Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Trojan

Started by reyer , Oct 26 2009 12:02 PM

  • Please log in to reply

#1
reyer
Posted 26 October 2009 - 12:02 PM

reyer

    New Member

  • Member
  • Pip
  • 5 posts
Hello, hoping i am able to get help here. i tried to clear a trojan with norton360 last night but forgot the exact name of the w32.**
now i cannot get access norton nor msn nor outlook, however i can surf the net. Hoping for some help here. thanks.

My HJT log is as follows

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:54 PM, on 2009-10-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\ATKGFNEX\GFNEXSrv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\ifxspmgt.exe
D:\WINDOWS\system32\ifxtcs.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\ASUS\Splendid\ACMON.exe
D:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
D:\Program Files\ATKOSD2\ATKOSD2.exe
D:\Program Files\Verudium\Verudium USB Network Server\NPW\NPWService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\ATK Hotkey\Hcontrol.exe
D:\WINDOWS\system32\ACEngSvr.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\system32\IfxPsdSv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\ATK Hotkey\ATKOSD.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
D:\Program Files\ATK Hotkey\KBFiltr.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
D:\Documents and Settings\junlong.tan.2008\Application Data\Dropbox\bin\Dropbox.exe
D:\Program Files\ATK Hotkey\WDC.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
D:\WINDOWS\system32\rundll32.exe
D:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] "D:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [Power_Gear] D:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ATKOSD2] "D:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [ATKHOTKEY] "D:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] D:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\junlong.tan.2008\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dropbox.lnk = D:\Documents and Settings\junlong.tan.2008\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: ObjectDock Plus.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download Link Using Mega Manager... - D:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\verudium\verudium usb network server\npw\npwprint.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...com/dlmanager/v ... .2.4.2.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...n.com/Messenger ... E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...der.com/resourc ... oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary*reyer ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...n.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.smu.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = student.smu.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.smu.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = student.smu.edu.sg
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\WINDOWS\system32\wbsys.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - D:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca30aa80f8cfa6) (gupdate1ca30aa80f8cfa6) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - D:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - D:\WINDOWS\system32\ifxtcs.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MySQL41 - Unknown owner - D:\Program.exe (file missing)
O23 - Service: NPWService - Unknown owner - D:\Program Files\Verudium\Verudium USB Network Server\NPW\NPWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - D:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 13829 bytes
  • 0

Advertisements

#2
reyer
Posted 26 October 2009 - 12:28 PM

reyer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL logfile created on: 2009-10-27 2:23:30 AM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = D:\Documents and Settings\junlong.tan.2008\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 98.05% Memory free
4.00 Gb Paging File | 3.91 Gb Available in Paging File | 97.75% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 40.00 Gb Total Space | 26.34 Gb Free Space | 65.84% Space Free | Partition Type: NTFS
Drive D: | 70.01 Gb Total Space | 6.26 Gb Free Space | 8.94% Space Free | Partition Type: NTFS
Drive E: | 122.87 Gb Total Space | 11.82 Gb Free Space | 9.62% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 3.68 Gb Total Space | 0.58 Gb Free Space | 15.74% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JUNLONGTAN2008
Current User Name: junlong.tan.2008
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009-10-27 02:22:42 | 00,521,728 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\junlong.tan.2008\Desktop\OTL.exe
PRC - [2009-09-11 00:08:45 | 00,908,280 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-09-08 21:09:42 | 00,305,440 | ---- | M] (Apple Inc.) -- D:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009-09-08 21:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- D:\Program Files\iPod\bin\iPodService.exe
PRC - [2009-08-28 11:27:42 | 26,784,939 | ---- | M] () -- D:\Documents and Settings\junlong.tan.2008\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009-08-06 17:51:54 | 00,613,128 | ---- | M] (http://tortoisesvn.net) -- D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009-07-26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-07-14 02:51:28 | 06,591,104 | ---- | M] () -- D:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
PRC - [2009-05-29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009-05-21 14:01:02 | 17,881,600 | ---- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS\RTHDCPL.EXE
PRC - [2009-04-16 13:36:36 | 24,264,488 | R--- | M] (Skype Technologies S.A.) -- D:\Program Files\Skype\Phone\Skype.exe
PRC - [2009-03-16 18:47:48 | 00,077,360 | R--- | M] (Skype Technologies) -- D:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009-03-11 05:22:16 | 03,581,680 | ---- | M] (Stardock) -- D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2009-02-06 18:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009-02-06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008-10-25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008-10-21 10:41:04 | 00,462,848 | ---- | M] () -- D:\Program Files\Verudium\Verudium USB Network Server\NPW\NPWService.exe
PRC - [2008-07-26 08:48:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvsvc32.exe
PRC - [2008-04-14 10:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Explorer.EXE
PRC - [2008-01-29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007-11-16 12:42:24 | 01,024,000 | ---- | M] (Synaptics, Inc.) -- D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007-09-25 16:10:50 | 02,007,088 | ---- | M] (FlashGet.com) -- D:\Program Files\FlashGet\FlashGet.exe
PRC - [2007-08-08 00:08:40 | 00,094,208 | ---- | M] () -- D:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007-07-03 10:48:02 | 07,708,672 | ---- | M] () -- D:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007-06-29 15:44:06 | 00,225,280 | ---- | M] () -- D:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007-06-28 17:40:12 | 00,090,112 | ---- | M] () -- D:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007-06-26 16:23:38 | 00,851,968 | ---- | M] (ATK) -- D:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007-05-23 16:56:14 | 02,420,736 | ---- | M] () -- D:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007-05-22 16:57:26 | 02,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007-04-26 14:53:38 | 00,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2007-04-17 13:39:42 | 00,077,824 | ---- | M] () -- D:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007-03-04 11:29:34 | 00,677,408 | ---- | M] (Infineon Technologies AG) -- D:\WINDOWS\System32\ifxspmgt.exe
PRC - [2007-02-28 22:32:30 | 00,140,832 | ---- | M] (Infineon Technologies AG) -- D:\WINDOWS\System32\IfxPsdSv.exe
PRC - [2007-02-28 22:12:50 | 00,849,440 | ---- | M] (Infineon Technologies AG) -- D:\WINDOWS\System32\ifxtcs.exe
PRC - [2007-02-27 20:21:08 | 00,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007-02-25 21:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007-01-10 01:29:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006-07-26 18:01:06 | 00,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
PRC - [2006-01-23 23:14:10 | 00,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005-07-06 15:43:42 | 00,155,648 | ---- | M] (ASUSTeK) -- D:\WINDOWS\System32\ACEngSvr.exe

========== Win32 Services (SafeList) ==========

SRV - [2009-09-09 01:33:34 | 00,133,104 | ---- | M] (Google Inc.) -- D:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca30aa80f8cfa6 [Auto | Stopped])
SRV - [2009-09-09 01:32:33 | 00,194,032 | ---- | M] (Google) -- D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2009-09-08 21:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- D:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009-07-14 02:51:28 | 06,591,104 | ---- | M] () -- D:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe -- (MySQL41 [Auto | Running])
SRV - [2009-05-29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009-03-10 22:29:59 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008-11-04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2008-10-25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008-10-21 10:41:04 | 00,462,848 | ---- | M] () -- D:\Program Files\Verudium\Verudium USB Network Server\NPW\NPWService.exe -- (NPWService [Auto | Running])
SRV - [2008-08-07 21:42:12 | 01,251,720 | ---- | M] () -- D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008-07-26 08:48:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008-07-18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- D:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008-07-18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- D:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008-04-14 10:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008-01-29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
SRV - [2007-09-12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007-08-08 00:08:40 | 00,094,208 | ---- | M] () -- D:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv [Auto | Running])
SRV - [2007-03-04 11:29:34 | 00,677,408 | ---- | M] (Infineon Technologies AG) -- D:\WINDOWS\System32\ifxspmgt.exe -- (IFXSpMgtSrv [Auto | Running])
SRV - [2007-02-28 22:32:30 | 00,140,832 | ---- | M] (Infineon Technologies AG) -- D:\WINDOWS\System32\IfxPsdSv.exe -- (PersonalSecureDriveService [Auto | Running])
SRV - [2007-02-28 22:12:50 | 00,849,440 | ---- | M] (Infineon Technologies AG) -- D:\WINDOWS\System32\ifxtcs.exe -- (IFXTCS [Auto | Running])
SRV - [2007-02-25 21:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto | Running])
SRV - [2007-01-12 23:10:58 | 00,049,248 | ---- | M] (Symantec Corporation) -- D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [2007-01-10 01:29:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Running])
SRV - [2007-01-10 01:29:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2007-01-10 01:29:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2007-01-10 01:29:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006-10-18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Modules (SafeList) ==========

MOD - [2009-10-27 02:22:42 | 00,521,728 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\junlong.tan.2008\Desktop\OTL.exe
MOD - [2008-07-22 10:53:50 | 00,530,004 | ---- | M] (Stardock Corporation) -- D:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll
MOD - [2008-04-26 16:14:24 | 00,028,740 | ---- | M] (Stardock.Net, Inc) -- D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll
MOD - [2008-04-26 16:14:22 | 00,042,672 | ---- | M] (Stardock.Net, Inc) -- D:\WINDOWS\System32\wbsys.dll
MOD - [2008-04-14 10:42:52 | 01,054,208 | R--- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2007-05-19 00:13:08 | 00,053,329 | ---- | M] (www.flashget.com) -- D:\Program Files\FlashGet\fgmgr.dll
MOD - [2007-04-24 15:22:12 | 00,112,400 | ---- | M] () -- D:\Program Files\Stardock\ObjectDock\DockShellHook.dll
MOD - [2004-08-04 20:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\serwvdrv.dll
MOD - [2004-08-04 20:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\umdmxfrm.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 29 47 57 AB 1D CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.01
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.38
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-02 03:00:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: D:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-02-10 13:16:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2009-10-25 02:04:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2009-10-26 18:52:44 | 00,000,000 | ---D | M]

[2009-02-10 11:16:46 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\mozilla\Extensions
[2009-02-10 11:16:46 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-10-27 01:40:02 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\mozilla\Firefox\Profiles\l5l3eztb.default\extensions
[2009-10-26 18:53:19 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\mozilla\Firefox\Profiles\l5l3eztb.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
[2009-06-06 22:54:57 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\mozilla\Firefox\Profiles\l5l3eztb.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009-08-18 00:13:29 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\mozilla\Firefox\Profiles\l5l3eztb.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009-10-26 18:53:19 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\mozilla\Firefox\Profiles\l5l3eztb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2009-08-18 00:13:29 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\mozilla\Firefox\Profiles\l5l3eztb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-10-26 21:32:01 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\mozilla\Firefox\Profiles\l5l3eztb.default\extensions\[email protected]
[2009-10-27 01:00:10 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions
[2009-09-11 00:08:46 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-03-23 19:27:54 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009-02-10 13:16:40 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009-06-01 17:58:43 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-08-17 22:15:50 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009-09-11 00:08:44 | 00,023,544 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-09-11 00:08:44 | 00,137,208 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009-07-25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009-02-06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- D:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009-09-11 00:08:45 | 00,065,016 | ---- | M] (mozilla.org) -- D:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006-10-26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- D:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009-02-27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008-09-11 03:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009-09-27 12:57:51 | 00,159,744 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009-09-27 12:57:51 | 00,159,744 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009-09-27 12:57:51 | 00,159,744 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009-09-27 12:57:51 | 00,159,744 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009-09-27 12:57:51 | 00,159,744 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009-09-27 12:57:51 | 00,159,744 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009-09-27 12:57:51 | 00,159,744 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008-09-11 03:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009-08-17 01:19:46 | 00,001,394 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009-08-17 01:19:46 | 00,002,193 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009-08-17 01:19:46 | 00,001,534 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009-08-17 01:19:46 | 00,002,344 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009-08-17 01:19:46 | 00,002,371 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-08-17 01:19:46 | 00,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009-08-17 01:19:46 | 00,000,792 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [ACMON] D:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKHOTKEY] D:\Program Files\ATK Hotkey\Hcontrol.exe ()
O4 - HKLM..\Run: [ATKOSD2] D:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] D:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSConfig] D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] D:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Power_Gear] D:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [QuickTime Task] D:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] D:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Google Update] D:\Documents and Settings\junlong.tan.2008\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [msnmsgr] D:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] D:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\ObjectDock Plus.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O4 - Startup: D:\Documents and Settings\junlong.tan.2008\Start Menu\Programs\Startup\Dropbox.lnk = D:\Documents and Settings\junlong.tan.2008\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download Link Using Mega Manager... - D:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Verudium\Verudium USB Network Server\NPW\NPWprint.dll (Elite Silicon Technology Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: edu.sg ([*.smu] * in Local intranet)
O15 - HKCU\..Trusted Domains: edu.sg ([*.smuconnect] * in Local intranet)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.2.cab (DLM Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.156.1.58 202.156.1.48 218.186.1.38
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.smu.edu.sg
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (D:\WINDOWS\system32\wbsys.dll) - D:\WINDOWS\System32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - D:\Program Files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll - D:\Program Files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll (Stardock Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 05:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009-10-26 18:52:36 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Real
[2009-10-26 18:52:36 | 00,000,000 | ---D | C] -- D:\Documents and Settings\junlong.tan.2008\Application Data\Real
[2009-10-26 18:52:36 | 00,000,000 | ---D | C] -- D:\Documents and Settings\junlong.tan.2008\Local Settings\Application Data\Real
[2009-10-20 12:26:30 | 00,000,000 | ---D | C] -- D:\Program Files\Heroes of Newerth
[2009-10-26 18:52:34 | 00,000,000 | ---D | C] -- D:\Program Files\iPhone Tunnel Suite 2.7 BETA
[2009-10-27 02:23:59 | 00,472,064 | ---- | C] ( ) -- D:\Documents and Settings\junlong.tan.2008\Desktop\RootRepeal.exe
[2009-10-27 02:22:39 | 00,521,728 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\junlong.tan.2008\Desktop\OTL.exe
[2009-10-27 00:25:11 | 00,000,000 | ---D | C] -- D:\SDFix
[2009-10-27 00:22:26 | 00,271,872 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\junlong.tan.2008\Desktop\TFC.exe
[2009-10-26 21:30:58 | 00,000,000 | ---D | C] -- D:\WINDOWS\BDOSCAN8
[2009-10-26 20:36:52 | 00,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
[2009-10-26 20:36:52 | 00,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
[2009-10-26 20:36:52 | 00,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
[2009-10-26 20:36:52 | 00,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2009-10-26 20:35:16 | 00,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[2009-10-26 20:34:31 | 00,000,000 | ---D | C] -- D:\Qoobox
[2009-10-26 18:52:44 | 00,000,000 | ---D | C] -- D:\Documents and Settings\junlong.tan.2008\Desktop\SE Project
[2009-10-26 18:52:44 | 00,000,000 | ---D | C] -- D:\Documents and Settings\junlong.tan.2008\Desktop\New Folder (2)
[2009-10-26 18:52:23 | 00,000,000 | ---D | C] -- D:\Config.Msi
[2009-10-25 02:25:16 | 00,000,000 | ---D | C] -- D:\Documents and Settings\junlong.tan.2008\My Documents\eXtreme Movie Manager 7
[2009-10-25 02:04:39 | 00,287,744 | ---- | C] (Kristal StudioDFileDescription) -- D:\WINDOWS\System32\divxa32.acm
[2009-10-25 02:04:39 | 00,118,784 | ---- | C] (fccHandler) -- D:\WINDOWS\System32\ac3acm.acm
[2009-10-20 19:48:41 | 00,000,000 | ---D | C] -- D:\Documents and Settings\junlong.tan.2008\Desktop\Comms
[2009-10-20 18:28:47 | 00,000,000 | ---D | C] -- D:\Documents and Settings\junlong.tan.2008\Desktop\Photoshop Brushes
[2009-10-20 12:27:01 | 00,000,000 | ---D | C] -- D:\Documents and Settings\junlong.tan.2008\My Documents\Heroes of Newerth
[2009-03-12 01:06:57 | 00,168,192 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\GenHC.sys
[2008-11-25 16:57:48 | 00,027,136 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\GenBus.sys
[2008-08-08 04:19:21 | 00,005,632 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\kbfiltr.sys

========== Files - Modified Within 14 Days ==========

[2009-10-27 02:24:17 | 00,000,000 | ---- | M] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\settings.dat
[2009-10-27 02:24:01 | 00,472,064 | ---- | M] ( ) -- D:\Documents and Settings\junlong.tan.2008\Desktop\RootRepeal.exe
[2009-10-27 02:22:42 | 00,521,728 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\junlong.tan.2008\Desktop\OTL.exe
[2009-10-27 02:11:00 | 00,001,022 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-818368676-931757178-618671499-35043UA.job
[2009-10-27 01:41:00 | 00,000,906 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009-10-27 01:41:00 | 00,000,902 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-10-27 01:23:14 | 00,047,104 | ---- | M] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\Win32kDiag.exe
[2009-10-27 01:14:32 | 00,000,669 | ---- | M] () -- D:\WINDOWS\win.ini
[2009-10-27 01:14:32 | 00,000,227 | ---- | M] () -- D:\WINDOWS\system.ini
[2009-10-27 00:58:17 | 00,195,241 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2009-10-27 00:46:50 | 00,002,262 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2009-10-27 00:46:38 | 00,000,868 | ---- | M] () -- D:\WINDOWS\tasks\Google Software Updater.job
[2009-10-27 00:46:14 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009-10-27 00:46:12 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2009-10-27 00:46:08 | 32,204,26752 | -HS- | M] () -- D:\hiberfil.sys
[2009-10-27 00:41:34 | 00,000,686 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\HOSTS
[2009-10-27 00:22:28 | 00,271,872 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\junlong.tan.2008\Desktop\TFC.exe
[2009-10-27 00:22:12 | 01,529,241 | ---- | M] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\SDFix.exe
[2009-10-26 23:17:34 | 02,716,271 | ---- | M] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\lastlove261009.zip
[2009-10-26 20:33:37 | 03,436,986 | R--- | M] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\ComboFix.exe
[2009-10-26 20:09:55 | 00,147,456 | ---- | M] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\catchme.exe
[2009-10-26 19:17:49 | 00,001,590 | ---- | M] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\Heroes of Newerth.lnk
[2009-10-26 11:11:02 | 00,000,970 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-818368676-931757178-618671499-35043Core.job
[2009-10-25 20:08:39 | 00,240,247 | ---- | M] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\Project v8.xlsm
[2009-10-25 17:31:14 | 00,229,338 | ---- | M] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\Project v6.xlsm
[2009-10-25 16:34:12 | 00,203,065 | ---- | M] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\Seo Heng.xlsm
[2009-10-25 15:24:13 | 00,220,297 | ---- | M] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\Copy of combined.xlsm
[2009-10-25 12:00:02 | 00,000,314 | ---- | M] () -- D:\WINDOWS\tasks\Security Platform Backup Schedule.job
[2009-10-25 06:11:34 | 00,077,312 | ---- | M] () -- D:\WINDOWS\MBR.exe
[2009-10-23 18:20:42 | 00,194,126 | ---- | M] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\My file.xlsm
[2009-10-23 18:20:38 | 00,032,751 | ---- | M] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\Book1.xlsm
[2009-10-20 23:10:42 | 00,010,544 | ---- | M] () -- D:\Documents and Settings\junlong.tan.2008\My Documents\Good afternoon ladies and gentlemen.docx
[2009-10-20 22:37:03 | 00,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-10-19 22:38:54 | 00,011,311 | ---- | M] () -- D:\Documents and Settings\junlong.tan.2008\My Documents\Book1.xlsx
[2009-10-19 18:06:53 | 00,000,025 | ---- | M] () -- D:\WINDOWS\popcinfot.dat
[2009-10-19 18:05:10 | 00,043,520 | ---- | M] () -- D:\Documents and Settings\junlong.tan.2008\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-19 03:08:10 | 00,001,393 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2009-10-15 20:21:20 | 00,009,829 | ---- | M] () -- D:\Documents and Settings\junlong.tan.2008\My Documents\lala.xlsx
[2009-10-15 03:09:54 | 00,522,480 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2009-10-15 03:09:54 | 00,456,872 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2009-10-15 03:09:54 | 00,075,612 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat

========== Files - No Company Name ==========
[2009-10-27 01:23:14 | 00,047,104 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\Win32kDiag.exe
[2009-10-27 00:46:08 | 32,204,26752 | -HS- | C] () -- D:\hiberfil.sys
[2009-10-27 00:20:49 | 01,529,241 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\SDFix.exe
[2009-10-26 23:17:30 | 02,716,271 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\lastlove261009.zip
[2009-10-26 20:36:52 | 00,236,544 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2009-10-26 20:36:52 | 00,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2009-10-26 20:36:52 | 00,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2009-10-26 20:36:52 | 00,077,312 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2009-10-26 20:36:52 | 00,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2009-10-26 20:33:05 | 03,436,986 | R--- | C] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\ComboFix.exe
[2009-10-26 20:09:53 | 00,147,456 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\catchme.exe
[2009-10-26 19:17:49 | 00,001,590 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\Heroes of Newerth.lnk
[2009-10-25 18:38:29 | 00,240,247 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\Project v8.xlsm
[2009-10-25 16:37:17 | 00,229,338 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\Project v6.xlsm
[2009-10-25 15:30:15 | 00,203,065 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\Seo Heng.xlsm
[2009-10-25 02:04:39 | 00,000,414 | ---- | C] () -- D:\WINDOWS\System32\lame_acm.xml
[2009-10-23 18:21:52 | 00,220,297 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\Copy of combined.xlsm
[2009-10-23 12:07:28 | 00,194,126 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\My file.xlsm
[2009-10-20 23:10:39 | 00,010,544 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\My Documents\Good afternoon ladies and gentlemen.docx
[2009-10-19 22:48:31 | 00,032,751 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\Desktop\Book1.xlsm
[2009-10-19 21:17:06 | 00,011,311 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\My Documents\Book1.xlsx
[2009-10-19 18:06:52 | 00,000,025 | ---- | C] () -- D:\WINDOWS\popcinfot.dat
[2009-10-15 20:16:47 | 00,009,829 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\My Documents\lala.xlsx
[2009-10-03 14:42:12 | 00,000,096 | ---- | C] () -- D:\WINDOWS\WirelessFTP.INI
[2009-09-27 13:02:05 | 00,180,224 | ---- | C] () -- D:\WINDOWS\System32\QTCF.dll
[2009-09-03 11:21:41 | 00,043,212 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\Local Settings\Application Data\ModelerExeDebug.txt
[2009-08-17 18:21:21 | 00,004,767 | ---- | C] () -- D:\WINDOWS\Irremote.ini
[2009-07-25 02:48:11 | 00,073,728 | ---- | C] () -- D:\WINDOWS\System32\scard.dll
[2009-06-21 01:22:45 | 00,000,262 | ---- | C] () -- D:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009-05-12 22:37:26 | 00,168,448 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll
[2009-05-12 22:37:20 | 00,795,648 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2009-05-12 22:37:20 | 00,130,048 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2009-05-12 22:37:19 | 03,596,288 | ---- | C] () -- D:\WINDOWS\System32\qt-dx331.dll
[2009-05-12 22:37:15 | 00,084,480 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2009-05-12 22:37:15 | 00,000,547 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-04-21 14:59:46 | 00,000,600 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\Application Data\winscp.rnd
[2009-03-25 02:05:49 | 00,598,016 | ---- | C] () -- D:\WINDOWS\System32\ImageProcess.dll
[2009-03-25 02:05:06 | 00,131,072 | ---- | C] () -- D:\WINDOWS\System32\TransSaveStatus.dll
[2009-03-18 02:03:24 | 00,087,552 | ---- | C] () -- D:\WINDOWS\System32\cpwmon2k.dll
[2009-03-11 04:51:14 | 00,000,081 | ---- | C] () -- D:\WINDOWS\WB.ini
[2009-03-05 19:13:07 | 00,717,296 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys
[2009-03-03 15:40:41 | 00,000,050 | ---- | C] () -- D:\WINDOWS\MegaManager.INI
[2009-03-03 12:18:04 | 00,073,728 | ---- | C] () -- D:\WINDOWS\System32\RtNicProp32.dll
[2009-02-21 08:25:20 | 00,691,592 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.DLL
[2009-02-19 22:39:49 | 02,463,976 | ---- | C] () -- D:\WINDOWS\System32\NPSWF32.dll
[2009-02-12 14:31:28 | 00,000,229 | ---- | C] () -- D:\WINDOWS\hpbafd.ini
[2009-02-10 17:50:16 | 00,043,520 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-02-10 12:20:25 | 00,078,392 | ---- | C] () -- D:\Documents and Settings\junlong.tan.2008\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009-02-10 10:57:44 | 00,000,271 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2009-01-05 15:44:10 | 00,000,453 | ---- | C] () -- D:\WINDOWS\bdoscandellang.ini
[2008-10-20 16:20:26 | 03,726,706 | -H-- | C] () -- D:\Documents and Settings\junlong.tan.2008\Local Settings\Application Data\IconCache.db
[2008-10-20 16:19:21 | 00,000,062 | -HS- | C] () -- D:\Documents and Settings\junlong.tan.2008\Application Data\desktop.ini
[2008-08-20 23:13:42 | 00,000,000 | ---- | C] () -- D:\WINDOWS\tosOBEX.INI
[2008-08-12 14:51:20 | 00,000,754 | ---- | C] () -- D:\WINDOWS\WORDPAD.INI
[2008-08-08 05:09:38 | 00,005,760 | ---- | C] () -- D:\WINDOWS\System32\drivers\ATKACPI.sys
[2008-08-08 04:35:19 | 00,000,062 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\desktop.ini
[2008-08-08 04:17:55 | 01,769,984 | ---- | C] () -- D:\WINDOWS\System32\drivers\snp2uvc.sys
[2008-08-08 04:17:55 | 00,028,160 | ---- | C] () -- D:\WINDOWS\System32\drivers\sncduvc.sys
[2008-08-08 04:07:23 | 00,016,480 | ---- | C] () -- D:\WINDOWS\System32\rixdicon.dll
[2008-08-08 03:16:36 | 01,724,416 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll
[2008-08-08 03:16:36 | 01,101,824 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll
[2008-08-08 03:16:36 | 00,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll
[2008-08-08 03:16:35 | 01,499,136 | ---- | C] () -- D:\WINDOWS\System32\nview.dll
[2008-08-08 03:09:22 | 00,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll
[2007-09-27 10:51:02 | 00,020,698 | ---- | C] () -- D:\WINDOWS\System32\idxcntrs.ini
[2007-09-27 10:48:48 | 00,030,628 | ---- | C] () -- D:\WINDOWS\System32\gsrvctr.ini
[2007-09-27 10:48:28 | 00,031,698 | ---- | C] () -- D:\WINDOWS\System32\gthrctr.ini
[2006-12-05 13:05:04 | 00,114,688 | ---- | C] () -- D:\WINDOWS\System32\TosBtAcc.dll
[2005-07-22 21:30:18 | 00,065,536 | ---- | C] () -- D:\WINDOWS\System32\TosCommAPI.dll
[2004-08-04 20:00:00 | 00,000,669 | ---- | C] () -- D:\WINDOWS\win.ini
[2004-08-04 20:00:00 | 00,000,227 | ---- | C] () -- D:\WINDOWS\system.ini

========== LOP Check ==========

[2009-10-26 18:52:36 | 00,000,000 | RH-D | M] -- D:\Documents and Settings\All Users\Application Data
[2009-03-17 23:02:58 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009-02-10 11:15:13 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009-09-15 22:44:31 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009-04-08 02:27:46 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009-03-12 02:01:00 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\ALM
[2009-08-17 20:38:33 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\createpart
[2009-04-01 18:37:03 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\CyberLink
[2009-03-06 16:54:36 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009-08-17 20:39:07 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\deletepart
[2009-08-17 18:59:32 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\explauncher
[2009-03-11 22:01:49 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\FLEXnet
[2009-09-03 10:58:06 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\IBM
[2008-08-08 05:30:08 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Infineon
[2009-08-17 18:59:31 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\launcher
[2009-08-17 20:37:01 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\mergeparts
[2009-04-26 17:18:09 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009-02-10 19:16:45 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MySQL
[2009-08-26 03:06:21 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PopCap Games
[2009-08-17 18:59:35 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\redistpart
[2009-03-18 16:28:35 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009-10-26 18:52:36 | 00,000,000 | RH-D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data
[2009-06-01 17:54:58 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\BSplayer PRO
[2009-03-06 17:01:45 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\DAEMON Tools Lite
[2009-02-09 11:04:15 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\Download Manager
[2009-10-27 00:59:24 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\Dropbox
[2009-03-02 22:03:53 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\Megaupload
[2009-03-16 20:56:09 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\Mp3tag
[2009-10-24 22:02:01 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\MySQL
[2009-02-12 10:13:02 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\Notepad++
[2009-08-24 23:33:52 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\Subversion
[2009-10-19 03:00:25 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\Thinstall
[2009-09-25 18:02:27 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\TortoiseSVN
[2009-09-11 11:48:08 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\U3
[2009-06-21 01:24:45 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\Ventrilo
[2009-02-10 12:25:32 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\Windows Desktop Search
[2009-02-10 17:51:40 | 00,000,000 | ---D | M] -- D:\Documents and Settings\junlong.tan.2008\Application Data\Windows Search
[2009-10-20 22:37:03 | 00,000,284 | ---- | M] () -- D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004-08-04 20:00:00 | 00,000,065 | RH-- | M] () -- D:\WINDOWS\Tasks\desktop.ini
[2009-10-27 00:46:38 | 00,000,868 | ---- | M] () -- D:\WINDOWS\Tasks\Google Software Updater.job
[2009-10-27 01:41:00 | 00,000,902 | ---- | M] () -- D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009-10-27 01:41:00 | 00,000,906 | ---- | M] () -- D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009-10-26 11:11:02 | 00,000,970 | ---- | M] () -- D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-818368676-931757178-618671499-35043Core.job
[2009-10-27 02:11:00 | 00,001,022 | ---- | M] () -- D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-818368676-931757178-618671499-35043UA.job
[2009-10-27 00:46:14 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\Tasks\SA.DAT
[2009-10-25 12:00:02 | 00,000,314 | ---- | M] () -- D:\WINDOWS\Tasks\Security Platform Backup Schedule.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008-04-14 10:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\ERDNT\cache\eventlog.dll
[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008-04-14 10:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\eventlog.dll
[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008-04-14 10:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008-04-14 10:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\ERDNT\cache\scecli.dll
[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008-04-14 10:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\scecli.dll
[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008-04-14 10:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008-04-14 10:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\ERDNT\cache\netlogon.dll
[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008-04-14 10:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\netlogon.dll
[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008-04-14 10:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[iastor.sys : MD5=309C4D86D989FB1FCF64BD30DC81C51B] -> [2008-05-06 07:13:54 | 00,874,240 | ---- | M] (Intel Corporation) -- D:\WINDOWS\NLDRV\001\iastor.sys
[iastor.sys : MD5=E5A0034847537EAEE3C00349D5C34C5F] -> [2008-05-06 07:14:24 | 00,308,248 | ---- | M] (Intel Corporation) -- D:\WINDOWS\NLDRV\002\iastor.sys
[iaStor.sys : MD5=E5A0034847537EAEE3C00349D5C34C5F] -> [2007-09-29 23:03:12 | 00,308,248 | ---- | M] (Intel Corporation) -- D:\WINDOWS\System32\drivers\iaStor.sys
[iaStor.sys : MD5=E5A0034847537EAEE3C00349D5C34C5F] -> [2008-05-06 07:14:24 | 00,308,248 | ---- | M] (Intel Corporation) -- D:\WINDOWS\System32\ReinstallBackups\0001\DriverFiles\iaStor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008-04-14 08:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< End of report >
  • 0

#3
reyer
Posted 26 October 2009 - 12:28 PM

reyer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL Extras logfile created on: 2009-10-27 2:23:30 AM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = D:\Documents and Settings\junlong.tan.2008\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 98.05% Memory free
4.00 Gb Paging File | 3.91 Gb Available in Paging File | 97.75% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 40.00 Gb Total Space | 26.34 Gb Free Space | 65.84% Space Free | Partition Type: NTFS
Drive D: | 70.01 Gb Total Space | 6.26 Gb Free Space | 8.94% Space Free | Partition Type: NTFS
Drive E: | 122.87 Gb Total Space | 11.82 Gb Free Space | 9.62% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 3.68 Gb Total Space | 0.58 Gb Free Space | 15.74% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JUNLONGTAN2008
Current User Name: junlong.tan.2008
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- D:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- D:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "D:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "D:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "D:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "D:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "D:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3306:TCP" = 3306:TCP:*:Enabled:MySQL Server
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3306:TCP" = 3306:TCP:*:Enabled:MySQL Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"D:\Program Files\FlashGet\flashget.exe" = D:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Program Files\Bonjour\mDNSResponder.exe" = D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe" = D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"D:\Program Files\Skype\Phone\Skype.exe" = D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Program Files\Bonjour\mDNSResponder.exe" = D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"D:\Program Files\Messenger\msmsgs.exe" = D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"D:\Program Files\Verudium\Verudium USB Network Server\NPW\NPWService.exe" = D:\Program Files\Verudium\Verudium USB Network Server\NPW\NPWService.exe:*:Enabled:NPWService -- ()
"D:\Program Files\Ventrilo\Ventrilo.exe" = D:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe" = D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"D:\Program Files\Skype\Phone\Skype.exe" = D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0BEED401-F0D4-411B-8670-3586C55849EA}" = Verudium USB Network Server
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E2EE98E-17AE-4798-8F8C-64E49CA86D20}" = MySQL Server 5.1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = GearDrvs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B802EBE-CDAD-477C-9AD4-069615D377EB}" = Remote Controller
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component
"{32A3A4F4-B792-11D6-A78A-00B0D0160120}" = Java™ SE Development Kit 6 Update 12
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54A41AF7-7777-4471-94E1-03798403444C}" = TortoiseSVN 1.6.4.16808 (32 bit)
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5CA7899B-FFEC-4254-A05B-448420831F37}" = Championship Manager 2010
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A6DCB18-3ECB-46DC-894B-5EFE08C0BD9B}" = Mega Manager
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C1877F6E-C1C8-486D-A697-86431029690C}" = Microsoft Office Project 2007 Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{75EC8FFC-B913-4991-B3A1-22576D2FC45D}" = Microsoft Office Project 2007 Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92B1B3CC-EC78-45B8-96D0-8B3F11495864}" = Symantec Technical Support Controls
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C4C30D38-3B45-4C14-B27E-E1DD33E0D592}" = InFlux Workbench
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C9274A75-0905-487E-BD78-C1D7A2106882}" = Symantec Real Time Storage Protection Component
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D104C1CF-7C12-4D32-9850-DDC99060DE5B}" = Infineon TPM Professional Package
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0
"{FE24D361-A3E8-11DE-88F3-005056806466}" = Google Earth Plug-in
"2DA959FE3D6F0F5BC313481E72071D510DD786FB" = Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39)
"593387a670d85e1b053e8c47178d655a" = IBM WebSphere Business Modeler Advanced Version 6.0.2
"693984b85d24c7bd162ed559cec96227" = IBM WebSphere Business Modeler Advanced Version 6.0.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"B85443866E9FD9203DE836DBCC8A4F6220A821C3" = Windows Driver Package - Intel (NETw5x32) net (07/08/2008 12.0.0.82)
"BE57D1272D9C5C030B25E27577AF5A6F67C26354" = Windows Driver Package - ITE Tech.Inc. (ITECIR) System (10/20/2006 3.05.4000.0)
"BSPlayerp" = BS.Player PRO
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Counter-Strike: Source_is1" = Counter-Strike Source
"DriverAgent.exe" = DriverAgent by TouchStone Software
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet" = FlashGet 1.9.6.1073
"Garena" = Garena
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0BEED401-F0D4-411B-8670-3586C55849EA}" = Verudium USB Network Server
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.8.0
"L4DSP" = Left 4 Dead Standalone Patch
"Left 4 Dead" = Left 4 Dead
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mp3tag" = Mp3tag v2.42
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nbi-nb-base-6.7.1.0.0" = NetBeans IDE 6.7.1
"nbi-tomcat-6.0.18.0.0" = Apache Tomcat 6.0.18
"Nero8Lite_is1" = Nero 8 Lite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock Plus" = ObjectDock Plus
"Picasa 3" = Picasa 3
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"PRJPRO" = Microsoft Office Project Professional 2007
"Samsung ML-1610 Series" = Samsung ML-1610 Series
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VISPRO" = Microsoft Office Visio Professional 2007
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"wePresent_is1" = wePresent
"WindowBlinds" = WindowBlinds
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"fd54a244cdbea815" = SMUVista Exam Browser
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-10-26 9:15:02 AM | Computer Name = JUNLONGTAN2008 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2009-10-26 9:18:58 AM | Computer Name = JUNLONGTAN2008 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2009-10-26 11:06:25 AM | Computer Name = JUNLONGTAN2008 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2009-10-26 11:06:25 AM | Computer Name = JUNLONGTAN2008 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2009-10-26 12:28:39 PM | Computer Name = JUNLONGTAN2008 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2009-10-26 12:28:39 PM | Computer Name = JUNLONGTAN2008 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2009-10-26 12:29:03 PM | Computer Name = JUNLONGTAN2008 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2009-10-26 12:46:31 PM | Computer Name = JUNLONGTAN2008 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2009-10-26 12:46:32 PM | Computer Name = JUNLONGTAN2008 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2009-10-26 12:46:47 PM | Computer Name = JUNLONGTAN2008 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ OSession Events ]
Error - 2009-08-18 6:15:28 AM | Computer Name = JUNLONGTAN2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2009-08-18 6:15:29 AM | Computer Name = JUNLONGTAN2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2009-08-18 6:15:38 AM | Computer Name = JUNLONGTAN2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2009-08-18 6:15:40 AM | Computer Name = JUNLONGTAN2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2009-08-18 6:15:51 AM | Computer Name = JUNLONGTAN2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2009-08-18 6:15:55 AM | Computer Name = JUNLONGTAN2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2009-08-18 6:16:01 AM | Computer Name = JUNLONGTAN2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2009-08-18 6:16:19 AM | Computer Name = JUNLONGTAN2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2009-08-19 7:49:12 PM | Computer Name = JUNLONGTAN2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 439
seconds with 240 seconds of active time. This session ended with a crash.

Error - 2009-09-08 7:31:31 AM | Computer Name = JUNLONGTAN2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2009-10-26 12:35:57 PM | Computer Name = JUNLONGTAN2008 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2009-10-26 12:36:02 PM | Computer Name = JUNLONGTAN2008 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2009-10-26 12:36:03 PM | Computer Name = JUNLONGTAN2008 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2009-10-26 12:46:31 PM | Computer Name = JUNLONGTAN2008 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SMUSTU due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 2009-10-26 12:46:32 PM | Computer Name = JUNLONGTAN2008 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 2009-10-26 12:46:32 PM | Computer Name = JUNLONGTAN2008 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 2009-10-26 12:47:37 PM | Computer Name = JUNLONGTAN2008 | Source = Service Control Manager | ID = 7000
Description = The NTPort Library Driver service failed to start due to the following
error: %%2

Error - 2009-10-26 12:47:37 PM | Computer Name = JUNLONGTAN2008 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 2009-10-26 1:01:35 PM | Computer Name = JUNLONGTAN2008 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 2009-10-26 1:31:37 PM | Computer Name = JUNLONGTAN2008 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.


< End of report >
  • 0

#4
reyer
Posted 26 October 2009 - 12:30 PM

reyer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/27 02:29
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xBA8B8000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xBA661000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xBACC4000 Size: 11648 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: D:\WINDOWS\System32\drivers\afd.sys
Address: 0xAC5C7000 Size: 138496 File Visible: - Signed: -
Status: -

Name: amyfqkg0.SYS
Image Path: D:\WINDOWS\System32\Drivers\amyfqkg0.SYS
Address: 0xB8445000 Size: 221184 File Visible: - Signed: -
Status: -

Name: arp1394.sys
Image Path: D:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xAF619000 Size: 60800 File Visible: - Signed: -
Status: -

Name: ASMMAP.sys
Image Path: D:\Program Files\ATKGFNEX\ASMMAP.sys
Address: 0xAB4E2000 Size: 28672 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xBA5F3000 Size: 98304 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -

Name: ATKACPI.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ATKACPI.sys
Address: 0xBADF2000 Size: 5760 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: D:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ATSwpDrv.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
Address: 0xAB25A000 Size: 139904 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: D:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBAEF4000 Size: 3072 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xBACC0000 Size: 16384 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: D:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBAE66000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: D:\WINDOWS\system32\BOOTVID.dll
Address: 0xBACB8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: catchme.sys
Image Path: D:\DOCUME~1\JUNLON~1.200\LOCALS~1\Temp\catchme.sys
Address: 0xA69A8000 Size: 30592 File Visible: No Signed: -
Status: -

Name: Cdfs.SYS
Image Path: D:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xA3E36000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: D:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xB95BE000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA908000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: D:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xBA05F000 Size: 13952 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xBACBC000 Size: 10240 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA8F8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xBA60B000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xBADAC000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: D:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBAA08000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: D:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA5D5B000 Size: 819200 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: D:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA70FB000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: D:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: D:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBAFFC000 Size: 4096 File Visible: - Signed: -
Status: -

Name: eeCtrl.sys
Image Path: D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Address: 0xAC42E000 Size: 385024 File Visible: - Signed: -
Status: -

Name: EraserUtilRebootDrv.sys
Image Path: D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Address: 0xAC31B000 Size: 118784 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: D:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA5E23000 Size: 143744 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: D:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xAE05D000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xBA50B000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: D:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBAE64000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xBA631000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: D:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xBABB0000 Size: 21120 File Visible: - Signed: -
Status: -

Name: GenBus.sys
Image Path: D:\WINDOWS\system32\DRIVERS\GenBus.sys
Address: 0xBAC28000 Size: 27136 File Visible: - Signed: -
Status: -

Name: generic.sys
Image Path: D:\WINDOWS\system32\DRIVERS\generic.sys
Address: 0xBABA8000 Size: 20480 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: D:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: D:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB88E7000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xADFDD000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xAD619000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: D:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xADE93000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: D:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA3D85000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: D:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xB95EE000 Size: 52480 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: iaStor.sys
Address: 0xBA52B000 Size: 819200 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: iaStor.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -

Name: IFXTPM.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
Address: 0xB95DE000 Size: 36608 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: D:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xB95CE000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: D:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xB960E000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAC7E1000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAC88E000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA8C8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: ITECIR.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ITECIR.sys
Address: 0xBABA0000 Size: 32768 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: D:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBAB90000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbfiltr.sys
Image Path: D:\WINDOWS\system32\DRIVERS\kbfiltr.sys
Address: 0xBADEA000 Size: 5632 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: D:\WINDOWS\system32\KDCOM.DLL
Address: 0xBADA8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB847B000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xBA4E2000 Size: 92928 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: D:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBAE68000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: D:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBACA8000 Size: 30080 File Visible: - Signed: -
Status: -

Name: MODEMCSA.sys
Image Path: D:\WINDOWS\system32\drivers\MODEMCSA.sys
Address: 0xB6235000 Size: 16128 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: D:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBAB98000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: D:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xAD67F000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA8D8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: D:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA4952000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAC52C000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: D:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xAF83A000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: D:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xB8F88000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: D:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA03F000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA40E000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xBA428000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBA05B000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xBAD8C000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB842E000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: D:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB8F48000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: D:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xAF609000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: D:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAC5E9000 Size: 162816 File Visible: - Signed: -
Status: -

Name: NETw5x32.sys
Image Path: D:\WINDOWS\system32\DRIVERS\NETw5x32.sys
Address: 0xB8570000 Size: 3630080 File Visible: - Signed: -
Status: -

Name: nic1394.sys
Image Path: D:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xBA958000 Size: 61824 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: D:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xAF832000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA455000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: D:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: D:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBAEF3000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: D:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF9D5000 Size: 6049792 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: D:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB8947000 Size: 6097536 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xBA8A8000 Size: 61696 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xBAE71000 Size: 4096 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBAB30000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xBA650000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCI_PNP4380
Image Path: \Driver\PCI_PNP4380
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBAE70000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBAB28000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: D:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB6553000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: D:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB841D000 Size: 69120 File Visible: - Signed: -
Status: -

Name: psd.sys
Image Path: D:\WINDOWS\System32\drivers\psd.sys
Address: 0xAF852000 Size: 32128 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBAC18000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBA918000 Size: 36320 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: D:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xAF998000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB958E000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: D:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xB8FA8000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: D:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB8F98000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: D:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBAC20000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: D:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAC59C000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: D:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBAE6A000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: D:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB83ED000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: D:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xB95AE000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rimmptsk.sys
Image Path: D:\WINDOWS\system32\DRIVERS\rimmptsk.sys
Address: 0xB95FE000 Size: 61440 File Visible: - Signed: -
Status: -

Name: rimsptsk.sys
Image Path: D:\WINDOWS\system32\DRIVERS\rimsptsk.sys
Address: 0xB8525000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rixdptsk.sys
Image Path: D:\WINDOWS\system32\DRIVERS\rixdptsk.sys
Address: 0xB84D4000 Size: 331776 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: D:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBAA48000 Size: 49152 File Visible: No Signed: -
Status: -

Name: Rtenicxp.sys
Image Path: D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
Address: 0xB854D000 Size: 141568 File Visible: - Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: D:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xB6577000 Size: 5263360 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: D:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xBA68F000 Size: 98304 File Visible: - Signed: -
Status: -

Name: sdbus.sys
Image Path: D:\WINDOWS\system32\DRIVERS\sdbus.sys
Address: 0xB8539000 Size: 79232 File Visible: - Signed: -
Status: -

Name: sffdisk.sys
Image Path: D:\WINDOWS\system32\DRIVERS\sffdisk.sys
Address: 0xB31B5000 Size: 11904 File Visible: - Signed: -
Status: -

Name: sffp_sd.sys
Image Path: D:\WINDOWS\system32\DRIVERS\sffp_sd.sys
Address: 0xB31B9000 Size: 11008 File Visible: - Signed: -
Status: -

Name: smserial.sys
Image Path: D:\WINDOWS\system32\DRIVERS\smserial.sys
Address: 0xB63C3000 Size: 980608 File Visible: - Signed: -
Status: -

Name: sncduvc.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\sncduvc.SYS
Address: 0xAD5D9000 Size: 28672 File Visible: - Signed: -
Status: -

Name: snp2uvc.sys
Image Path: D:\WINDOWS\system32\DRIVERS\snp2uvc.sys
Address: 0xAAFC5000 Size: 1769984 File Visible: - Signed: -
Status: -

Name: spns.sys
Image Path: spns.sys
Address: 0xBA6A7000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xBA4F9000 Size: 73472 File Visible: - Signed: -
Status: -

Name: SRTSPX.SYS
Image Path: D:\WINDOWS\System32\Drivers\SRTSPX.SYS
Address: 0xAF5F9000 Size: 36992 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: D:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA4838000 Size: 333952 File Visible: - Signed: -
Status: -

Name: STREAM.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xAD7E1000 Size: 53248 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: D:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBADF4000 Size: 4352 File Visible: - Signed: -
Status: -

Name: SYMDNS.SYS
Image Path: D:\WINDOWS\System32\Drivers\SYMDNS.SYS
Address: 0xA6A5E000 Size: 6016 File Visible: - Signed: -
Status: -

Name: SYMEVENT.SYS
Image Path: D:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Address: 0xAC7BC000 Size: 151552 File Visible: - Signed: -
Status: -

Name: SYMFW.SYS
Image Path: D:\WINDOWS\System32\Drivers\SYMFW.SYS
Address: 0xA4A39000 Size: 139008 File Visible: - Signed: -
Status: -

Name: SYMIDS.SYS
Image Path: D:\WINDOWS\System32\Drivers\SYMIDS.SYS
Address: 0xBA978000 Size: 33152 File Visible: - Signed: -
Status: -

Name: SymIDSCo.sys
Image Path: D:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20091006.001\SymIDSCo.sys
Address: 0xA49F7000 Size: 270336 File Visible: - Signed: -
Status: -

Name: symlcbrd.sys
Image Path: symlcbrd.sys
Address: 0xBAB38000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SYMNDIS.SYS
Image Path: D:\WINDOWS\System32\Drivers\SYMNDIS.SYS
Address: 0xAF262000 Size: 28288 File Visible: - Signed: -
Status: -

Name: SYMREDRV.SYS
Image Path: D:\WINDOWS\System32\Drivers\SYMREDRV.SYS
Address: 0xAF26A000 Size: 20608 File Visible: - Signed: -
Status: -

Name: SYMTDI.SYS
Image Path: D:\WINDOWS\System32\Drivers\SYMTDI.SYS
Address: 0xAC807000 Size: 184576 File Visible: - Signed: -
Status: -

Name: SynTP.sys
Image Path: D:\WINDOWS\system32\DRIVERS\SynTP.sys
Address: 0xB849E000 Size: 219136 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: D:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA4610000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: D:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAC835000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBAC10000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: D:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB8F78000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tosporte.sys
Image Path: D:\WINDOWS\system32\DRIVERS\tosporte.sys
Address: 0xB8F58000 Size: 41600 File Visible: - Signed: -
Status: -

Name: tosrfcom.sys
Image Path: D:\WINDOWS\System32\Drivers\tosrfcom.sys
Address: 0xB959E000 Size: 64000 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: D:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB838F000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: D:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xAF25A000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBADEC000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: D:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBAB88000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: D:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBAAF8000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB890F000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: D:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBAB80000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: D:\WINDOWS\System32\drivers\vga.sys
Address: 0xAF842000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB8933000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA8E8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: D:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xAF629000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: D:\WINDOWS\System32\watchdog.sys
Address: 0xA69A0000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: D:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA4463000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: D:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: D:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xBADAA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
  • 0

#5
reyer
Posted 26 October 2009 - 12:34 PM

reyer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Malwarebytes' Anti-Malware 1.41
Database version: 3036
Windows 5.1.2600 Service Pack 3

2009-10-27 2:34:24 AM
mbam-log-2009-10-27 (02-34-24).txt

Scan type: Quick Scan
Objects scanned: 120746
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP