010/03/02 08:51:56 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/03/01 20:30:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/01 20:27:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/01 20:27:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/01 20:27:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/01 20:27:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/01 20:27:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/01 20:26:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/01 15:52:34 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/03/01 14:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Local Settings\Application Data\Nokia
[2010/03/01 14:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Local Settings\Application Data\NokiaAccount
[2010/03/01 13:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/01 07:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\VMware
[2010/02/25 22:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/02/25 22:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/02/25 22:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/25 21:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/02/25 21:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/25 15:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Desktop\Comm
[2010/02/25 15:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Desktop\ASUS
[2010/02/25 14:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/25 14:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/25 12:14:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Desktop\2-25-2010
[2010/02/25 12:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/25 09:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/02/25 02:00:11 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Soon Hin\Desktop\OTL.exe
[2010/02/23 12:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Application Data\WinRAR
[2010/02/23 12:04:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/02/23 11:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Desktop\SDFix
[2010/02/22 21:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Desktop\Data
[2010/02/22 21:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Desktop\Antivirus
[2010/02/22 21:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Desktop\PC report
[2010/02/22 20:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Application Data\IObit
[2010/02/22 20:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/02/22 11:20:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/22 11:20:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/22 11:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/22 10:54:39 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/02/22 10:54:39 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/22 10:54:39 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/02/22 10:54:39 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/02/22 10:54:37 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/02/22 10:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/02/22 10:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/02/21 21:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/21 15:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Soon Hin\Local Settings\Application Data\Super Internet TV
[2010/02/19 20:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\WSGConnect
[2010/02/17 12:57:58 | 001,833,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2010/02/17 12:57:58 | 000,887,328 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2010/02/17 12:57:58 | 000,358,944 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/02/17 12:57:58 | 000,084,512 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2010/02/17 12:57:57 | 001,489,440 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2010/02/17 12:57:56 | 009,721,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2010/02/17 12:57:54 | 005,860,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2010/02/17 12:57:53 | 000,129,568 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/02/17 12:57:53 | 000,051,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2010/02/17 12:57:51 | 018,790,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2010/02/17 12:57:50 | 002,177,568 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2010/02/17 12:57:50 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2010/02/17 12:57:45 | 002,815,520 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/02/17 12:57:45 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010/02/17 12:57:45 | 000,285,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2010/02/17 12:57:44 | 000,064,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2010/02/17 12:57:29 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2010/02/05 09:14:25 | 002,000,880 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GooglePinyin2.ime
[2009/11/01 13:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2009/11/01 11:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2009/07/05 00:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/05 00:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/05/20 11:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/12/05 15:09:51 | 000,005,632 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2010/03/02 09:26:10 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8480F015-1646-4E8C-9042-40122F42ED89}.job
[2010/03/02 09:21:25 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/02 09:21:15 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/03/02 09:20:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/02 09:20:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/02 09:19:46 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Soon Hin\ntuser.dat
[2010/03/02 09:19:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Soon Hin\ntuser.ini
[2010/03/02 08:30:58 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Soon Hin\Desktop\Flash_Disinfector.exe
[2010/03/02 01:22:22 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/02 01:22:21 | 000,145,408 | ---- | M] () -- C:\Documents and Settings\Soon Hin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/01 20:47:15 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/01 20:46:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/01 20:30:19 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/01 15:11:14 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/01 15:11:14 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/01 09:14:22 | 003,875,559 | R--- | M] () -- C:\Documents and Settings\Soon Hin\Desktop\ComboFix.exe
[2010/02/28 00:18:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/25 23:02:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2010/02/25 12:13:43 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\Soon Hin\Desktop\NTREGOPT.lnk
[2010/02/25 02:00:11 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Soon Hin\Desktop\OTL.exe
[2010/02/24 17:57:33 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/02/23 11:42:14 | 000,014,258 | ---- | M] () -- C:\Documents and Settings\Soon Hin\My Documents\SDfix.pdf
[2010/02/23 08:16:30 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/23 07:10:47 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/02/22 15:47:02 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Soon Hin\Desktop\dds.scr
[2010/02/22 15:45:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Soon Hin\defogger_reenable
[2010/02/17 11:14:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/13 00:44:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/08 18:45:16 | 001,833,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2010/02/08 18:45:16 | 000,358,944 | ---- | M] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/02/08 18:45:16 | 000,084,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2010/02/08 18:45:12 | 009,721,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2010/02/08 18:45:12 | 001,489,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2010/02/08 18:45:12 | 000,887,328 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2010/02/08 18:45:06 | 000,051,232 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2010/02/08 18:45:04 | 018,790,432 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2010/02/08 18:45:04 | 000,129,568 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/02/08 18:44:58 | 002,177,568 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2010/02/08 18:44:52 | 002,815,520 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/02/08 18:44:52 | 000,285,216 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2010/02/08 18:44:52 | 000,064,032 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2010/02/08 18:15:44 | 005,860,384 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2010/02/05 09:14:25 | 002,000,880 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GooglePinyin2.ime
[2010/02/01 16:14:54 | 001,247,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll

========== Files Created - No Company Name ==========

[2010/03/02 08:31:30 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Soon Hin\Desktop\Flash_Disinfector.exe
[2010/03/01 20:30:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/01 20:30:13 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/01 20:27:47 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/01 20:27:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/01 20:27:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/01 20:27:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/01 20:27:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/01 20:23:41 | 003,875,559 | R--- | C] () -- C:\Documents and Settings\Soon Hin\Desktop\ComboFix.exe
[2010/02/25 18:52:19 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Soon Hin\Desktop\dds.scr
[2010/02/25 12:13:43 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\Soon Hin\Desktop\NTREGOPT.lnk
[2010/02/23 11:42:14 | 000,014,258 | ---- | C] () -- C:\Documents and Settings\Soon Hin\My Documents\SDfix.pdf
[2010/02/22 15:53:47 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Soon Hin\Desktop\gmer.exe
[2010/02/22 15:45:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Soon Hin\defogger_reenable
[2010/01/29 00:30:54 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll
[2010/01/29 00:30:54 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll
[2009/12/19 21:35:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2009/11/05 13:06:55 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/10/20 10:14:45 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Soon Hin\Application Data\$_hpcst$.hpc
[2009/09/16 22:59:25 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/21 02:59:25 | 000,339,672 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/06/27 23:38:48 | 000,000,388 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2009/06/25 11:07:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/25 00:28:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/03/20 21:42:19 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/19 08:23:07 | 000,000,024 | ---- | C] () -- C:\WINDOWS\ATKPF.ini
[2009/02/18 09:52:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/02/18 09:52:58 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2009/01/11 18:18:57 | 000,000,096 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/01/10 23:11:57 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/12/31 17:04:42 | 000,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/12/28 17:25:29 | 000,145,408 | ---- | C] () -- C:\Documents and Settings\Soon Hin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/16 13:23:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/05 16:10:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/12/05 15:28:14 | 000,262,217 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/12/05 15:26:23 | 001,748,352 | R--- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/12/05 15:26:23 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008/12/05 14:59:48 | 000,005,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2008/07/26 07:31:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/26 07:31:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/07/26 07:31:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/26 07:31:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/04/07 14:00:46 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\CRFILTER.dll
[2007/06/21 10:49:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/03/18 18:40:32 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/03/18 18:40:24 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2010/01/05 18:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/01/05 18:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2009/12/16 08:51:37 | 537,365,896 | ---- | M] (VMware, Inc.) -- C:\VMWSV7.exe


< MD5 for: AGP440.SYS >
[2008/04/14 20:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 20:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/02/23 07:10:47 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2010/02/23 07:10:47 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/02/23 07:10:47 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 20:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 20:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 20:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 20:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2007/01/12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: PROQUOTA.EXE >
[2008/04/14 20:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\dllcache\proquota.exe
[2008/04/14 20:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2008/04/14 20:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 20:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 20:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< >
< End of report >

Awaiting your next advice.

Regards,

Dave


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:08 AM

Posted 03 March 2010 - 09:41 AM

Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :Services
    agisr
    marjotcqclxa
    :Commands
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.



You have an outdated version of Java installed, please download and install the latest version from here.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then please post back here with the following logs:
  • OTL results
  • ESET report
  • New DDS log

Thanks

unite.jpg

#11 woodwind

woodwind
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:10:08 AM

Posted 04 March 2010 - 03:45 AM

Hi Syler,

I have some problems with Eset Online scanner, it just stop at one of the files for very long time. The scanning process remain at 10 - 11% after 2 -3 hours on the same files. I think there may be a problems of some sort with my scanning, so I have to stop. Any way below are the log for OTL and DDS :

========== SERVICES/DRIVERS ==========
Service agisr stopped successfully!
Service agisr deleted successfully!
Service marjotcqclxa stopped successfully!
Service marjotcqclxa deleted successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.1.30.2 log created on 03032010_233912




DDS (Ver_09-12-01.01) - NTFSx86
Run by Soon Hin at 16:36:50.85 on Thu 03/04/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1282 [GMT 8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\AsScrPro.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Motorola\Software Update\mumservice.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Program Files\SingTel\McciTrayApp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\EnGenius\Common\RaUI.exe
C:\Program Files\bRoad Lanner Wave\GW-US54GXS\GW-US54GXS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\EnGenius\Common\RegistryWriter.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Soon Hin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://sg.yahoo.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://sg.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://sg.search.yahoo.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Flashget Catch Url Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: FlashGet: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\program files\flashget\fgiebar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MsgTranAgt] c:\program files\asus\atk hotkey\MsgTranAgt.exe
mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe
mRun: [ATKHOTKEY] c:\program files\asus\atk hotkey\HControl.exe
mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [Wireless Console 2] "c:\program files\wireless console 2\wcourier.exe"
mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [ACMON] "c:\program files\asus\splendid\ACMON.exe"
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" update "software\cyberlink\powerproducer\4.0"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mumservice] c:\program files\motorola\software update\mumservice.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Google Pinyin 2 Autoupdater] "c:\program files\google\google pinyin 2\GooglePinyinDaemon.exe"
mRun: [SingTel_McciTrayApp] c:\program files\singtel\McciTrayApp.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\soonhi~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\engeni~1.lnk - c:\program files\engenius\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pcigw-~1.lnk - c:\program files\broad lanner wave\gw-us54gxs\GW-US54GXS.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\rtl8187 wireless lan utility\RtWLan.exe
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: singpass-services.gov.sg\www
DPF: Garmin Communicator Plug-In
DPF: Microsoft XML Parser for Java
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxps://www4.snapfish.com.sg/SnapfishActivia.cab
DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} - hxxp://www4.snapfish.com.sg/SnapfishActivia2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = scecli psqlpwd
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\soonhi~1\applic~1\mozilla\firefox\profiles\ubcxzo4g.default\
FF - prefs.js: keyword.URL - hxxp://sg.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_sg&p=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-22 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-8-19 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-8-19 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-22 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-22 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-22 56816]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2008-11-26 323584]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-12-16 38144]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-15 236368]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\engenius\common\RegistryWriter.exe [2009-12-14 69632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-15 19160]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-12-5 39072]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-8-19 12872]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-2-17 1691480]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\f:\i386\asprocob.sys --> f:\i386\AsProcOb.sys [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2009-2-18 20608]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [2008-4-7 6656]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-5-21 42112]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-12-14 627072]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2009-12-11 332928]
S3 ZD1211BU(PLANEX COMMUNICATIONS INC.);PCI GW-US54GXS 54Mbps WLAN USB Adapter Driver(PLANEX COMMUNICATIONS INC.);c:\windows\system32\drivers\ZD1211BU.sys [2009-2-18 450560]

=============== Created Last 30 ================

2010-03-02 01:19:04 0 d-----w- C:\_OTL
2010-03-02 00:52:26 0 d-sh--w- c:\documents and settings\soon hin\UserData
2010-03-02 00:51:56 0 d-sha-r- C:\autorun.inf
2010-03-01 12:30:11 0 d-sha-r- C:\cmdcons
2010-03-01 12:27:47 98816 ----a-w- c:\windows\sed.exe
2010-03-01 12:27:47 77312 ----a-w- c:\windows\MBR.exe
2010-03-01 12:27:47 261632 ----a-w- c:\windows\PEV.exe
2010-03-01 12:27:47 161792 ----a-w- c:\windows\SWREG.exe
2010-03-01 05:16:45 0 d-----w- c:\program files\ESET
2010-02-25 06:02:42 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-25 06:02:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-02-25 01:03:17 0 d-----w- c:\program files\Enigma Software Group
2010-02-23 04:04:01 0 d-----w- c:\windows\ERUNT
2010-02-22 12:49:25 0 d-----w- c:\docume~1\soonhi~1\applic~1\IObit
2010-02-22 12:49:23 0 d-----w- c:\program files\IObit
2010-02-22 07:45:14 0 ----a-w- c:\documents and settings\soon hin\defogger_reenable
2010-02-22 02:54:39 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-22 02:54:35 0 d-----w- c:\program files\Avira
2010-02-22 02:54:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-02-19 12:37:17 0 d-----w- c:\program files\WSGConnect
2010-02-05 01:14:25 2000880 ----a-w- c:\windows\system32\GooglePinyin2.ime

==================== Find3M ====================

2010-02-22 23:10:47 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-02-08 10:45:16 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-02-08 10:45:16 358944 ----a-w- c:\windows\vncutil.exe
2010-02-08 10:45:16 1833504 ----a-w- c:\windows\SkyTel.exe
2010-02-08 10:45:12 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-02-08 10:45:12 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-02-08 10:45:06 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-02-08 10:45:04 18790432 ----a-w- c:\windows\RTHDCPL.EXE
2010-02-08 10:45:04 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-02-08 10:44:58 2177568 ----a-w- c:\windows\MicCal.exe
2010-02-08 10:44:52 64032 ----a-w- c:\windows\ALCMTR.EXE
2010-02-08 10:44:52 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-02-08 10:15:44 5860384 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-02-01 08:14:54 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-01-28 16:31:07 2048 ----a-w- c:\windows\system32\Tr_sttool.dat
2010-01-28 16:30:54 585728 ----a-w- c:\windows\system32\bsratswf.dll
2010-01-28 16:30:54 147456 ----a-w- c:\windows\system32\bsratwmv.dll
2010-01-07 08:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 08:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00:29 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-21 11:20:05 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2009-12-19 13:35:20 155648 ----a-w- c:\windows\system32\libssl32.dll
2009-12-17 09:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 00:51:37 537365896 ----a-w- C:\VMWSV7.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 05:36:24 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2007-05-01 14:52:54 28464 ----a-w- c:\windows\inf\vmnetBridge.sys
2007-05-01 14:51:04 50992 ----a-r- c:\windows\inf\vmnetBridge.dll
2007-05-01 14:51:02 30768 ----a-r- c:\windows\inf\vmusb.sys
2007-05-01 14:51:02 17712 ----a-r- c:\windows\inf\vmnet.sys
2007-05-01 14:51:02 16816 ----a-r- c:\windows\inf\vmnetAdapter.sys
2007-05-01 14:51:02 13104 ----a-r- c:\windows\inf\vnetinst.dll

============= FINISH: 16:37:41.76 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/5/2008 1:15:50 PM
System Uptime: 3/4/2010 4:31:48 PM (0 hours ago)

Motherboard: ASUSTeK Computer Inc. | | N10Jc
Processor: Intel® Atom™ CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 78 GiB total, 42.82 GiB free.
D: is FIXED (NTFS) - 138 GiB total, 113.111 GiB free.
E: is FIXED (NTFS) - 82 GiB total, 32.287 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 3/1/2010 8:27:46 PM - System Checkpoint
RP2: 3/2/2010 9:30:01 AM - OTL Restore Point
RP3: 3/3/2010 11:47:27 PM - Installed Java™ 6 Update 18

==== Installed Programs ======================

??????? 2.2
32 Bit HP CIO Components Installer
AAC Decoder
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9.3.1 - CPSID_50570
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Apple Mobile Device Support
Apple Software Update
ASUS Live Update
ASUS MultiFrame
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WL-330gE Wireless AP
ASUS Zoom In
ASUS_Notebook_N10 Screen Saver
Atheros Client Installation Program
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Bluetooth Stack for Windows by Toshiba
BPD_Scan
BroadBand on Mobile
BSR Screen Recorder 4
Camfrog Video Chat 5.4
Canon iP1800 series
Connection Manager
Critical Update for Windows Media Player 11 (KB959772)
CyberLink DVD Suite
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
eMule
EnGenius EnGenius 11n Wireless USB Adapter
ERUNT 1.1j
ESET Online Scanner v3
Eudora
Express Gate
FlashGet(Jetcar) 1.80
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
Google Earth
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Drive Key Boot Utility
HP Officejet J3500 Series
HP USB Disk Storage Format Tool
ImgBurn
iTunes
Java Auto Updater
Java™ 6 Update 18
Junk Mail filter update
LabelPrint
LifeFrame2
LightScribe System Software 1.12.37.1
Loki ActiveX Control
Malwarebytes' Anti-Malware
MediaShow
MFM-Garmin 100118
MFM v1.74
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
Mobile Partner
Motorola Software Update
Mozilla Firefox (3.5.8)
Mozilla Thunderbird (2.0.0.23)
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Multimedia Card Reader
NB Probe
Nero OEM
NVIDIA Drivers
OGA Notifier 1.7.0105.35.0
PC Connectivity Solution
PCI GW-US54GXS 54Mbps WLAN USB Adapter
PhotoNow!
Power2Go
Power4 Gear
PowerDirector
PowerDVD
PowerProducer
Protector Suite QL 5.8
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
REALTEK RTL8187 Wireless LAN Driver and Utility
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Samsung Mobile USB Modem Software
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Skype web features
Skype™ 4.1
Smart Defrag
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB 2.0 1.3M UVC WebCam
v1.61u
VC80CRTRedist - 8.0.50727.4053
WBFS Manager 3.0
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
WinFlash
WinImage
WinRAR archiver
Wireless Console 2
Wireless@SG SingTel (1.0.0.0)
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

3/2/2010 9:19:07 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2010 9:19:05 AM, error: Service Control Manager [7034] - The TOSHIBA Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2010 9:19:05 AM, error: Service Control Manager [7034] - The spmgr service terminated unexpectedly. It has done this 1 time(s).
3/2/2010 9:19:05 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
3/2/2010 9:19:05 AM, error: Service Control Manager [7034] - The Ralink Registry Writer service terminated unexpectedly. It has done this 1 time(s).
3/2/2010 9:19:05 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2010 9:19:05 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
3/2/2010 9:19:05 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2010 9:19:05 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/2/2010 9:19:05 AM, error: Service Control Manager [7034] - The DeviceVM Meta Data Export Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2010 9:19:05 AM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
3/2/2010 9:19:05 AM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2010 9:19:05 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/1/2010 8:31:40 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
3/1/2010 8:31:40 PM, error: Service Control Manager [7034] - The ATKGFNEX Service service terminated unexpectedly. It has done this 1 time(s).
3/1/2010 7:59:04 AM, error: Service Control Manager [7022] - The IPv6 Helper Service service hung on starting.
3/1/2010 7:57:58 AM, error: Service Control Manager [7028] - The agisr Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
3/1/2010 4:10:12 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
3/1/2010 4:10:12 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
3/1/2010 4:10:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm SASDIFSV SASKUTIL ssmdrv Tosrfcom
3/1/2010 3:54:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/1/2010 3:52:47 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
3/1/2010 3:52:47 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
3/1/2010 12:16:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/1/2010 12:13:05 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip Tcpip6 Tosrfcom WS2IFSL
3/1/2010 12:13:05 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2010 12:13:05 AM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2010 12:13:05 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2010 12:13:05 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2010 12:13:05 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2010 12:13:05 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2010 12:13:05 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/28/2010 3:45:56 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/28/2010 12:51:23 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
2/28/2010 12:25:53 PM, error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 10047 (0x273F).
2/25/2010 8:32:03 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the VMware Authorization Service service to connect.
2/25/2010 8:32:03 AM, error: Service Control Manager [7000] - The VMware Authorization Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/25/2010 1:17:35 AM, error: Dhcp [1002] - The IP address lease 192.168.1.66 for the Network Card with network address 00224352567F has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


Awaiting your advice. thank you.

Regards,


Dave

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:08 AM

Posted 04 March 2010 - 04:40 PM

Hi Dave,

Your logs look fine to me now.

Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /uninstall in the run box and click OK. Note the space between the X and the /, it needs to be there.



Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall your computer is
succeptible to being hacked and taken over. Windows firewall is good for blocking inbound connections but it does not block
outbound connections. So if Malware manages to get onto your computer it will be able to send data out when it wants.
Here are some free firewalls I would recomend, only install one of these.

Zone Alarm
comodo..........Note: Only Install the Firewall as a standalone if you already have an AntiVirus installed on your computer.

After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall
and choose Off (not recommended) option. Then click Apply and Ok.

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg

#13 woodwind

woodwind
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:10:08 AM

Posted 05 March 2010 - 02:36 AM


Hi Syler,

Thank you very much for your kind help and assistant.

Greatly appreciate your works.

Regards,


Dave

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:08 AM

Posted 05 March 2010 - 04:12 PM

Your very welcome smile.gif

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg

Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·