Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

remove spyware


  • This topic is locked This topic is locked
4 replies to this topic

#1 timestop

timestop

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 03 March 2010 - 10:55 AM

Hi i have run the hijack log file as below. Hope that you can help me to remove the spyware. thanks

Logfile of HijackThis v1.99.1
Scan saved at 1:31:03 AM, on 3/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
E:\PPStream\PPStream.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/application.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: D - {EDED58B4-A531-324A-9E5E-4D9F8383376B} - C:\WINDOWS\system32\xwr44828.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PPS.lnk = E:\PPStream\PPStream.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/.....;/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9c1b8eba86156) (gupdate1c9c1b8eba86156) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 AM

Posted 07 March 2010 - 08:40 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 timestop

timestop
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 08 March 2010 - 12:21 PM

OTL logfile created on: 3/9/2010 1:02:16 AM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\Jia Loon\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 5.28 Gb Free Space | 6.75% Space Free | Partition Type: NTFS
Drive D: | 78.13 Gb Total Space | 67.51 Gb Free Space | 86.41% Space Free | Partition Type: NTFS
Drive E: | 76.62 Gb Total Space | 39.63 Gb Free Space | 51.72% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIGITAL-5DFA2FD
Current User Name: Jia Loon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/09 01:01:14 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jia Loon\Desktop\OTL.exe
PRC - [2010/02/19 17:56:37 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/13 13:10:44 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/08/16 11:08:26 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/16 11:08:25 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/16 11:08:08 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/16 11:08:06 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/16 11:07:20 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/05 10:37:58 | 012,313,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/05/26 21:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/03/23 17:11:08 | 002,507,128 | ---- | M] (PPStream Inc.) -- E:\PPStream\PPStream.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/31 03:41:47 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/08/18 18:41:00 | 001,832,272 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/07/27 22:59:57 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/01 17:39:48 | 000,486,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2007/12/14 03:42:38 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
PRC - [2007/12/14 03:42:37 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
PRC - [2007/11/02 03:57:24 | 002,756,096 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe
PRC - [2007/06/13 18:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/16 18:57:24 | 001,945,960 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007/02/16 18:49:58 | 000,149,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/02/16 18:49:50 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/02/16 18:45:30 | 001,169,776 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2006/12/15 10:59:12 | 000,217,088 | R--- | M] (TODO: <Company name>) -- C:\WINDOWS\system32\WinSys2.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/10/19 22:52:32 | 000,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/10/19 22:31:54 | 000,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2003/06/25 11:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd.exe


========== Modules (SafeList) ==========

MOD - [2010/03/09 01:01:14 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jia Loon\Desktop\OTL.exe
MOD - [2006/08/25 23:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (npggsvc)
SRV - [2009/08/16 11:08:06 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/16 11:07:20 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/04/24 01:18:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/31 03:41:47 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/02/16 18:49:50 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/10/19 22:31:54 | 000,749,568 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2003/08/11 14:43:16 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/08/16 11:08:26 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/16 11:08:25 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/12 19:52:44 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/02/05 23:12:29 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/02/05 22:59:44 | 000,180,224 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\WinVd32.sys -- (WinVd32)
DRV - [2009/02/05 22:59:44 | 000,016,896 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\WinFl32.sys -- (WinFl32)
DRV - [2008/06/13 23:24:58 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/03/04 16:50:49 | 000,051,440 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/03/01 15:24:13 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/02/22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/02/22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/02/22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/10/24 18:21:41 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/10/24 18:21:41 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/10/24 18:21:23 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/10/21 11:47:07 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2007/07/11 15:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/11 10:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/11 10:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/06/05 10:56:40 | 000,044,928 | ---- | M] (Panda Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS -- (SDTHOOK)
DRV - [2007/04/12 23:44:00 | 006,738,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/04/04 17:24:00 | 004,258,496 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/07 00:43:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2006/10/10 13:53:48 | 000,005,632 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/06/08 10:49:50 | 000,344,064 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/02/16 17:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows « Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2001/08/23 20:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2001/06/21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2001/04/09 20:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1085031214-436374069-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
IE - HKU\S-1-5-21-1085031214-436374069-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1085031214-436374069-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-436374069-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1085031214-436374069-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://localhost:9000/application.pac

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/23 00:10:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 17:57:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 17:57:12 | 000,000,000 | ---D | M]

[2008/08/29 20:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jia Loon\Application Data\Mozilla\Extensions
[2010/03/09 00:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jia Loon\Application Data\Mozilla\Firefox\Profiles\4cxp4v98.default\extensions
[2009/09/04 21:41:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jia Loon\Application Data\Mozilla\Firefox\Profiles\4cxp4v98.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/25 17:43:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Jia Loon\Application Data\Mozilla\Firefox\Profiles\4cxp4v98.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/08 03:16:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Jia Loon\Application Data\Mozilla\Firefox\Profiles\4cxp4v98.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/03/08 03:16:53 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Jia Loon\Application Data\Mozilla\Firefox\Profiles\4cxp4v98.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2009/06/28 12:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jia Loon\Application Data\Mozilla\Firefox\Profiles\4cxp4v98.default\extensions\searchrecs@veoh.com
[2008/06/13 23:34:54 | 000,002,921 | ---- | M] () -- C:\Documents and Settings\Jia Loon\Application Data\Mozilla\Firefox\Profiles\4cxp4v98.default\searchplugins\daemon-search.xml
[2010/03/01 00:34:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/30 22:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2009/04/24 01:16:26 | 000,262,117 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 9097 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (D) - {EDED58B4-A531-324A-9E5E-4D9F8383376B} - C:\WINDOWS\System32\xwr44828.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SW20] C:\WINDOWS\system32\sw20.exe ()
O4 - HKLM..\Run: [SW24] C:\WINDOWS\system32\sw24.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe (TODO: <Company name>)
O4 - HKU\S-1-5-21-1085031214-436374069-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1085031214-436374069-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1085031214-436374069-725345543-1003..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Jia Loon\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Jia Loon\Start Menu\Programs\Startup\PPS.lnk = E:\PPStream\PPStream.exe (PPStream Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-436374069-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.1.58 218.186.1.88 202.156.1.78
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Jia Loon\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jia Loon\Application Data\Mozilla\Firefox\Desktop Background.bmp
O27 - HKLM IFEO\ctfmon.exe: Debugger - C:\WINDOWS\system32\ctfmon_kz.exe File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/24 00:51:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2007/10/18 01:27:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{02c247f6-86e8-11dc-82b1-00120e779048}\Shell\Auto\command - "" = My_Heart.exe
O33 - MountPoints2\{02c247f6-86e8-11dc-82b1-00120e779048}\Shell\AutoRun\command - "" = My_Heart.exe
O33 - MountPoints2\{02c247f6-86e8-11dc-82b1-00120e779048}\Shell\Explore\command - "" = My_Heart.exe
O33 - MountPoints2\{02c247f6-86e8-11dc-82b1-00120e779048}\Shell\OPEN\command - "" = My_Heart.exe
O33 - MountPoints2\{78425ec8-7d8c-11dc-828b-00120e779048}\Shell - "" = AutoRun
O33 - MountPoints2\{78425ec8-7d8c-11dc-828b-00120e779048}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78425ec8-7d8c-11dc-828b-00120e779048}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{78425ec9-7d8c-11dc-828b-00120e779048}\Shell - "" = AutoRun
O33 - MountPoints2\{78425ec9-7d8c-11dc-828b-00120e779048}\Shell\Auto\command - "" = auto.exe
O33 - MountPoints2\{78425ec9-7d8c-11dc-828b-00120e779048}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8db50039-d95e-11dc-837d-00120e779048}\Shell - "" = AutoRun
O33 - MountPoints2\{8db50039-d95e-11dc-837d-00120e779048}\Shell\0\command - "" = I:\tool.exe -- File not found
O33 - MountPoints2\{8db50039-d95e-11dc-837d-00120e779048}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\T\Shell - "" = AutoRun
O33 - MountPoints2\T\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\T\Shell\AutoRun\command - "" = T:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/10/18 09:07:19 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2DE9CC72-D24F-285D-B7E9-642CB6C06E01} - Microsoft Windows Media Player 6.4
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9BC42CFF-2FBD-3304-969E-7FC493B0CDFB} - Microsoft Windows Media Player
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {DB8ABB10-0C73-38C7-1D8B-5A33606FABDE} - DirectAnimation
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA19FE36-B77B-5E64-0AF7-CEB7A1139930} - Microsoft Windows Media Player 6.4
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/09 01:01:12 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jia Loon\Desktop\OTL.exe
[2010/02/28 23:36:01 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/02/28 23:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/02/22 20:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2010/02/22 20:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2010/02/22 20:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\PPLive
[2010/02/22 20:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PPLiveNetwork
[2010/02/20 14:23:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/11/04 00:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2009/10/15 23:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2009/04/21 06:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/20 21:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/08/31 03:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/08/31 03:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/31 03:21:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/08/31 03:21:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/02/21 12:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/09 01:10:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/09 01:10:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/09 01:01:14 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jia Loon\Desktop\OTL.exe
[2010/03/09 00:55:01 | 000,001,617 | ---- | M] () -- C:\WINDOWS\psnetwork.ini
[2010/03/09 00:36:44 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Jia Loon\My Documents\~$ i work as IT support.doc
[2010/03/09 00:21:23 | 000,000,140 | ---- | M] () -- C:\WINDOWS\powerlist.ini
[2010/03/09 00:21:15 | 000,001,799 | ---- | M] () -- C:\WINDOWS\powerplayer.ini
[2010/03/09 00:20:27 | 000,000,113 | ---- | M] () -- C:\WINDOWS\PPSMediaList.ini
[2010/03/09 00:20:17 | 000,000,053 | ---- | M] () -- C:\biosinfo
[2010/03/09 00:20:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/09 00:19:13 | 000,014,030 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2010/03/09 00:18:54 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/03/09 00:18:21 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/03/09 00:18:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/09 00:16:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/08 17:04:50 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Jia Loon\ntuser.dat
[2010/03/07 20:39:49 | 056,819,350 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/07 14:00:32 | 000,260,536 | ---- | M] () -- C:\Documents and Settings\Jia Loon\Desktop\BSBZ.pdf
[2010/03/03 21:58:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/03/03 20:42:43 | 000,056,326 | ---- | M] () -- C:\Documents and Settings\Jia Loon\Desktop\Global+Certification+Prices.pdf
[2010/03/02 21:21:35 | 000,901,632 | ---- | M] () -- C:\Documents and Settings\Jia Loon\Desktop\sop.ppt
[2010/03/01 20:54:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1201870284.job
[2010/02/28 23:31:13 | 000,177,240 | ---- | M] () -- C:\Documents and Settings\Jia Loon\Desktop\activescan2_en.exe
[2010/02/28 02:10:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/28 01:10:45 | 000,048,327 | ---- | M] () -- C:\Documents and Settings\Jia Loon\Desktop\4919_92272683835_573808835_1869714_520703_n.jpg
[2010/02/28 01:07:17 | 000,041,441 | ---- | M] () -- C:\Documents and Settings\Jia Loon\Desktop\n573808835_1674255_7271932.jpg
[2010/02/28 01:02:11 | 000,049,041 | ---- | M] () -- C:\Documents and Settings\Jia Loon\Desktop\6536_103691493835_573808835_2044484_6722255_n.jpg
[2010/02/27 18:45:09 | 000,848,384 | ---- | M] () -- C:\Documents and Settings\Jia Loon\Desktop\SOP5242.ppt
[2010/02/25 20:40:21 | 002,158,385 | ---- | M] () -- C:\Documents and Settings\Jia Loon\Desktop\IMG_1092.jpg
[2010/02/25 20:40:11 | 001,950,516 | ---- | M] () -- C:\Documents and Settings\Jia Loon\Desktop\IMG_1064.jpg
[2010/02/25 20:40:05 | 001,720,876 | ---- | M] () -- C:\Documents and Settings\Jia Loon\Desktop\IMG_1058(2).jpg
[2010/02/25 20:40:02 | 001,720,876 | ---- | M] () -- C:\Documents and Settings\Jia Loon\Desktop\IMG_1058.jpg
[2010/02/22 20:16:16 | 000,054,831 | ---- | M] () -- C:\Documents and Settings\Jia Loon\Desktop\13363_207748408835_573808835_2898883_3129093_n.jpg
[2010/02/22 20:14:40 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PPLiveVA.lnk
[2010/02/22 20:14:03 | 000,001,210 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PPTV Online Video.lnk
[2010/02/22 20:14:02 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PPTV.lnk
[2010/02/21 20:15:39 | 000,046,236 | ---- | M] () -- C:\Documents and Settings\Jia Loon\Desktop\IMG_5038.JPG
[2010/02/20 17:54:33 | 000,148,616 | ---- | M] () -- C:\Documents and Settings\Jia Loon\Desktop\Bachelor of Accountancy (Honours).pdf
[2010/02/14 22:25:09 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Jia Loon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/11 02:05:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/09 00:36:44 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Jia Loon\My Documents\~$ i work as IT support.doc
[2010/03/07 14:00:31 | 000,260,536 | ---- | C] () -- C:\Documents and Settings\Jia Loon\Desktop\BSBZ.pdf
[2010/03/03 20:42:41 | 000,056,326 | ---- | C] () -- C:\Documents and Settings\Jia Loon\Desktop\Global+Certification+Prices.pdf
[2010/03/02 20:40:16 | 000,901,632 | ---- | C] () -- C:\Documents and Settings\Jia Loon\Desktop\sop.ppt
[2010/02/28 23:30:48 | 000,177,240 | ---- | C] () -- C:\Documents and Settings\Jia Loon\Desktop\activescan2_en.exe
[2010/02/28 01:10:44 | 000,048,327 | ---- | C] () -- C:\Documents and Settings\Jia Loon\Desktop\4919_92272683835_573808835_1869714_520703_n.jpg
[2010/02/28 01:07:17 | 000,041,441 | ---- | C] () -- C:\Documents and Settings\Jia Loon\Desktop\n573808835_1674255_7271932.jpg
[2010/02/28 01:02:10 | 000,049,041 | ---- | C] () -- C:\Documents and Settings\Jia Loon\Desktop\6536_103691493835_573808835_2044484_6722255_n.jpg
[2010/02/27 18:45:06 | 000,848,384 | ---- | C] () -- C:\Documents and Settings\Jia Loon\Desktop\SOP5242.ppt
[2010/02/25 20:40:12 | 002,158,385 | ---- | C] () -- C:\Documents and Settings\Jia Loon\Desktop\IMG_1092.jpg
[2010/02/25 20:40:06 | 001,950,516 | ---- | C] () -- C:\Documents and Settings\Jia Loon\Desktop\IMG_1064.jpg
[2010/02/25 20:40:00 | 001,720,876 | ---- | C] () -- C:\Documents and Settings\Jia Loon\Desktop\IMG_1058(2).jpg
[2010/02/25 20:39:58 | 001,720,876 | ---- | C] () -- C:\Documents and Settings\Jia Loon\Desktop\IMG_1058.jpg
[2010/02/22 20:16:15 | 000,054,831 | ---- | C] () -- C:\Documents and Settings\Jia Loon\Desktop\13363_207748408835_573808835_2898883_3129093_n.jpg
[2010/02/22 20:14:40 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PPLiveVA.lnk
[2010/02/22 20:14:03 | 000,001,210 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PPTV Online Video.lnk
[2010/02/22 20:14:02 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PPTV.lnk
[2010/02/21 20:15:38 | 000,046,236 | ---- | C] () -- C:\Documents and Settings\Jia Loon\Desktop\IMG_5038.JPG
[2010/02/20 17:54:32 | 000,148,616 | ---- | C] () -- C:\Documents and Settings\Jia Loon\Desktop\Bachelor of Accountancy (Honours).pdf
[2009/06/08 17:46:14 | 000,000,022 | ---- | C] () -- C:\WINDOWS\msgtn.ini
[2009/05/04 00:47:44 | 000,000,070 | ---- | C] () -- C:\WINDOWS\PCDNSetting.ini
[2009/05/04 00:36:41 | 000,000,113 | ---- | C] () -- C:\WINDOWS\PPSMediaList.ini
[2009/05/04 00:36:40 | 000,000,140 | ---- | C] () -- C:\WINDOWS\powerlist.ini
[2009/05/04 00:36:25 | 000,001,799 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2009/05/04 00:36:25 | 000,001,617 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2009/02/05 23:13:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/02/05 22:59:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2009/02/05 22:59:44 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\WinFl32.sys
[2009/02/05 22:50:03 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/12/30 21:36:40 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2008/12/30 21:36:33 | 000,253,952 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2008/12/30 21:36:33 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2008/12/30 21:36:32 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2008/12/30 21:36:32 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2008/12/30 21:36:32 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2008/11/23 20:45:34 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/06/13 23:24:57 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/14 23:43:59 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/03/14 23:43:59 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/03/14 23:43:59 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/03/14 23:43:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008/03/03 11:48:36 | 000,000,125 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/03/01 13:11:55 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2008/02/24 01:17:16 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Jia Loon\Local Settings\Application Data\fusioncache.dat
[2008/02/01 20:24:51 | 000,065,678 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/02/01 20:24:00 | 000,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2007/11/24 00:02:37 | 000,139,008 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2007/11/14 13:53:54 | 000,000,114 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/11/10 23:57:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/31 09:54:49 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/10/31 09:54:49 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\DE3F20990C.sys
[2007/10/28 00:18:08 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/24 18:02:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/21 11:47:07 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2007/10/18 09:46:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2007/10/18 01:34:41 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Jia Loon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/08 16:30:12 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/08/02 18:11:28 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2007/08/02 18:11:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/04/12 23:44:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/12 23:44:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/12 23:44:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/12 23:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/12 23:44:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/08/22 03:05:16 | 000,346,624 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2008/08/22 03:05:10 | 000,217,088 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 08:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 07:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 07:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/07 02:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/07 02:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 07:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 07:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 07:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >





[*]Extra.txt<--Will be minimized


OTL Extras logfile created on: 3/9/2010 1:02:16 AM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\Jia Loon\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 5.28 Gb Free Space | 6.75% Space Free | Partition Type: NTFS
Drive D: | 78.13 Gb Total Space | 67.51 Gb Free Space | 86.41% Space Free | Partition Type: NTFS
Drive E: | 76.62 Gb Total Space | 39.63 Gb Free Space | 51.72% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIGITAL-5DFA2FD
Current User Name: Jia Loon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6881:TCP" = 6881:TCP:*:Enabled:bittornado
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"94:TCP" = 94:TCP:*:Enabled:VRS Recording System Web Control Panel
"81:TCP" = 81:TCP:*:Enabled:Axon Virtual PBX Web Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:BitTornado -- ()
"C:\Program Files\Autodesk\Maya2008\bin\maya.exe" = C:\Program Files\Autodesk\Maya2008\bin\maya.exe:*:Enabled:Maya -- (Autodesk)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ÁTorrent -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"C:\Program Files\NCH Swift Sound\Axon\axon.exe" = C:\Program Files\NCH Swift Sound\Axon\axon.exe:*:Disabled:Axon Virtual PBX -- File not found
"E:\PPStream\PPStream.exe" = E:\PPStream\PPStream.exe:*:Enabled:PPS═°┬šÁš╩Ë -- (PPStream Inc.)
"E:\PPStream\PPSAP.exe" = E:\PPStream\PPSAP.exe:*:Enabled:PPS ═°┬š╝Ë╦┘ø -- (PPStream Inc)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"D:\softnyx\GunboundWC\GunBound.gme" = D:\softnyx\GunboundWC\GunBound.gme:*:Enabled:GunBound -- (Softnyx)
"D:\PPLive\PPLive.exe" = D:\PPLive\PPLive.exe:*:Enabled:PPLive -- File not found
"D:\PPLive\PPLiveU.exe" = D:\PPLive\PPLiveU.exe:*:Enabled:PPLiveU -- ( )
"C:\Program Files\PPLiveVA\PPLiveVA.exe" = C:\Program Files\PPLiveVA\PPLiveVA.exe:*:Enabled:PPLiveVA -- File not found
"C:\Program Files\PPLiveVA\FlvPick.exe" = C:\Program Files\PPLiveVA\FlvPick.exe:*:Enabled:FlvPick -- File not found
"C:\Program Files\PPLiveVA\CrashUpload.exe" = C:\Program Files\PPLiveVA\CrashUpload.exe:*:Enabled:CrashUpload -- File not found
"C:\Program Files\PPLiveVA\Download.exe" = C:\Program Files\PPLiveVA\Download.exe:*:Enabled:Download -- File not found
"C:\Program Files\PPLiveVA\DownloadProgress.exe" = C:\Program Files\PPLiveVA\DownloadProgress.exe:*:Enabled:DownloadProgress -- File not found
"C:\Documents and Settings\All Users\Application Data\PPLiveVA\Application\PPAP.exe" = C:\Documents and Settings\All Users\Application Data\PPLiveVA\Application\PPAP.exe:*:Enabled:PPAP -- File not found
"C:\Program Files\PPLive\PPVA\PPLiveVA.exe" = C:\Program Files\PPLive\PPVA\PPLiveVA.exe:*:Enabled:PPLiveVA -- (Synacast)
"C:\Program Files\PPLive\PPVA\PPLiveVA_U.exe" = C:\Program Files\PPLive\PPVA\PPLiveVA_U.exe:*:Enabled:PPLiveVA -- (Synacast)
"C:\Program Files\PPLive\PPVA\FlvPick.exe" = C:\Program Files\PPLive\PPVA\FlvPick.exe:*:Enabled:FlvPick -- ()
"C:\Program Files\PPLive\PPVA\crashreporter.exe" = C:\Program Files\PPLive\PPVA\crashreporter.exe:*:Enabled:CrashUpload -- (Synacast)
"C:\Program Files\PPLive\PPVA\PPVADownload.exe" = C:\Program Files\PPLive\PPVA\PPVADownload.exe:*:Enabled:Download -- (Synacast)
"C:\Program Files\PPLive\PPVA\DownloadProgress.exe" = C:\Program Files\PPLive\PPVA\DownloadProgress.exe:*:Enabled:DownloadProgress -- (Synacast)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0e4a0db5-801d-489e-85c0-6c3f96335d20}" = 1300Trb
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CAD83B0-87A3-4206-BF70-644546808731}" = Overland
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2274624C-5B38-41AD-AD27-CEC0924EB628}" = Adobe Setup
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{2F05CEAF-A575-41E5-B3D0-FE4CEF83CA0A}" = Maya 2009
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23}" = Autodesk DirectConnect 2009
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = AcronisáTrueáImageáHome
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6C70ACE2-6EF2-4F8D-8C4A-78198AA979DD}" = Maya 2008 Documentation (en_US)
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6dc18d50-8cc3-4dea-a666-ea6f01907663}" = 1300
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DA83EA6-E731-4722-958D-613399AE1033}" = Nero 7 Essentials
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{994F28D3-8695-4016-B707-D567803BDEC9}" = MCP Program Testing Innovations Demonstration
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{b17cf867-a4e5-41ba-a646-50f237810eca}" = 1300_Help
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}" = Autodesk DirectConnect 2.0
"{C086DBAD-BB4B-4D0E-B980-70F469EFBFE4}" = iriver LDB Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{c46485b1-6527-4937-9dc0-29bb5d5613fe}" = 1300Tour
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}" = HP Software Update
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{d40e4a88-ebc8-4d52-be3c-a4917a057ef0}" = Fax
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{DA864DC0-0BF2-454B-A6A9-08A45EB97D3B}" = Maya 2008
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
"Adobe_cbb2ea61da9c780bd7e47a5230a9ed7" = Adobe Stock Photos CS3
"AdVantage_DAEM" = AdVantage (Powering DAEMON Tools)
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.4 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.5
"BitTornado" = BitTornado 0.3.17
"CDisplay_is1" = CDisplay 1.8
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dragon Ball Z - Evolution" = Dragon Ball Z - Evolution
"EsetOnlineScanner" = ESET Online Scanner
"Exact Audio Copy" = Exact Audio Copy 0.99pb3
"Exam Formatter_is1" = Exam Formatter 2.3
"foobar2000" = foobar2000 v0.9.4.5
"Google Chrome" = Google Chrome
"GunboundWC_is1" = GunboundWC
"HijackThis" = HijackThis 1.99.1
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Beta 2
"iriver Firmware Updater" = iriver Firmware Updater (remove only)
"iriver plus 3" = iriver plus 3 (remove only)
"iriverter" = iriverter 0.16
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Panda ActiveScan" = Panda ActiveScan
"PPLive" = PPTV V2.4.1.0014
"PPStream" = PPStream
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 6.0" = RealPlayer
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shake-v2.51.1116" = Shake-v2.51.1116
"Stellar Phoenix Excel Recovery_is1" = Stellar Phoenix Excel Recovery v3.2
"Tablet Driver" = Tablet
"Veoh Web Player Beta" = Veoh Web Player
"Visual CertExam Suite_is1" = Visual CertExam Suite 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1085031214-436374069-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"PPLiveVA" = PPLive Video Accelerator
"uTorrent" = ÁTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/15/2010 11:59:17 AM | Computer Name = DIGITAL-5DFA2FD | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 11.0.0.372, faulting module
rjbviz.dll, version 1.0.2.4662, fault address 0x0000b372.

Error - 2/19/2010 5:57:01 AM | Computer Name = DIGITAL-5DFA2FD | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.2.23, faulting module
kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.

Error - 2/20/2010 5:58:56 AM | Computer Name = DIGITAL-5DFA2FD | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 11.0.0.372, faulting module
unknown, version 0.0.0.0, fault address 0x08e4c530.

Error - 2/22/2010 1:26:26 PM | Computer Name = DIGITAL-5DFA2FD | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 2/22/2010 1:26:26 PM | Computer Name = DIGITAL-5DFA2FD | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 2/28/2010 7:23:05 AM | Computer Name = DIGITAL-5DFA2FD | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 8.1.0.137, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/28/2010 1:12:32 PM | Computer Name = DIGITAL-5DFA2FD | Source = Application Error | ID = 1000
Description = Faulting application ad-aware.exe, version 7.1.0.10, faulting module
ad-aware.exe, version 7.1.0.10, fault address 0x00157058.

Error - 3/3/2010 7:10:09 AM | Computer Name = DIGITAL-5DFA2FD | Source = Google Update | ID = 20
Description =

Error - 3/4/2010 10:24:46 AM | Computer Name = DIGITAL-5DFA2FD | Source = Application Error | ID = 1000
Description = Faulting application ppap.exe, version 2.3.0.2, faulting module vaproxyd.dll,
version 1.0.0.44, fault address 0x00022d6c.

Error - 3/5/2010 7:10:09 AM | Computer Name = DIGITAL-5DFA2FD | Source = Google Update | ID = 20
Description =

[ Application Events ]
Error - 2/15/2010 11:59:17 AM | Computer Name = DIGITAL-5DFA2FD | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 11.0.0.372, faulting module
rjbviz.dll, version 1.0.2.4662, fault address 0x0000b372.

Error - 2/19/2010 5:57:01 AM | Computer Name = DIGITAL-5DFA2FD | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.2.23, faulting module
kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.

Error - 2/20/2010 5:58:56 AM | Computer Name = DIGITAL-5DFA2FD | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 11.0.0.372, faulting module
unknown, version 0.0.0.0, fault address 0x08e4c530.

Error - 2/22/2010 1:26:26 PM | Computer Name = DIGITAL-5DFA2FD | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 2/22/2010 1:26:26 PM | Computer Name = DIGITAL-5DFA2FD | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 2/28/2010 7:23:05 AM | Computer Name = DIGITAL-5DFA2FD | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 8.1.0.137, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/28/2010 1:12:32 PM | Computer Name = DIGITAL-5DFA2FD | Source = Application Error | ID = 1000
Description = Faulting application ad-aware.exe, version 7.1.0.10, faulting module
ad-aware.exe, version 7.1.0.10, fault address 0x00157058.

Error - 3/3/2010 7:10:09 AM | Computer Name = DIGITAL-5DFA2FD | Source = Google Update | ID = 20
Description =

Error - 3/4/2010 10:24:46 AM | Computer Name = DIGITAL-5DFA2FD | Source = Application Error | ID = 1000
Description = Faulting application ppap.exe, version 2.3.0.2, faulting module vaproxyd.dll,
version 1.0.0.44, fault address 0x00022d6c.

Error - 3/5/2010 7:10:09 AM | Computer Name = DIGITAL-5DFA2FD | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 3/7/2010 1:12:30 AM | Computer Name = DIGITAL-5DFA2FD | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00120E779048 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/7/2010 1:14:53 AM | Computer Name = DIGITAL-5DFA2FD | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2

Error - 3/7/2010 2:03:34 PM | Computer Name = DIGITAL-5DFA2FD | Source = DCOM | ID = 10010
Description = The server {66B093B7-B5E3-4CFE-B32B-FEB55F172481} did not register
with DCOM within the required timeout.

Error - 3/8/2010 1:54:40 AM | Computer Name = DIGITAL-5DFA2FD | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.103 for the Network Card with network
address 00120E779048 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/8/2010 1:54:46 AM | Computer Name = DIGITAL-5DFA2FD | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00120E779048. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 3/8/2010 1:57:01 AM | Computer Name = DIGITAL-5DFA2FD | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2

Error - 3/8/2010 2:16:31 AM | Computer Name = DIGITAL-5DFA2FD | Source = DCOM | ID = 10010
Description = The server {66B093B7-B5E3-4CFE-B32B-FEB55F172481} did not register
with DCOM within the required timeout.

Error - 3/8/2010 4:29:23 AM | Computer Name = DIGITAL-5DFA2FD | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2

Error - 3/8/2010 5:04:21 AM | Computer Name = DIGITAL-5DFA2FD | Source = DCOM | ID = 10010
Description = The server {66B093B7-B5E3-4CFE-B32B-FEB55F172481} did not register
with DCOM within the required timeout.

Error - 3/8/2010 12:19:42 PM | Computer Name = DIGITAL-5DFA2FD | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2


< End of report >



Hi, i have run the scan, please see above for the 2 text file. thanks alot for your help..

Edited by myrti, 08 March 2010 - 03:18 PM.
removed quote-tags


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 AM

Posted 08 March 2010 - 03:25 PM

Hi,

please run a scan with gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 AM

Posted 13 March 2010 - 07:42 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users