Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect

Started by Sunny Dee , Jul 15 2009 12:40 PM

  • Please log in to reply

#1
Sunny Dee
Posted 15 July 2009 - 12:40 PM

Sunny Dee

    New Member

  • Member
  • Pip
  • 5 posts
Hi,

My google search results are being redirected when I click on them through FireFox (not IE though).

I had fixed the problem but now it is back. MalwareBytes Anti-Malware doesn't detect anything, nor does Prevx.

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:40 AM, on 7/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\VMware\VMware Tools\vmacthlp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\IDrive\IDriveE Service.exe
C:\Program Files\IDrive\IDrivePlugin.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IDrive\IDriveETray.exe
C:\Program Files\IDrive\IDriveEBackground.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\EasyPHP 3.0\EasyPHP.exe
C:\PROGRA~1\EASYPH~1.0\Apache\bin\apache.exe
C:\PROGRA~1\EASYPH~1.0\Apache\bin\apache.exe
C:\PROGRA~1\EASYPH~1.0\MySql\bin\mysqld.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.29.0\gears.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe
O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [57xxSteelVine] C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDrive\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.29.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.29.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberr...re/AxLoader.cab
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.bl...re/AxLoader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9888ffbf1372) (gupdate1c9888ffbf1372) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDrive\IDriveE Service.exe
O23 - Service: IDrivePlugin - Unknown owner - C:\Program Files\IDrive\IDrivePlugin.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe
O23 - Service: VMware Physical Disk Helper Service - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmacthlp.exe

--
End of file - 8101 bytes


Thanks!
  • 0

Advertisements

#2
kahdah
Posted 15 July 2009 - 12:44 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Sunny Dee

Welcome to G2Go. :)
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
Sunny Dee
Posted 15 July 2009 - 03:55 PM

Sunny Dee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL.Txt

OTL logfile created on: 7/15/2009 11:47:18 AM - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Chan\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 73.09% Memory free
3.31 Gb Paging File | 2.95 Gb Available in Paging File | 88.99% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.69 Gb Total Space | 30.44 Gb Free Space | 50.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHANMAC
Current User Name: Chan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\VMware\VMware Tools\vmacthlp.exe (VMware, Inc.)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\IRW.exe (Apple Inc.)
PRC - C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
PRC - C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)
PRC - C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe ()
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\UltraMon\UltraMonTaskbar.exe (Realtime Soft)
PRC - C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\AppleOSSMgr.exe ()
PRC - C:\WINDOWS\System32\AppleTimeSrv.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\Program Files\IDrive\IDriveE Service.exe (Pro Softnet Corporation)
PRC - C:\Program Files\IDrive\IDrivePlugin.exe ()
PRC - C:\Program Files\IDrive\IDriveETray.exe (Pro Softnet Corp.)
PRC - C:\Program Files\IDrive\IDriveEBackground.exe (Pro Softnet Corp.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\EasyPHP 3.0\EasyPHP.exe (EasyPHP)
PRC - C:\Program Files\EasyPHP 3.0\apache\bin\apache.exe (Apache Software Foundation)
PRC - C:\Program Files\EasyPHP 3.0\apache\bin\apache.exe (Apache Software Foundation)
PRC - C:\Program Files\EasyPHP 3.0\mysql\bin\mysqld.exe ()
PRC - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
PRC - C:\Documents and Settings\Chan\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (57xx SteelVine Manager [Auto | Running]) -- C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AppleOSSMgr [Auto | Running]) -- C:\WINDOWS\System32\AppleOSSMgr.exe ()
SRV - (AppleTimeSrv [Auto | Running]) -- C:\WINDOWS\System32\AppleTimeSrv.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CSIScanner [Auto | Running]) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c9888ffbf1372 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriveE Service [Auto | Running]) -- C:\Program Files\IDrive\IDriveE Service.exe (Pro Softnet Corporation)
SRV - (IDrivePlugin [Auto | Running]) -- C:\Program Files\IDrive\IDrivePlugin.exe ()
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (VMTools [Auto | Stopped]) -- C:\Program Files\VMware\VMware Tools\VMwareService.exe (VMware, Inc.)
SRV - (VMware Physical Disk Helper Service [Auto | Running]) -- C:\Program Files\VMware\VMware Tools\vmacthlp.exe (VMware, Inc.)

========== Driver Services (SafeList) ==========

DRV - (applebt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\applebt.sys (Apple Inc.)
DRV - (ASPI [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ASPI32.sys (Adaptec)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BCM43XX [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (BthKicker [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\BthKicker.sys (Apple Inc.)
DRV - (DgiVecp [Auto | Stopped]) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys (Samsung Electronics Co., Ltd.)
DRV - (es1371 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (EuMusDesignVirtualAudioCableWdm_s2x [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vacs2xkd.sys (Eugene V. Muzychenko)
DRV - (gameenum [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (hgfs [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\hgfs.sys (VMware, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (IRRemoteFlt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IRFilter.sys (Apple Inc.)
DRV - (KeyAgent [Auto | Running]) -- C:\WINDOWS\System32\drivers\KeyAgent.sys (Apple Inc.)
DRV - (KeyMagic [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\KeyMagic.sys (Apple Inc.)
DRV - (MacHALDriver [Auto | Running]) -- C:\WINDOWS\System32\drivers\MacHALDriver.sys (Apple Inc.)
DRV - (PCnet [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pcntpci5.sys (AMD Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pxscan [Boot | Running]) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)
DRV - (pxsec [Boot | Running]) -- C:\WINDOWS\System32\drivers\pxsec.sys (Prevx)
DRV - (RimUsb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()
DRV - (UltraMonMirror [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\UltraMonMirror.sys (Realtime Soft)
DRV - (UltraMonUtility [Auto | Running]) -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys (Realtime Soft)
DRV - (USBAAPL [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (VMMEMCTL [Auto | Running]) -- C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys (VMware, Inc.)
DRV - (vmmouse [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vmmouse.sys (VMware, Inc.)
DRV - (vmscsi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys (VMware, Inc.)
DRV - (vmxnet [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vmxnet.sys (VMware, Inc.)
DRV - (vmx_svga [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vmx_svga.sys (VMware, Inc.)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {135CFDA1-9F10-4731-8B12-D123A4DEB976}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}:5.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.29.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2008/12/10 18:27:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/07/14 10:53:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/04/01 16:37:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/04/01 16:37:14 | 00,000,000 | ---D | M]

[2008/07/12 19:01:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chan\Application Data\mozilla\Extensions
[2008/07/12 19:01:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/01 07:51:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chan\Application Data\mozilla\Firefox\Profiles\3fpmcklp.default\extensions
[2009/03/19 09:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chan\Application Data\mozilla\Firefox\Profiles\3fpmcklp.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/04/19 11:32:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/19 11:32:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{135CFDA1-9F10-4731-8B12-D123A4DEB976}
[2009/04/01 10:10:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/14 00:17:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
[2008/02/04 00:10:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2009/04/01 10:10:44 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/01 10:10:44 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/06 13:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/04/01 10:10:45 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/02/04 14:15:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/02/04 14:15:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/02/04 14:15:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/02/04 14:15:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/02/04 14:15:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/02/04 14:15:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/02/04 14:15:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/11/20 17:52:00 | 02,884,992 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2008/12/10 01:31:29 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/10 01:31:29 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/10 01:31:29 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/13 11:30:58 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/10 01:31:29 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/10 01:31:29 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/10 01:31:29 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.29.0\gears.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [57xxSteelVine] C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IRW] C:\WINDOWS\System32\IRW.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [UltraMon] C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)
O4 - HKLM..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe (VMware, Inc.)
O4 - HKLM..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe (VMware, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IDriveE Startup] C:\Program Files\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Chan\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ExSearchOptions = 105433
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.29.0\gears.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberr...re/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_16)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/02 21:47:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/15 11:45:18 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chan\Desktop\OTL.exe
[2009/07/15 11:19:08 | 00,192,506 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\admob-mobile-metrics-march-09.pdf
[2009/07/15 11:18:56 | 00,249,521 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\admob-mobile-metrics-april-09.pdf
[2009/07/15 11:04:39 | 00,568,203 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\QxMD Phone Comparison.pptx
[2009/07/15 10:01:32 | 03,761,849 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\Rim Apps(2).zip
[2009/07/14 17:10:36 | 00,685,904 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\QxMD Medical Software Technical.pptx
[2009/07/14 11:30:07 | 01,182,056 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\QxMD Medical Software.pptx
[2009/07/14 10:53:52 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/14 10:53:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chan\Local Settings\Application Data\Temp
[2009/07/11 16:44:12 | 00,001,445 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\backButton.png
[2009/07/11 16:42:16 | 00,001,130 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\darkCancelButton.png
[2009/07/11 16:42:07 | 00,001,080 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\lightCancelButton.png
[2009/07/11 16:39:43 | 00,001,469 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\saveButton.png
[2009/07/11 16:33:10 | 00,004,096 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\._Picture 1.png
[2009/07/11 16:32:30 | 00,022,517 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\Picture 1.png
[2009/07/08 12:44:42 | 12,296,5176 | ---- | C] (Research In Motion) -- C:\Documents and Settings\Chan\Desktop\BlackBerry_JDE_4.3.0.exe
[2009/07/08 10:48:50 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/08 10:48:49 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/08 10:39:49 | 87,215,737 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\4.7.1.40.simpackage.fledge_niagara.zip
[2009/07/08 10:32:44 | 00,004,096 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\._ECGs new July 08
[2009/07/07 21:22:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chan\Desktop\ECGs new July 08
[2009/06/26 18:31:56 | 00,002,944 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\ParticleBlack.png
[2009/06/26 18:26:38 | 00,004,904 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\ParticleWhite.png
[2009/06/26 18:22:05 | 00,002,176 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\Particle.png
[2009/06/25 10:08:43 | 00,000,599 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\Shortcut to www.lnk
[2009/06/17 19:16:50 | 00,018,627 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\Software Development Process.docx
[2009/06/15 23:08:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chan\Desktop\ecg guide html images
[2009/04/28 14:48:26 | 00,000,047 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/18 20:02:11 | 00,111,104 | ---- | C] () -- C:\WINDOWS\System32\Nviewlib.dll
[2009/04/18 20:02:11 | 00,107,008 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009/04/18 20:02:11 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009/04/18 20:02:11 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2009/04/18 20:02:11 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\vcedit.dll
[2009/04/18 20:02:11 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2009/04/18 20:02:11 | 00,000,887 | ---- | C] () -- C:\WINDOWS\CDMaster.ini
[2009/04/18 20:02:10 | 00,144,384 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/02/24 11:27:41 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/02/17 09:55:37 | 00,022,723 | ---- | C] () -- C:\WINDOWS\System32\ssp1ml3.dll
[2008/06/12 22:46:19 | 00,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/07/27 05:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2007/07/27 05:00:00 | 00,000,710 | ---- | C] () -- C:\WINDOWS\win.ini
[2007/07/27 05:00:00 | 00,000,325 | ---- | C] () -- C:\WINDOWS\System32\ntnet.drv
[2007/07/27 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/07/15 16:49:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/15 16:49:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/15 16:49:27 | 21,288,30464 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/15 11:45:23 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chan\Desktop\OTL.exe
[2009/07/15 11:26:16 | 00,685,904 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\QxMD Medical Software Technical.pptx
[2009/07/15 11:19:08 | 00,192,506 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\admob-mobile-metrics-march-09.pdf
[2009/07/15 11:18:56 | 00,249,521 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\admob-mobile-metrics-april-09.pdf
[2009/07/15 11:04:39 | 00,568,203 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\QxMD Phone Comparison.pptx
[2009/07/15 10:53:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/15 10:53:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/15 10:09:40 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/07/15 10:01:35 | 03,761,849 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\Rim Apps(2).zip
[2009/07/15 09:54:12 | 00,435,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/15 09:54:12 | 00,068,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/15 09:54:11 | 00,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/14 17:11:13 | 01,182,056 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\QxMD Medical Software.pptx
[2009/07/14 17:06:21 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 10:11:25 | 00,006,148 | ---- | M] () -- C:\.DS_Store
[2009/07/11 16:44:12 | 00,001,445 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\backButton.png
[2009/07/11 16:42:16 | 00,001,130 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\darkCancelButton.png
[2009/07/11 16:42:07 | 00,001,080 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\lightCancelButton.png
[2009/07/11 16:39:43 | 00,001,469 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\saveButton.png
[2009/07/11 16:33:10 | 00,004,096 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\._Picture 1.png
[2009/07/11 16:32:30 | 00,022,517 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\Picture 1.png
[2009/07/08 12:47:50 | 12,296,5176 | ---- | M] (Research In Motion) -- C:\Documents and Settings\Chan\Desktop\BlackBerry_JDE_4.3.0.exe
[2009/07/08 10:42:03 | 87,215,737 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\4.7.1.40.simpackage.fledge_niagara.zip
[2009/07/08 10:32:47 | 00,006,148 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\.DS_Store
[2009/07/08 10:32:44 | 00,004,096 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\._ECGs new July 08
[2009/06/26 18:31:56 | 00,002,944 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\ParticleBlack.png
[2009/06/26 18:26:38 | 00,004,904 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\ParticleWhite.png
[2009/06/26 18:22:06 | 00,002,176 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\Particle.png
[2009/06/25 10:08:43 | 00,000,599 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\Shortcut to www.lnk
[2009/06/17 20:34:28 | 00,018,627 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\Software Development Process.docx
[2009/06/17 17:16:35 | 00,046,385 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\Downloads.xlsx

========== LOP Check ==========

[2009/04/28 14:48:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/02/04 14:16:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/02/15 08:21:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM
[2009/04/18 20:37:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2008/02/14 00:57:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/04/13 10:40:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/07/08 13:03:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/04/26 15:02:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/04/19 11:31:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Chan\Application Data
[2009/04/18 20:36:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chan\Application Data\AVS4YOU
[2009/04/28 15:03:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chan\Application Data\Azureus
[2008/04/05 09:18:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chan\Application Data\MSNInstaller
[2009/03/19 10:55:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chan\Application Data\Notepad++
[2009/07/14 13:09:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chan\Application Data\OpenOffice.org2
[2008/10/12 10:49:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chan\Application Data\Research In Motion
[2009/04/19 11:31:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chan\Application Data\Softplicity
[2007/07/27 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/15 10:53:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/07/15 10:53:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/07/15 16:49:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >


-------------------------------------------------

Extras.Txt

OTL Extras logfile created on: 7/15/2009 11:47:18 AM - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Chan\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 73.09% Memory free
3.31 Gb Paging File | 2.95 Gb Available in Paging File | 88.99% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.69 Gb Total Space | 30.44 Gb Free Space | 50.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHANMAC
Current User Name: Chan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
C:\Program Files\Research In Motion\BlackBerry JDE 4.0\bin\fledge.exe:*:Enabled:fledge File not found
C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32 (RealVNC Ltd.)
C:\j2sdk1.4.2_16\bin\javaw.exe:*:Enabled:javaw File not found
C:\Program Files\Java\jdk1.6.0_04\bin\javaw.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
C:\Program Files\Java\jdk1.5.0_14\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary (Sun Microsystems, Inc.)
C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus (Azureus Inc)
C:\Program Files\Research In Motion\BlackBerry JDE 4.0.2\bin\fledge.exe:*:Enabled:BlackBerry Handheld Simulator (Research In Motion Limited)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Research In Motion\BlackBerry Device Simulators 4.2.2\4.2.2.163 (8310-Rogers)\fledge.exe:*:Enabled:BlackBerry Handheld Simulator (Research In Motion Limited)
C:\Program Files\Research In Motion\BlackBerry Device Simulators 4.2.1\4.2.1.96 (8100-ATT)\fledge.exe:*:Enabled:BlackBerry Handheld Simulator (Research In Motion Limited)
C:\Program Files\Research In Motion\BlackBerry JDE 4.2.0\simulator\fledge.exe:*:Enabled:BlackBerry Handheld Simulator (Research In Motion Limited)
C:\Program Files\Java\jdk1.5.0_14\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary (Sun Microsystems, Inc.)
C:\Documents and Settings\Chan\Desktop\RIM ARCHIVE\RIM Simulators\bold\fledge.exe:*:Enabled:BlackBerry Handheld Simulator (Research In Motion Limited)
C:\Program Files\Research In Motion\BlackBerry Smartphone Simulators 4.3.0\4.3.0.124 (8330)\fledge.exe:*:Enabled:BlackBerry Handheld Simulator (Research In Motion Limited)
C:\Program Files\Research In Motion\BlackBerry Smartphone Simulators 4.7.0\4.7.0.41 (9530)\fledge.exe:*:Enabled:BlackBerry Handheld Simulator (Research In Motion Limited)
C:\Program Files\Research In Motion\BlackBerry Smartphone Simulators 4.6.0\4.6.0.190 (9000)\fledge.exe:*:Enabled:BlackBerry Handheld Simulator (Research In Motion Limited)
C:\Program Files\Research In Motion\BlackBerry JDE 4.6.1\simulator\fledge.exe:*:Enabled:BlackBerry Handheld Simulator (Research In Motion Limited)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Research In Motion\BlackBerry Smartphone Simulators 4.7.0\4.7.0.75 (9530-Verizon)\fledge.exe:*:Enabled:BlackBerry Handheld Simulator (Research In Motion Limited)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Research In Motion\BlackBerry JDE 4.7.0\simulator\fledge.exe:*:Enabled:BlackBerry Handheld Simulator (Research In Motion Limited)
C:\Program Files\EasyPHP 3.0\mysql\bin\mysqld.exe:*:Enabled:mysqld ()
C:\Documents and Settings\Chan\Desktop\niagra sim\fledge.exe:*:Enabled:BlackBerry Handheld Simulator File not found
C:\Program Files\Research In Motion\BlackBerry JDE 4.3.0\simulator\fledge.exe:*:Enabled:BlackBerry Handheld Simulator (Research In Motion Limited)
C:\Program Files\Research In Motion\BlackBerry JDE 4.3.0\niagra simulator\fledge.exe:*:Enabled:BlackBerry Handheld Simulator (Research In Motion Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034E061B-B3A3-4123-842E-10C1B6B3C8C7}" = BlackBerry Desktop Software 4.7
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{17B9371B-E0A5-4503-B3F8-227F2B71BB2D}" = BlackBerry Smartphone Simulators 4.7.0.41 (9530)
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{217B6086-F978-4C99-9FF5-F0DD9B8E9FAF}" = BlackBerry Device Simulators 4.2.2.163 (8310-Rogers)
"{24133301-751A-4B52-88AB-B7495A3763E7}" = BlackBerry Java Development Environment 4.0.2
"{255050EF-7FE6-43D8-B93C-3323C3835598}" = BlackBerry JDE 4.6.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{32A3A4F4-B792-11D6-A78A-00B0D0150140}" = J2SE Development Kit 5.0 Update 14
"{32A3A4F4-B792-11D6-A78A-00B0D0160040}" = Java™ SE Development Kit 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CAF94-3086-4969-A1B1-43A9F5D1D677}" = BlackBerry Device Software v4.6.1 for the BlackBerry 8520 smartphone
"{3B410500-1802-488E-9EF1-4B11992E0440}" = VMware Tools
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4B44DABB-CF3B-46EA-8E2B-23A754D02647}" = BlackBerry Smartphone Simulators 4.6.0.190 (9000)
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{5022AA3F-26CB-4B07-AEBD-419D6DAB002B}" = 57xx SteelVine
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C65C8BB-B975-44D4-A8F5-61129CDDF4C3}" = BlackBerry Email and MDS Services Simulators 4.1.2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142160}" = Java 2 Runtime Environment, SE v1.4.2_16
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81DCEC2B-E069-4985-978B-3230292AB744}" = NTI Shadow
"{83AC2F9F-495B-4119-ABB8-507BF0456EC9}" = BlackBerry Device Simulators 4.2.1.96 (8100-ATT)
"{87B0CC92-9E8E-42E1-85E5-49BCE3C1012C}" = BlackBerry JDE 4.3.0
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8BF340E6-1A28-47DD-913A-07E1B16E38AD}" = BlackBerry Device Software v4.6.1 for the BlackBerry 8900 smartphone
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{993A94A9-DCE3-4774-B35D-D8C74FC1E0BE}" = Royale Remixed Theme
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A177EBE2-10B5-440E-80EB-6D9AFEBED650}" = BlackBerry Smartphone Simulators 4.3.0.124 (8330)
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A80B8B18-D9ED-4CEC-A50F-9D390251A836}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8820 smartphone
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF2F6CF8-5A5E-3EB3-BCCC-3777D6A7A79D}" = Google Gears
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B784FE9A-B271-4A93-AD97-E0C50190AEB7}" = BlackBerry JDE 4.2.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA2898D6-6270-4B00-AA32-4E82867973CF}" = BlackBerry Smartphone Simulators 4.7.0.75 (9530-Verizon)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E67FF1A2-23C1-4102-84E9-42115F77AD32}" = UltraMon
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E45628-1218-4865-A516-8E8A54272ADC}" = Boot Camp Services
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F508F0F9-0D16-4472-A0E3-F2A4A9C81C6F}" = BlackBerry Device Software v4.6.1 for the BlackBerry 8900 smartphone
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{FA38652E-98FB-4095-9ACB-44E82C965C20}" = BlackBerry JDE 4.7.0
"059BF941BA77F24DED9444B45BB0DAA5353F86EB" = Windows Driver Package - Apple Inc. System (06/21/2007 2.0.0.0)
"0936416DB5978E29D553FACF9DD6F3EFBA1929DA" = Windows Driver Package - Apple Inc. Apple Trackpad (08/28/2007 2.0.1.4)
"0EEF0136F93FA6C5AB723AADEA61FF550D8C60FB" = Windows Driver Package - Broadcom (BCM43XX) Net (01/08/2007 4.80.75.0)
"181B29655BDD6EA3FC483A7E4D1C2ED7735873F0" = Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4)
"18BB9B0552BA675902E31409A34F929D9C9AD56C" = Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)
"4Musics MP3 Bitrate Changer 5.0_is1" = 4Musics MP3 Bitrate Changer 5.0
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"6784A318842714811EC3F8409C3C0F7983B90972" = Windows Driver Package - Apple Inc. Apple Built-in iSight (04/09/2007 1.3.0.0)
"6AB59209597E0F6B986EC8E976521FDF0A696C9D" = Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)
"6AEF368351694A266BAB82596EEA968C73E8FC87" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (08/28/2007 2.0.1.4)
"80087CDF19A4CE2FBB535E7DC99A0E50FFA25589" = Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)
"850625E38080EAF5C2644C07A2510A394019973D" = Windows Driver Package - Apple Inc. (applebt) Bluetooth (06/27/2007 2.0.0.1)
"9B19F92D5E3730EA8D0788B248741F6CC2633DBE" = Windows Driver Package - Apple Inc. Apple IR Receiver (07/16/2007 2.0.0.1)
"Active@ ISO Burner v 1.1" = Active@ ISO Burner v 1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"All ATI Software" = ATI - Software Uninstall Utility
"Alt WAV MP3 WMA OGG Converter 7.2 Shareware_is1" = Alt WAV MP3 WMA OGG Converter 7.2
"ATI Display Driver" = ATI Display Driver
"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Azureus Vuze" = Azureus Vuze
"BlackBerry_{034E061B-B3A3-4123-842E-10C1B6B3C8C7}" = BlackBerry Desktop Software 4.7
"Bridge Building Game" = Bridge Building Game
"CDMaster32" = CDMaster32
"CE031DF97C704035E8B6E570362ABD337ACA4BA5" = Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)
"D66D0ACEFE4E32CCDF30362ACBB3EAEFB97E9FDE" = Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"IDrive_is1" = IDrive version 2.2.0 June 12 2008
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSNINST" = MSN
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PCSI" = Prevx 3.0
"PowerGREP 3" = JGsoft PowerGREP 3 DEMO 3.5.2
"PowerISO" = PowerISO
"RealVNC_is1" = VNC Free Edition 4.1.2
"Samsung ML-2240 Series" = Samsung ML-2240 Series
"Total Audio Converter_is1" = TotalAudioConverter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/2/2009 4:33:36 PM | Computer Name = CHANMAC | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 4.7.0.32, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/8/2009 1:23:22 PM | Computer Name = CHANMAC | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/18/2009 11:34:43 PM | Computer Name = CHANMAC | Source = Application Hang | ID = 1002
Description = Hanging application mp3-mp3.exe, version 5.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/18/2009 11:35:00 PM | Computer Name = CHANMAC | Source = Application Hang | ID = 1002
Description = Hanging application CDMaster32.exe, version 6.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/19/2009 1:57:13 PM | Computer Name = CHANMAC | Source = Application Error | ID = 1000
Description = Faulting application audioenc.exe, version 2.1.69.114, faulting module
imacf.dll, version 1.1.0.1112, fault address 0x00010f80.

Error - 4/19/2009 1:59:55 PM | Computer Name = CHANMAC | Source = Application Error | ID = 1000
Description = Faulting application audioenc.exe, version 2.1.69.114, faulting module
imacf.dll, version 1.1.0.1112, fault address 0x00012577.

Error - 4/28/2009 5:53:41 PM | Computer Name = CHANMAC | Source = Application Hang | ID = 1002
Description = Hanging application Azureus.exe, version 3.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/30/2009 12:26:53 AM | Computer Name = CHANMAC | Source = Google Update | ID = 20
Description =

Error - 4/30/2009 1:38:34 AM | Computer Name = CHANMAC | Source = Application Hang | ID = 1002
Description = Hanging application AudioConverter.exe, version 2.6.1.6, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/8/2009 5:21:08 PM | Computer Name = CHANMAC | Source = Application Error | ID = 1000
Description = Faulting application bbdevmgr.exe, version 4.1.0.11, faulting module
bbdevmgr.exe, version 4.1.0.11, fault address 0x00001254.

[ System Events ]
Error - 7/11/2009 7:34:45 PM | Computer Name = CHANMAC | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 7/11/2009 7:34:45 PM | Computer Name = CHANMAC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the VMware Tools Service
service to connect.

Error - 7/14/2009 1:06:36 PM | Computer Name = CHANMAC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 7/14/2009 1:06:36 PM | Computer Name = CHANMAC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 7/14/2009 1:06:36 PM | Computer Name = CHANMAC | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 7/14/2009 1:06:36 PM | Computer Name = CHANMAC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the VMware Tools Service
service to connect.

Error - 7/15/2009 12:49:46 PM | Computer Name = CHANMAC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 7/15/2009 12:49:46 PM | Computer Name = CHANMAC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 7/15/2009 12:49:46 PM | Computer Name = CHANMAC | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 7/15/2009 12:49:46 PM | Computer Name = CHANMAC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the VMware Tools Service
service to connect.


< End of report >


-------------------------------------------------

Results.log

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-15 14:51:28
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT pxsec.sys (Prevx Realtime Analysis/Prevx) ZwTerminateProcess [0xBA12A680]

INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B953B541
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B953B5E7

---- Devices - GMER 1.0.15 ----

Device \Driver\BTHUSB \Device\000000a1 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000a3 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001e52eb38bc
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae@imagepath \systemroot\system32\drivers\ovfsthforluqexedqoljnlfdkvraoevlhlodvb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae@inst 0
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main@ver icv060409
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main@cid 01
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main@bid 2087390783-1993962763-1450960922-682003330
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main@aid 303617
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main@sid 203
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main@feed 0x22 0x64 0x78 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main@cmddelay 28801
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main\delete
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main\ff
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main\ff@extension \\?\C:\Program Files\Mozilla Firefox\extensions\{135CFDA1-9F10-4731-8B12-D123A4DEB976}
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main\ff@version 1
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main\injector
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main\[email protected] ovfsthwi.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main\[email protected] ovfsthff.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main\tasks
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main\tasks\0000000004
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main\tasks\0000000004@fn (null)
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main\tasks\0000000004@url http://212.117.188.1.../lmppcsetup.exe
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main\tasks\0000000004@timeout 900
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main\tasks\0000000004@type 0
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\main\tasks\0000000004@count 8
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\modules
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\[email protected] \systemroot\system32\drivers\ovfsthforluqexedqoljnlfdkvraoevlhlodvb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\[email protected] \systemroot\system32\ovfsthpwqbmkgmskoqbrmoyeofcxubhcnkjrxv.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\[email protected] \systemroot\system32\ovfsthkotarjiegogkpvuxqtwsrrmfshthkxlf.dat
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\[email protected] \systemroot\system32\ovfsthamfnwapiwxjdkoishpvslxsperdjesiw.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\[email protected] \systemroot\system32\ovfsthofnypjpymtxdgpmwqsuoplwaqofgjboq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthjvrgwpfnxttohwwtuklyidfrfrxjibae\[email protected] \systemroot\system32\ovfsthfhwbtbwwuqkdbjtjnpfvmfsaqtoposoy.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e52eb38bc

---- EOF - GMER 1.0.15 ----
  • 0

#4
kahdah
Posted 16 July 2009 - 05:27 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
Sunny Dee
Posted 16 July 2009 - 12:55 PM

Sunny Dee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ComboFix 09-07-14.08 - Chan 07/16/2009 11:48.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2030.1547 [GMT -7:00]
Running from: c:\documents and settings\Chan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{135CFDA1-9F10-4731-8B12-D123A4DEB976}
c:\program files\Mozilla Firefox\extensions\{135CFDA1-9F10-4731-8B12-D123A4DEB976}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{135CFDA1-9F10-4731-8B12-D123A4DEB976}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{135CFDA1-9F10-4731-8B12-D123A4DEB976}\install.rdf
C:\rapc.exe
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\ntnet.drv
c:\windows\system32\SelfDel.bat
c:\windows\system32\test.ttt
c:\windows\system32\uniq.tll

.
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-15 18:49 . 2009-07-15 18:54 286208 ----a-w- C:\i4bngpmt.exe
2009-07-14 17:53 . 2009-07-14 17:53 -------- d-----w- c:\documents and settings\Chan\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 18:43 . 2008-06-13 05:46 -------- d-----w- c:\program files\IDrive
2009-07-16 18:43 . 2008-02-13 04:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-07-15 23:49 . 2008-02-13 04:43 -------- d-----w- c:\documents and settings\Chan\Application Data\VMware
2009-07-15 17:09 . 2008-10-12 17:49 256 ----a-w- c:\windows\system32\pool.bin
2009-07-14 20:09 . 2008-06-14 05:04 1 ----a-w- c:\documents and settings\Chan\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-07-14 20:09 . 2008-06-14 05:03 -------- d-----w- c:\documents and settings\Chan\Application Data\OpenOffice.org2
2009-07-14 17:53 . 2009-02-06 19:13 -------- d-----w- c:\program files\Google
2009-07-14 17:07 . 2009-01-28 07:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 17:07 . 2009-04-28 20:42 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-13 20:36 . 2009-01-28 07:25 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2009-01-28 07:25 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-08 20:03 . 2009-04-28 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-07-08 19:59 . 2008-02-14 08:10 -------- d-----w- c:\program files\Research In Motion
2009-06-14 01:15 . 2009-06-14 01:15 26694 ----a-r- c:\documents and settings\Chan\Application Data\Microsoft\Installer\{8BF340E6-1A28-47DD-913A-07E1B16E38AD}\BlackBerry.exe
2009-06-11 22:12 . 2009-06-11 22:12 26694 ----a-r- c:\documents and settings\Chan\Application Data\Microsoft\Installer\{359CAF94-3086-4969-A1B1-43A9F5D1D677}\BlackBerry.exe
2009-06-11 22:12 . 2008-04-09 00:59 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-05-01 04:39 . 2009-04-28 21:48 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-05-01 04:39 . 2009-04-28 21:48 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-05-01 04:39 . 2009-05-01 04:39 787000 ----a-w- c:\documents and settings\All Users\Application Data\PrevxCSI\~PrevxCSIUpdate.exe
2009-04-21 21:27 . 2008-02-03 05:28 50808 ----a-w- c:\documents and settings\Chan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-21 21:26 . 2009-04-21 21:27 10744384 ----a-w- c:\windows\Fonts\wts47.ttf
2009-04-17 19:09 . 2009-04-17 19:10 8456040 ----a-w- c:\windows\Fonts\wt021.ttf
2009-04-17 19:04 . 2009-04-17 19:06 3621492 ----a-w- c:\windows\Fonts\wtcc15.ttf
2009-04-01 17:10 . 2008-07-13 02:01 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2008-05-16 87504]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-07-27 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IRW"="c:\windows\system32\IRW.exe" [2007-10-09 147456]
"Apple_KbdMgr"="c:\program files\Boot Camp\KbdMgr.exe" [2007-10-09 419120]
"VMware Tools"="c:\program files\VMware\VMware Tools\VMwareTray.exe" [2008-01-17 117296]
"VMware User Process"="c:\program files\VMware\VMware Tools\VMwareUser.exe" [2008-01-17 375344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-13 304640]
"57xxSteelVine"="c:\program files\Silicon Image\57xx SteelVine\SteelVineManager.exe" [2008-01-22 1761280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-09-03 536576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2007-07-27 110592]

c:\documents and settings\Chan\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2008-6-12 153040]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ExSearchOptions"= 105433 (0x19bd9)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.sys

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_04\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_14\\bin\\javaw.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry JDE 4.0.2\\bin\\fledge.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Device Simulators 4.2.2\\4.2.2.163 (8310-Rogers)\\fledge.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Device Simulators 4.2.1\\4.2.1.96 (8100-ATT)\\fledge.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry JDE 4.2.0\\simulator\\fledge.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_14\\bin\\java.exe"=
"c:\\Documents and Settings\\Chan\\Desktop\\RIM ARCHIVE\\RIM Simulators\\bold\\fledge.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 4.3.0\\4.3.0.124 (8330)\\fledge.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 4.7.0\\4.7.0.41 (9530)\\fledge.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 4.6.0\\4.6.0.190 (9000)\\fledge.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry JDE 4.6.1\\simulator\\fledge.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 4.7.0\\4.7.0.75 (9530-Verizon)\\fledge.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Research In Motion\\BlackBerry JDE 4.7.0\\simulator\\fledge.exe"=
"c:\\Program Files\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry JDE 4.3.0\\simulator\\fledge.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry JDE 4.3.0\\niagra simulator\\fledge.exe"=

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [4/28/2009 2:48 PM 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [4/28/2009 2:48 PM 27656]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2/12/2008 6:29 PM 17968]
R2 57xx SteelVine Manager;57xx SteelVine;c:\program files\Silicon Image\57xx SteelVine\SteelVine.exe [1/22/2008 12:28 PM 1310720]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [10/8/2007 11:04 PM 140592]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [10/8/2007 11:05 PM 99632]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [4/28/2009 2:48 PM 4368952]
R2 hgfs;hgfs;c:\windows\system32\drivers\hgfs.sys [2/12/2008 6:29 PM 103088]
R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [6/12/2008 10:46 PM 128464]
R2 IDrivePlugin;IDrivePlugin;c:\program files\IDrive\IDrivePlugin.exe [6/12/2008 10:46 PM 189904]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [10/8/2007 9:56 PM 4864]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [10/8/2007 9:56 PM 6528]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [9/24/2006 9:22 PM 11776]
R2 VMMEMCTL;VMware server memory controller;c:\program files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys [1/16/2008 9:03 PM 15408]
R2 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service;c:\program files\VMware\VMware Tools\vmacthlp.exe [1/16/2008 9:03 PM 182832]
R3 applebt;Apple Built-in Bluetooth;c:\windows\system32\drivers\applebt.sys [2/2/2008 10:02 PM 8064]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\drivers\vacs2xkd.sys [4/18/2009 8:24 PM 42880]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [2/2/2008 10:05 PM 16512]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [9/24/2006 9:23 PM 3584]
S2 gupdate1c9888ffbf1372;Google Update Service (gupdate1c9888ffbf1372);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2009 12:13 PM 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S2 VMTools;VMware Tools Service;c:\program files\VMware\VMware Tools\VMwareService.exe [1/16/2008 9:03 PM 272944]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [4/18/2009 7:41 PM 16512]
S3 BthKicker;Apple Bluetooth Device Driver;c:\windows\system32\drivers\BthKicker.sys [2/2/2008 10:04 PM 7424]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [2/2/2008 10:05 PM 17920]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2/12/2008 6:29 PM 11696]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2/4/2008 1:05 AM 62768]
S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [2/12/2008 6:29 PM 36016]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 19:13]

2009-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 19:13]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\Chan\Application Data\Mozilla\Firefox\Profiles\3fpmcklp.default\
FF - component: c:\documents and settings\Chan\Application Data\Mozilla\Firefox\Profiles\3fpmcklp.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 11:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-16 11:54
ComboFix-quarantined-files.txt 2009-07-16 18:54

Pre-Run: 32,577,421,312 bytes free
Post-Run: 32,924,311,552 bytes free

174
  • 0

#6
kahdah
Posted 17 July 2009 - 04:39 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

#7
Sunny Dee
Posted 17 July 2009 - 11:45 PM

Sunny Dee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
MBAB

Malwarebytes' Anti-Malware 1.39
Database version: 2452
Windows 5.1.2600 Service Pack 2

7/17/2009 10:37:55 PM
mbam-log-2009-07-17 (22-37-55).txt

Scan type: Full Scan (C:\|)
Objects scanned: 223738
Time elapsed: 32 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\WinRAR\Default.SFX (Spyware.Banker) -> Quarantined and deleted successfully.
c:\system volume information\_restore{88a7c547-5494-49dc-ac4c-59709be2d1f0}\RP3\A0000253.exe (Trojan.Dropper) -> Quarantined and deleted successfully.


----------------------------------


OTL

OTL logfile created on: 7/17/2009 10:41:40 PM - Run 2
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Chan\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.69% Memory free
3.31 Gb Paging File | 3.04 Gb Available in Paging File | 91.79% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.69 Gb Total Space | 29.44 Gb Free Space | 48.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHANMAC
Current User Name: Chan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\VMware\VMware Tools\vmacthlp.exe (VMware, Inc.)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\IRW.exe (Apple Inc.)
PRC - C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)
PRC - C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe ()
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\UltraMon\UltraMonTaskbar.exe (Realtime Soft)
PRC - C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\AppleOSSMgr.exe ()
PRC - C:\WINDOWS\System32\AppleTimeSrv.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\Program Files\IDrive\IDriveE Service.exe (Pro Softnet Corporation)
PRC - C:\Program Files\IDrive\IDrivePlugin.exe ()
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\IDrive\IDriveETray.exe (Pro Softnet Corp.)
PRC - C:\Program Files\IDrive\IDriveEBackground.exe (Pro Softnet Corp.)
PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\Documents and Settings\Chan\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (57xx SteelVine Manager [Auto | Running]) -- C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AppleOSSMgr [Auto | Running]) -- C:\WINDOWS\System32\AppleOSSMgr.exe ()
SRV - (AppleTimeSrv [Auto | Running]) -- C:\WINDOWS\System32\AppleTimeSrv.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CSIScanner [Auto | Running]) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c9888ffbf1372 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriveE Service [Auto | Running]) -- C:\Program Files\IDrive\IDriveE Service.exe (Pro Softnet Corporation)
SRV - (IDrivePlugin [Auto | Running]) -- C:\Program Files\IDrive\IDrivePlugin.exe ()
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (VMTools [Auto | Stopped]) -- C:\Program Files\VMware\VMware Tools\VMwareService.exe (VMware, Inc.)
SRV - (VMware Physical Disk Helper Service [Auto | Running]) -- C:\Program Files\VMware\VMware Tools\vmacthlp.exe (VMware, Inc.)

========== Driver Services (SafeList) ==========

DRV - (applebt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\applebt.sys (Apple Inc.)
DRV - (ASPI [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ASPI32.sys (Adaptec)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BCM43XX [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (BthKicker [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\BthKicker.sys (Apple Inc.)
DRV - (DgiVecp [Auto | Stopped]) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys (Samsung Electronics Co., Ltd.)
DRV - (es1371 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (EuMusDesignVirtualAudioCableWdm_s2x [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vacs2xkd.sys (Eugene V. Muzychenko)
DRV - (gameenum [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (hgfs [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\hgfs.sys (VMware, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (IRRemoteFlt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IRFilter.sys (Apple Inc.)
DRV - (KeyAgent [Auto | Running]) -- C:\WINDOWS\System32\drivers\KeyAgent.sys (Apple Inc.)
DRV - (KeyMagic [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\KeyMagic.sys (Apple Inc.)
DRV - (MacHALDriver [Auto | Running]) -- C:\WINDOWS\System32\drivers\MacHALDriver.sys (Apple Inc.)
DRV - (PCnet [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pcntpci5.sys (AMD Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pxscan [Boot | Running]) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)
DRV - (pxsec [Boot | Running]) -- C:\WINDOWS\System32\drivers\pxsec.sys (Prevx)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()
DRV - (UltraMonMirror [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\UltraMonMirror.sys (Realtime Soft)
DRV - (UltraMonUtility [Auto | Running]) -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys (Realtime Soft)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (VMMEMCTL [Auto | Running]) -- C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys (VMware, Inc.)
DRV - (vmmouse [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vmmouse.sys (VMware, Inc.)
DRV - (vmscsi [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys (VMware, Inc.)
DRV - (vmxnet [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vmxnet.sys (VMware, Inc.)
DRV - (vmx_svga [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vmx_svga.sys (VMware, Inc.)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}:5.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.29.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2008/12/10 18:27:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/07/17 20:55:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/04/01 16:37:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/04/01 16:37:14 | 00,000,000 | ---D | M]

[2008/07/12 19:01:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chan\Application Data\mozilla\Extensions
[2008/07/12 19:01:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/01 07:51:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chan\Application Data\mozilla\Firefox\Profiles\3fpmcklp.default\extensions
[2009/03/19 09:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chan\Application Data\mozilla\Firefox\Profiles\3fpmcklp.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/07/16 20:49:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/01 10:10:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/14 00:17:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
[2008/02/04 00:10:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2009/04/01 10:10:44 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/01 10:10:44 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/06 13:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/04/01 10:10:45 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/02/04 14:15:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/02/04 14:15:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/02/04 14:15:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/02/04 14:15:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/02/04 14:15:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/02/04 14:15:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/02/04 14:15:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/11/20 17:52:00 | 02,884,992 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2008/12/10 01:31:29 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/10 01:31:29 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/10 01:31:29 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/13 11:30:58 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/10 01:31:29 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/10 01:31:29 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/10 01:31:29 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [57xxSteelVine] C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IRW] C:\WINDOWS\System32\IRW.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [UltraMon] C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)
O4 - HKLM..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe (VMware, Inc.)
O4 - HKLM..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe (VMware, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IDriveE Startup] C:\Program Files\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Chan\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ExSearchOptions = 105433
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberr...re/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_16)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/02 21:47:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/07/17 14:38:25 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2009/07/17 14:38:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2009/07/17 14:36:31 | 00,234,045 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\TrekBuddy-54788.jar
[2009/07/17 14:17:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chan\Desktop\BBM_4.6.1
[2009/07/17 14:17:08 | 01,175,166 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\BBM_4.6.1.zip
[2009/07/16 21:07:41 | 00,183,200 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\CardioDownloads.jpg
[2009/07/16 21:07:16 | 00,177,061 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\NephDownloads.jpg
[2009/07/16 21:07:01 | 00,142,839 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\GIDownloads.jpg
[2009/07/16 21:06:45 | 00,170,213 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\HemeDownloads.jpg
[2009/07/16 21:06:31 | 00,119,893 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\pregDownloads.jpg
[2009/07/16 21:06:16 | 00,160,700 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\ecgDownloads.jpg
[2009/07/16 11:54:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/07/16 11:53:27 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/16 11:53:27 | 00,983,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/16 11:53:27 | 00,924,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/16 11:53:27 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/16 11:53:27 | 00,611,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/16 11:53:27 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/16 11:53:27 | 00,395,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/16 11:53:27 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/16 11:53:27 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/07/16 11:53:27 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/16 11:53:27 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/16 11:53:27 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/07/16 11:53:27 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/07/16 11:53:27 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/16 11:53:27 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/16 11:53:27 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/16 11:53:27 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/16 11:53:27 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/16 11:53:27 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/16 11:53:27 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/16 11:53:27 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/07/16 11:53:27 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/16 11:53:27 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/07/16 11:53:27 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/07/16 11:53:26 | 02,148,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/16 11:53:26 | 02,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/16 11:53:26 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/16 11:53:26 | 00,914,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/16 11:53:26 | 00,577,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/16 11:53:26 | 00,506,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/16 11:53:26 | 00,359,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/16 11:53:26 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/16 11:53:26 | 00,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/16 11:53:26 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/16 11:53:26 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/16 11:53:26 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/16 11:53:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/16 11:48:25 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/07/16 11:46:53 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/07/16 11:46:52 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/07/16 11:46:49 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/07/16 11:45:44 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/16 11:45:44 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/16 11:45:44 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/16 11:45:44 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/16 11:45:44 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/16 11:45:44 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/16 11:45:44 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/16 11:45:44 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/16 11:45:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/16 11:45:37 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/16 11:45:15 | 03,137,363 | R--- | C] () -- C:\Documents and Settings\Chan\Desktop\ComboFix.exe
[2009/07/15 15:47:29 | 00,137,379 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\downloads.jpg
[2009/07/15 11:49:05 | 00,286,208 | ---- | C] () -- C:\i4bngpmt.exe
[2009/07/15 11:45:18 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chan\Desktop\OTL.exe
[2009/07/15 11:19:08 | 00,192,506 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\admob-mobile-metrics-march-09.pdf
[2009/07/15 11:18:56 | 00,249,521 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\admob-mobile-metrics-april-09.pdf
[2009/07/15 11:04:39 | 00,568,203 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\QxMD Phone Comparison.pptx
[2009/07/15 10:01:32 | 03,761,849 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\Rim Apps(2).zip
[2009/07/14 17:10:36 | 00,676,979 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\QxMD Medical Software Technical.pptx
[2009/07/14 11:30:07 | 04,115,114 | ---- | C] () -- C:\Documents and Settings\Chan\My Documents\QxMD Medical Software.pptx
[2009/07/14 10:53:52 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/14 10:53:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chan\Local Settings\Application Data\Temp
[2009/07/11 16:44:12 | 00,001,445 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\backButton.png
[2009/07/11 16:42:16 | 00,001,130 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\darkCancelButton.png
[2009/07/11 16:42:07 | 00,001,080 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\lightCancelButton.png
[2009/07/11 16:39:43 | 00,001,469 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\saveButton.png
[2009/07/11 16:33:10 | 00,004,096 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\._Picture 1.png
[2009/07/11 16:32:30 | 00,022,517 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\Picture 1.png
[2009/07/08 12:44:42 | 12,296,5176 | ---- | C] (Research In Motion) -- C:\Documents and Settings\Chan\Desktop\BlackBerry_JDE_4.3.0.exe
[2009/07/08 10:48:50 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/08 10:48:49 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/08 10:39:49 | 87,215,737 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\4.7.1.40.simpackage.fledge_niagara.zip
[2009/07/08 10:32:44 | 00,004,096 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\._ECGs new July 08
[2009/07/07 21:22:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chan\Desktop\ECGs new July 08
[2009/06/26 18:31:56 | 00,002,944 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\ParticleBlack.png
[2009/06/26 18:26:38 | 00,004,904 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\ParticleWhite.png
[2009/06/26 18:22:05 | 00,002,176 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\Particle.png
[2009/06/25 10:08:43 | 00,000,599 | ---- | C] () -- C:\Documents and Settings\Chan\Desktop\Shortcut to www.lnk
[2009/04/28 14:48:26 | 00,000,047 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/18 20:02:11 | 00,111,104 | ---- | C] () -- C:\WINDOWS\System32\Nviewlib.dll
[2009/04/18 20:02:11 | 00,107,008 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009/04/18 20:02:11 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009/04/18 20:02:11 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2009/04/18 20:02:11 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\vcedit.dll
[2009/04/18 20:02:11 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2009/04/18 20:02:11 | 00,000,887 | ---- | C] () -- C:\WINDOWS\CDMaster.ini
[2009/04/18 20:02:10 | 00,144,384 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/02/24 11:27:41 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/02/17 09:55:37 | 00,022,723 | ---- | C] () -- C:\WINDOWS\System32\ssp1ml3.dll
[2008/06/12 22:46:19 | 00,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/07/27 05:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2007/07/27 05:00:00 | 00,000,710 | ---- | C] () -- C:\WINDOWS\win.ini
[2007/07/27 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/07/17 22:39:35 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/17 22:39:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/17 22:39:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/17 22:39:29 | 21,288,30464 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/17 21:53:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/17 14:52:24 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/07/17 14:38:25 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2009/07/17 14:36:33 | 00,234,045 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\TrekBuddy-54788.jar
[2009/07/17 14:17:15 | 01,175,166 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\BBM_4.6.1.zip
[2009/07/17 14:06:25 | 00,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/17 14:06:25 | 00,435,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/17 14:06:25 | 00,068,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/17 10:56:51 | 04,115,114 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\QxMD Medical Software.pptx
[2009/07/16 21:07:41 | 00,183,200 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\CardioDownloads.jpg
[2009/07/16 21:07:16 | 00,177,061 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\NephDownloads.jpg
[2009/07/16 21:07:01 | 00,142,839 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\GIDownloads.jpg
[2009/07/16 21:06:45 | 00,170,213 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\HemeDownloads.jpg
[2009/07/16 21:06:31 | 00,119,893 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\pregDownloads.jpg
[2009/07/16 21:06:16 | 00,160,700 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\ecgDownloads.jpg
[2009/07/16 21:05:35 | 00,050,739 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\Downloads.xlsx
[2009/07/16 18:43:10 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/16 11:53:15 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/16 11:46:53 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/07/16 11:45:28 | 03,137,363 | R--- | M] () -- C:\Documents and Settings\Chan\Desktop\ComboFix.exe
[2009/07/15 15:52:45 | 00,676,979 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\QxMD Medical Software Technical.pptx
[2009/07/15 15:47:29 | 00,137,379 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\downloads.jpg
[2009/07/15 11:54:41 | 00,286,208 | ---- | M] () -- C:\i4bngpmt.exe
[2009/07/15 11:45:23 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chan\Desktop\OTL.exe
[2009/07/15 11:19:08 | 00,192,506 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\admob-mobile-metrics-march-09.pdf
[2009/07/15 11:18:56 | 00,249,521 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\admob-mobile-metrics-april-09.pdf
[2009/07/15 11:04:39 | 00,568,203 | ---- | M] () -- C:\Documents and Settings\Chan\My Documents\QxMD Phone Comparison.pptx
[2009/07/15 10:01:35 | 03,761,849 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\Rim Apps(2).zip
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 10:11:25 | 00,006,148 | ---- | M] () -- C:\.DS_Store
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/07/11 16:44:12 | 00,001,445 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\backButton.png
[2009/07/11 16:42:16 | 00,001,130 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\darkCancelButton.png
[2009/07/11 16:42:07 | 00,001,080 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\lightCancelButton.png
[2009/07/11 16:39:43 | 00,001,469 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\saveButton.png
[2009/07/11 16:33:10 | 00,004,096 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\._Picture 1.png
[2009/07/11 16:32:30 | 00,022,517 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\Picture 1.png
[2009/07/08 12:47:50 | 12,296,5176 | ---- | M] (Research In Motion) -- C:\Documents and Settings\Chan\Desktop\BlackBerry_JDE_4.3.0.exe
[2009/07/08 10:42:03 | 87,215,737 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\4.7.1.40.simpackage.fledge_niagara.zip
[2009/07/08 10:32:47 | 00,006,148 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\.DS_Store
[2009/07/08 10:32:44 | 00,004,096 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\._ECGs new July 08
[2009/06/26 18:31:56 | 00,002,944 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\ParticleBlack.png
[2009/06/26 18:26:38 | 00,004,904 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\ParticleWhite.png
[2009/06/26 18:22:06 | 00,002,176 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\Particle.png
[2009/06/25 10:08:43 | 00,000,599 | ---- | M] () -- C:\Documents and Settings\Chan\Desktop\Shortcut to www.lnk
< End of report >
  • 0

#8
kahdah
Posted 18 July 2009 - 05:36 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Looks good how are things running?
  • 0

#9
Sunny Dee
Posted 23 July 2009 - 10:23 AM

Sunny Dee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
So far so good.. Just got back into town, so I'll give it a test drive and let you know...

Thanks a lot!
  • 0

#10
kahdah
Posted 24 July 2009 - 06:06 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)
Let me know and we will wrap it up.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP