Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Number.exe keep spawning

Started by h1._.n1a , Jun 21 2011 03:02 AM

  • Please log in to reply

#1
h1._.n1a
Posted 21 June 2011 - 03:02 AM

h1._.n1a

    Member

  • Member
  • PipPip
  • 11 posts
My pc process keep spawning up (number).exe and nice.exe which i know its a malware.i stop the process but when i restart my pc it came out again.i try to post this topic a couple of hours ago but with some reason i cannot open geekstogo.com.It says cannot connect remote server.I even try other browser but still cant.here is the log from using hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:58:55 PM, on 6/21/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Zulkifli\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Razer\DeathAdderBlackEdition\razerhid.exe
C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Razer\DeathAdderBlackEdition\razertra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\DeathAdderBlackEdition\razerofa.exe
C:\Program Files\Razer\DeathAdderBlackEdition\vdDaemon.exe
C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe
C:\Documents and Settings\Zulkifli\Application Data\951581123.exe
C:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\Zulkifli\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zulkifli\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zulkifli\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.flashget.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe"
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [DeathAdderBlackEdition] C:\Program Files\Razer\DeathAdderBlackEdition\razerhid.exe
O4 - HKLM\..\Run: [MSWUpdate] "C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/w...2"&"ver=9.0.872
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSWUpdate] "C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\dir\install\install\server.exe
O4 - HKLM\..\Policies\Explorer\Run: [Java] C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] c:\dir\install\install\server.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://software.kuaiche.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{23EE5872-0EBC-4A21-844C-A29646C0B772}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{23EE5872-0EBC-4A21-844C-A29646C0B772}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {67a8d718-268e-4a14-b356-ba36d64b1422} - (no file)
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Zulkifli/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Zulkifli/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 13815 bytes
  • 0

Advertisements

#2
RKinner
Posted 21 June 2011 - 10:24 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Uninstall all Java versions: (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

Boot into Safe Mode (reboot and when you hear the beep, see the PC Maker's logo or it mentions F8, start tapping the F8 key slowly. Keep tapping until you see the Safe Mode menu. Choose the top option. Log in as usual. Run HJT, scan only and check the box in front of these:

F2 - REG:system.ini: Shell=Explorer.exe "C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe"
O4 - HKLM\..\Run: [MSWUpdate] "C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe"
O4 - HKCU\..\Run: [MSWUpdate] "C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\dir\install\install\server.exe
O4 - HKLM\..\Policies\Explorer\Run: [Java] C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] c:\dir\install\install\server.exe

Then Fix Checked. Wait a minute and run a new scan. Do any of them come back? Which ones? Boot back into regular mode and try to download and run OTL:
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
h1._.n1a
Posted 22 June 2011 - 12:25 AM

h1._.n1a

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
This is the extra.txt logs
OTL Extras logfile created on: 6/22/2011 2:15:30 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Zulkifli\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 78.23% Memory free
5.09 Gb Paging File | 4.49 Gb Available in Paging File | 88.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 117.71 Gb Free Space | 60.27% Space Free | Partition Type: NTFS
Drive D: | 270.44 Gb Total Space | 270.07 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive E: | 76.69 Gb Total Space | 76.62 Gb Free Space | 99.91% Space Free | Partition Type: NTFS

Computer Name: CMZUL-PC | User Name: Zulkifli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UACDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58075:TCP" = 58075:TCP:*:Enabled:Pando Media Booster
"58075:UDP" = 58075:UDP:*:Enabled:Pando Media Booster
"58198:TCP" = 58198:TCP:*:Enabled:Pando Media Booster
"58198:UDP" = 58198:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"56623:TCP" = 56623:TCP:*:Enabled:Pando Media Booster
"56623:UDP" = 56623:UDP:*:Enabled:Pando Media Booster
"57904:TCP" = 57904:TCP:*:Enabled:Pando Media Booster
"57904:UDP" = 57904:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"58075:TCP" = 58075:TCP:*:Enabled:Pando Media Booster
"58075:UDP" = 58075:UDP:*:Enabled:Pando Media Booster
"58198:TCP" = 58198:TCP:*:Enabled:Pando Media Booster
"58198:UDP" = 58198:UDP:*:Enabled:Pando Media Booster
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"8370:TCP" = 8370:TCP:*:Enabled:League of Legends Launcher
"8370:UDP" = 8370:UDP:*:Enabled:League of Legends Launcher
"6883:TCP" = 6883:TCP:*:Enabled:League of Legends Launcher
"6883:UDP" = 6883:UDP:*:Enabled:League of Legends Launcher
"6981:TCP" = 6981:TCP:*:Enabled:League of Legends Launcher
"6981:UDP" = 6981:UDP:*:Enabled:League of Legends Launcher
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\Valve\Condition Zero\hl.exe" = C:\Valve\Condition Zero\hl.exe:*:Disabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\WIZET\MapleStory\hshield\HSUpdate.exe" = C:\Program Files\WIZET\MapleStory\hshield\HSUpdate.exe:*:Disabled:HSUpdate
"C:\Program Files\WIZET\MapleStory\Patcher.exe" = C:\Program Files\WIZET\MapleStory\Patcher.exe:*:Disabled:Patcher MFC ?? ????
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Valve\Condition Zero\hlds.exe" = C:\Valve\Condition Zero\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)
"C:\HLDS\hlds.exe" = C:\HLDS\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)
"C:\Program Files\Left 4 Dead 2\left4dead2.exe" = C:\Program Files\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2
"C:\Program Files\Garena beta 4.0\Garena.exe" = C:\Program Files\Garena beta 4.0\Garena.exe:*:Enabled:Garena
"C:\gPotato.com\Allods Online\bin\LAUNCHER0.exe.EXE" = C:\gPotato.com\Allods Online\bin\LAUNCHER0.exe.EXE:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\launcher-broken.EXE" = C:\gPotato.com\Allods Online\bin\launcher-broken.EXE:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\Launcher.exe.exe" = C:\gPotato.com\Allods Online\bin\Launcher.exe.exe:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\Launcher0.exe" = C:\gPotato.com\Allods Online\bin\Launcher0.exe:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\Allods Online\bin\Launcher.exe" = C:\gPotato.com\Allods Online\bin\Allods Online\bin\Launcher.exe:*:Enabled:Allods Online launcher.exe
"C:\gPotato.com\Allods Online\bin\Allods Online\bin\AOgame.exe" = C:\gPotato.com\Allods Online\bin\Allods Online\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe
"C:\gPotato.com\Allods Online\bin\LAUNCHER.EXE" = C:\gPotato.com\Allods Online\bin\LAUNCHER.EXE:*:Enabled:Allods Online launcher.exe
"C:\gPotato.com\Allods Online\bin\AOgame.exe" = C:\gPotato.com\Allods Online\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe
"C:\gPotato.com\Allods Online\bin\bin\Launcher.exe" = C:\gPotato.com\Allods Online\bin\bin\Launcher.exe:*:Enabled:Allods Online launcher.exe
"C:\gPotato.com\Allods Online\bin\bin\AOgame.exe" = C:\gPotato.com\Allods Online\bin\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe
"C:\gPotato.com\Allods Online\bin\Launcher00.exe" = C:\gPotato.com\Allods Online\bin\Launcher00.exe:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\bin\Launcher0.exe" = C:\gPotato.com\Allods Online\bin\bin\Launcher0.exe:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\Launcher000.exe" = C:\gPotato.com\Allods Online\bin\Launcher000.exe:*:Enabled:Allods Launcher
"C:\Program Files\CABAL Online (SG MY)\launcher\update\ESTdnheadless.exe" = C:\Program Files\CABAL Online (SG MY)\launcher\update\ESTdnheadless.exe:*:Disabled:EST! download engine
"L:\Allods Online\bin\Launcher0.exe" = L:\Allods Online\bin\Launcher0.exe:*:Enabled:Allods Launcher
"L:\Allods Online\bin\Launcher.exe" = L:\Allods Online\bin\Launcher.exe:*:Enabled:Allods Launcher
"C:\Program Files\MAIET\Gunz\GunzLauncher.exe" = C:\Program Files\MAIET\Gunz\GunzLauncher.exe:*:Enabled:Gunz
"C:\Program Files\ijji\ijji REACTOR\REACTOR.exe" = C:\Program Files\ijji\ijji REACTOR\REACTOR.exe:*:Enabled:Reactor Application
"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\ijji\ENGLISH\Gunz\Gunz.exe" = C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Disabled:Gunz
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver
"L:\Allods Online\BIN\Launcher000.exe" = L:\Allods Online\BIN\Launcher000.exe:*:Enabled:Allods Launcher
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe" = C:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju3A.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju3A.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\xxxwrp010yyzz\bin\javaw.exe" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\xxxwrp010yyzz\bin\javaw.exe:*:enabled:@xpsp2res.dll,-22019
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju42.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju42.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju4A.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju4A.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows -- (Ares Development Group)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
"C:\Documents and Settings\Zulkifli\Desktop\Wtv\wtvClient.exe" = C:\Documents and Settings\Zulkifli\Desktop\Wtv\wtvClient.exe:*:Enabled:wtvClient
"C:\frozen throne 1.24b\Wtv\wtvClient.exe" = C:\frozen throne 1.24b\Wtv\wtvClient.exe:*:Enabled:wtvClient -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju91.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju91.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju1B.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju1B.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe" = C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient -- (Turbine, Inc.)
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju13D.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju13D.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju8C.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju8C.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Program Files\Garena Messenger\Apps\lol\Air\LolClient.exe" = C:\Program Files\Garena Messenger\Apps\lol\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"C:\Program Files\Garena Messenger\Apps\lol\Game\League of Legends.exe" = C:\Program Files\Garena Messenger\Apps\lol\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files\Garena Messenger\Room\garena_room.exe" = C:\Program Files\Garena Messenger\Room\garena_room.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\DFIGames\Dragonfly\Special Force\SpecialForce.exe" = C:\Program Files\DFIGames\Dragonfly\Special Force\SpecialForce.exe:*:Enabled:SpecialForce
"C:\Program Files\Garena Messenger\Apps\HoN\hon.exe" = C:\Program Files\Garena Messenger\Apps\HoN\hon.exe:*:Enabled:Heroes of Newerth -- (S2 Games)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo
"C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe" = C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe:*:Enabled:CityScape
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\MSMT84F9DH.exe" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\MSMT84F9DH.exe:*:Enabled:Windows Messanger
"C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe" = C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe:*:Enabled:Windows Messanger -- (qKFtZijhm)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{015536C0-151E-A1DF-1E2A-150A0341DE54}" = Antivirus 2010
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06B4C5C0-05C4-49C9-9D1F-24822D86EBF5}" = SpecialForce
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.1
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BA9D546-B0E3-4549-BB2E-3F4FF65A1B81}" = YouTube Downloader Toolbar v4.4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9EB5FC-1155-497B-9AF9-D1AB20382B10}" = STOPzilla
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DDF83FDD-89DB-47A4-A541-DD88C52F625A}" = Razer DeathAdder Black Edition Mouse
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.04.8007
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AMX Mod X Installer" = AMX Mod X Installer 1.8.1
"Any Video Converter_is1" = Any Video Converter 3.2.3
"Ares" = Ares 2.1.7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Condition Zero" = Condition Zero
"Defraggler" = Defraggler
"Fraps" = Fraps
"Garena" = Garena 2010
"Garena Messenger" = Garena - League of Legends
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HoN" = Garena - Heroes of Newerth
"ie8" = Windows Internet Explorer 8
"im" = Garena Messenger
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full)
"LimeWire" = LimeWire 5.5.16
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NSIS_cald3" = Cambridge Advanced Learner's Dictionary - 3rd Edition
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Opera 11.10.2092" = Opera 11.10
"QUICKfind" = QUICKfind server v1.1
"QuicktimeAlt_is1" = QuickTime Alternative 3.0.1
"RealAlt_is1" = Real Alternative 2.0.1
"RocketDock_is1" = RocketDock 1.3.5
"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
"uTorrent" = µTorrent
"Warkeys" = Warkeys 1.15.3.0b
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AikaOnline" = AikaOnline
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"LotRO MIDI Player" = LotRO MIDI Player
"Warcraft III" = Warcraft III: All Products
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2011 4:26:19 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 8:14:25 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 9:13:06 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 8:14:39 PM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 10:50:54 PM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 10:51:17 PM | Computer Name = CMZUL-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x24017c1e.

Error - 6/21/2011 1:49:23 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/21/2011 4:20:25 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/21/2011 4:35:59 AM | Computer Name = CMZUL-PC | Source = Application Error | ID = 1000
Description = Faulting application test.exe, version 0.0.0.0, faulting module test.exe,
version 0.0.0.0, fault address 0x000028c3.

Error - 6/21/2011 8:07:15 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

[ Application Events ]
Error - 6/20/2011 4:26:19 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 8:14:25 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 9:13:06 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 8:14:39 PM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 10:50:54 PM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 10:51:17 PM | Computer Name = CMZUL-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x24017c1e.

Error - 6/21/2011 1:49:23 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/21/2011 4:20:25 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/21/2011 4:35:59 AM | Computer Name = CMZUL-PC | Source = Application Error | ID = 1000
Description = Faulting application test.exe, version 0.0.0.0, faulting module test.exe,
version 0.0.0.0, fault address 0x000028c3.

Error - 6/21/2011 8:07:15 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 6/21/2011 4:19:51 AM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 6/21/2011 8:06:53 AM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 6/21/2011 6:56:46 PM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 6/21/2011 9:31:37 PM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 6/22/2011 1:29:06 AM | Computer Name = CMZUL-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/22/2011 1:29:06 AM | Computer Name = CMZUL-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/22/2011 1:29:09 AM | Computer Name = CMZUL-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/22/2011 1:29:09 AM | Computer Name = CMZUL-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/22/2011 1:29:12 AM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 6/22/2011 2:00:22 AM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058


< End of report >
This is the Otl.txt
OTL Extras logfile created on: 6/22/2011 2:15:30 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Zulkifli\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 78.23% Memory free
5.09 Gb Paging File | 4.49 Gb Available in Paging File | 88.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 117.71 Gb Free Space | 60.27% Space Free | Partition Type: NTFS
Drive D: | 270.44 Gb Total Space | 270.07 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive E: | 76.69 Gb Total Space | 76.62 Gb Free Space | 99.91% Space Free | Partition Type: NTFS

Computer Name: CMZUL-PC | User Name: Zulkifli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UACDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58075:TCP" = 58075:TCP:*:Enabled:Pando Media Booster
"58075:UDP" = 58075:UDP:*:Enabled:Pando Media Booster
"58198:TCP" = 58198:TCP:*:Enabled:Pando Media Booster
"58198:UDP" = 58198:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"56623:TCP" = 56623:TCP:*:Enabled:Pando Media Booster
"56623:UDP" = 56623:UDP:*:Enabled:Pando Media Booster
"57904:TCP" = 57904:TCP:*:Enabled:Pando Media Booster
"57904:UDP" = 57904:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"58075:TCP" = 58075:TCP:*:Enabled:Pando Media Booster
"58075:UDP" = 58075:UDP:*:Enabled:Pando Media Booster
"58198:TCP" = 58198:TCP:*:Enabled:Pando Media Booster
"58198:UDP" = 58198:UDP:*:Enabled:Pando Media Booster
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"8370:TCP" = 8370:TCP:*:Enabled:League of Legends Launcher
"8370:UDP" = 8370:UDP:*:Enabled:League of Legends Launcher
"6883:TCP" = 6883:TCP:*:Enabled:League of Legends Launcher
"6883:UDP" = 6883:UDP:*:Enabled:League of Legends Launcher
"6981:TCP" = 6981:TCP:*:Enabled:League of Legends Launcher
"6981:UDP" = 6981:UDP:*:Enabled:League of Legends Launcher
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\Valve\Condition Zero\hl.exe" = C:\Valve\Condition Zero\hl.exe:*:Disabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\WIZET\MapleStory\hshield\HSUpdate.exe" = C:\Program Files\WIZET\MapleStory\hshield\HSUpdate.exe:*:Disabled:HSUpdate
"C:\Program Files\WIZET\MapleStory\Patcher.exe" = C:\Program Files\WIZET\MapleStory\Patcher.exe:*:Disabled:Patcher MFC ?? ????
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Valve\Condition Zero\hlds.exe" = C:\Valve\Condition Zero\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)
"C:\HLDS\hlds.exe" = C:\HLDS\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)
"C:\Program Files\Left 4 Dead 2\left4dead2.exe" = C:\Program Files\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2
"C:\Program Files\Garena beta 4.0\Garena.exe" = C:\Program Files\Garena beta 4.0\Garena.exe:*:Enabled:Garena
"C:\gPotato.com\Allods Online\bin\LAUNCHER0.exe.EXE" = C:\gPotato.com\Allods Online\bin\LAUNCHER0.exe.EXE:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\launcher-broken.EXE" = C:\gPotato.com\Allods Online\bin\launcher-broken.EXE:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\Launcher.exe.exe" = C:\gPotato.com\Allods Online\bin\Launcher.exe.exe:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\Launcher0.exe" = C:\gPotato.com\Allods Online\bin\Launcher0.exe:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\Allods Online\bin\Launcher.exe" = C:\gPotato.com\Allods Online\bin\Allods Online\bin\Launcher.exe:*:Enabled:Allods Online launcher.exe
"C:\gPotato.com\Allods Online\bin\Allods Online\bin\AOgame.exe" = C:\gPotato.com\Allods Online\bin\Allods Online\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe
"C:\gPotato.com\Allods Online\bin\LAUNCHER.EXE" = C:\gPotato.com\Allods Online\bin\LAUNCHER.EXE:*:Enabled:Allods Online launcher.exe
"C:\gPotato.com\Allods Online\bin\AOgame.exe" = C:\gPotato.com\Allods Online\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe
"C:\gPotato.com\Allods Online\bin\bin\Launcher.exe" = C:\gPotato.com\Allods Online\bin\bin\Launcher.exe:*:Enabled:Allods Online launcher.exe
"C:\gPotato.com\Allods Online\bin\bin\AOgame.exe" = C:\gPotato.com\Allods Online\bin\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe
"C:\gPotato.com\Allods Online\bin\Launcher00.exe" = C:\gPotato.com\Allods Online\bin\Launcher00.exe:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\bin\Launcher0.exe" = C:\gPotato.com\Allods Online\bin\bin\Launcher0.exe:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\Launcher000.exe" = C:\gPotato.com\Allods Online\bin\Launcher000.exe:*:Enabled:Allods Launcher
"C:\Program Files\CABAL Online (SG MY)\launcher\update\ESTdnheadless.exe" = C:\Program Files\CABAL Online (SG MY)\launcher\update\ESTdnheadless.exe:*:Disabled:EST! download engine
"L:\Allods Online\bin\Launcher0.exe" = L:\Allods Online\bin\Launcher0.exe:*:Enabled:Allods Launcher
"L:\Allods Online\bin\Launcher.exe" = L:\Allods Online\bin\Launcher.exe:*:Enabled:Allods Launcher
"C:\Program Files\MAIET\Gunz\GunzLauncher.exe" = C:\Program Files\MAIET\Gunz\GunzLauncher.exe:*:Enabled:Gunz
"C:\Program Files\ijji\ijji REACTOR\REACTOR.exe" = C:\Program Files\ijji\ijji REACTOR\REACTOR.exe:*:Enabled:Reactor Application
"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\ijji\ENGLISH\Gunz\Gunz.exe" = C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Disabled:Gunz
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver
"L:\Allods Online\BIN\Launcher000.exe" = L:\Allods Online\BIN\Launcher000.exe:*:Enabled:Allods Launcher
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe" = C:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju3A.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju3A.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\xxxwrp010yyzz\bin\javaw.exe" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\xxxwrp010yyzz\bin\javaw.exe:*:enabled:@xpsp2res.dll,-22019
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju42.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju42.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju4A.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju4A.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows -- (Ares Development Group)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
"C:\Documents and Settings\Zulkifli\Desktop\Wtv\wtvClient.exe" = C:\Documents and Settings\Zulkifli\Desktop\Wtv\wtvClient.exe:*:Enabled:wtvClient
"C:\frozen throne 1.24b\Wtv\wtvClient.exe" = C:\frozen throne 1.24b\Wtv\wtvClient.exe:*:Enabled:wtvClient -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju91.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju91.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju1B.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju1B.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe" = C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient -- (Turbine, Inc.)
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju13D.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju13D.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju8C.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju8C.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Program Files\Garena Messenger\Apps\lol\Air\LolClient.exe" = C:\Program Files\Garena Messenger\Apps\lol\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"C:\Program Files\Garena Messenger\Apps\lol\Game\League of Legends.exe" = C:\Program Files\Garena Messenger\Apps\lol\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files\Garena Messenger\Room\garena_room.exe" = C:\Program Files\Garena Messenger\Room\garena_room.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\DFIGames\Dragonfly\Special Force\SpecialForce.exe" = C:\Program Files\DFIGames\Dragonfly\Special Force\SpecialForce.exe:*:Enabled:SpecialForce
"C:\Program Files\Garena Messenger\Apps\HoN\hon.exe" = C:\Program Files\Garena Messenger\Apps\HoN\hon.exe:*:Enabled:Heroes of Newerth -- (S2 Games)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo
"C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe" = C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe:*:Enabled:CityScape
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\MSMT84F9DH.exe" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\MSMT84F9DH.exe:*:Enabled:Windows Messanger
"C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe" = C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe:*:Enabled:Windows Messanger -- (qKFtZijhm)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{015536C0-151E-A1DF-1E2A-150A0341DE54}" = Antivirus 2010
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06B4C5C0-05C4-49C9-9D1F-24822D86EBF5}" = SpecialForce
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.1
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BA9D546-B0E3-4549-BB2E-3F4FF65A1B81}" = YouTube Downloader Toolbar v4.4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9EB5FC-1155-497B-9AF9-D1AB20382B10}" = STOPzilla
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DDF83FDD-89DB-47A4-A541-DD88C52F625A}" = Razer DeathAdder Black Edition Mouse
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.04.8007
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AMX Mod X Installer" = AMX Mod X Installer 1.8.1
"Any Video Converter_is1" = Any Video Converter 3.2.3
"Ares" = Ares 2.1.7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Condition Zero" = Condition Zero
"Defraggler" = Defraggler
"Fraps" = Fraps
"Garena" = Garena 2010
"Garena Messenger" = Garena - League of Legends
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HoN" = Garena - Heroes of Newerth
"ie8" = Windows Internet Explorer 8
"im" = Garena Messenger
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full)
"LimeWire" = LimeWire 5.5.16
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NSIS_cald3" = Cambridge Advanced Learner's Dictionary - 3rd Edition
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Opera 11.10.2092" = Opera 11.10
"QUICKfind" = QUICKfind server v1.1
"QuicktimeAlt_is1" = QuickTime Alternative 3.0.1
"RealAlt_is1" = Real Alternative 2.0.1
"RocketDock_is1" = RocketDock 1.3.5
"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
"uTorrent" = µTorrent
"Warkeys" = Warkeys 1.15.3.0b
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AikaOnline" = AikaOnline
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"LotRO MIDI Player" = LotRO MIDI Player
"Warcraft III" = Warcraft III: All Products
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2011 4:26:19 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 8:14:25 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 9:13:06 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 8:14:39 PM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 10:50:54 PM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 10:51:17 PM | Computer Name = CMZUL-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x24017c1e.

Error - 6/21/2011 1:49:23 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/21/2011 4:20:25 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/21/2011 4:35:59 AM | Computer Name = CMZUL-PC | Source = Application Error | ID = 1000
Description = Faulting application test.exe, version 0.0.0.0, faulting module test.exe,
version 0.0.0.0, fault address 0x000028c3.

Error - 6/21/2011 8:07:15 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

[ Application Events ]
Error - 6/20/2011 4:26:19 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 8:14:25 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 9:13:06 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 8:14:39 PM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 10:50:54 PM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 10:51:17 PM | Computer Name = CMZUL-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x24017c1e.

Error - 6/21/2011 1:49:23 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/21/2011 4:20:25 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/21/2011 4:35:59 AM | Computer Name = CMZUL-PC | Source = Application Error | ID = 1000
Description = Faulting application test.exe, version 0.0.0.0, faulting module test.exe,
version 0.0.0.0, fault address 0x000028c3.

Error - 6/21/2011 8:07:15 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 6/21/2011 4:19:51 AM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 6/21/2011 8:06:53 AM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 6/21/2011 6:56:46 PM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 6/21/2011 9:31:37 PM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 6/22/2011 1:29:06 AM | Computer Name = CMZUL-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/22/2011 1:29:06 AM | Computer Name = CMZUL-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/22/2011 1:29:09 AM | Computer Name = CMZUL-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/22/2011 1:29:09 AM | Computer Name = CMZUL-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/22/2011 1:29:12 AM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 6/22/2011 2:00:22 AM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058


< End of report >
  • 0

#4
h1._.n1a
Posted 22 June 2011 - 12:33 AM

h1._.n1a

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
oh and this came out back
O4 - HKLM\..\Policies\Explorer\Run: [Java] C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe
O4 - HKCU\..\Run: [MSWUpdate] "C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe"
  • 0

#5
RKinner
Posted 22 June 2011 - 01:12 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I need the OTL log. Looks like you gave me the Extras log twice.

Ron
  • 0

#6
h1._.n1a
Posted 22 June 2011 - 01:23 AM

h1._.n1a

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
oh sory..here is the Otl log

OTL logfile created on: 6/22/2011 2:15:30 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Zulkifli\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 78.23% Memory free
5.09 Gb Paging File | 4.49 Gb Available in Paging File | 88.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 117.71 Gb Free Space | 60.27% Space Free | Partition Type: NTFS
Drive D: | 270.44 Gb Total Space | 270.07 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive E: | 76.69 Gb Total Space | 76.62 Gb Free Space | 99.91% Space Free | Partition Type: NTFS

Computer Name: CMZUL-PC | User Name: Zulkifli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/22 14:12:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zulkifli\My Documents\Downloads\OTL.exe
PRC - [2011/06/20 08:15:23 | 000,579,080 | ---- | M] (qKFtZijhm) -- C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe
PRC - [2011/06/14 07:52:23 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Zulkifli\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/05/30 20:40:58 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/05/06 18:15:20 | 000,532,320 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/05/06 17:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/04/20 19:18:31 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2010/11/30 18:13:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/27 17:00:02 | 001,015,808 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/26 02:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
PRC - [2008/04/14 12:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (SafeList) ==========

MOD - [2011/06/22 14:12:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zulkifli\My Documents\Downloads\OTL.exe
MOD - [2011/02/22 13:57:42 | 000,406,800 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFWAH.dll
MOD - [2010/08/24 00:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (userinit)
SRV - File not found [Auto | Stopped] -- -- (GarenaCIG)
SRV - File not found [Disabled | Stopped] -- -- (cFosSpeedS)
SRV - [2011/05/30 20:40:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/05/06 17:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/04/20 19:18:31 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/18 15:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/03/03 06:23:00 | 003,760,184 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/11/04 23:35:32 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV - [2011/04/20 19:18:33 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/01 14:34:46 | 000,009,856 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DABlack.sys -- (DABlackFltr)
DRV - [2010/11/30 18:13:39 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/01 00:16:40 | 000,010,240 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VKbms.sys -- (VKbms)
DRV - [2010/09/25 12:55:46 | 000,006,656 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/06/08 17:16:26 | 006,056,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/22 16:30:22 | 000,222,672 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/03/17 12:26:18 | 000,974,040 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfosspeed.sys -- (cFosSpeed)
DRV - [2010/02/24 15:06:36 | 000,173,328 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/10/17 16:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2008/10/17 16:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2007/12/12 14:35:46 | 000,212,992 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2007/09/20 18:07:40 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/09/20 18:07:38 | 000,053,632 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.flashget.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:5.0
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.7
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.8.5
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: [email protected]:4.4
FF - prefs.js..keyword.URL: "http://malaysia.sear...type=937811&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/22 07:44:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/17 08:15:49 | 000,000,000 | ---D | M]

[2009/11/21 22:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Extensions
[2009/11/21 22:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Extensions\[email protected]
[2011/06/20 21:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Firefox\Profiles\f2nftlk7.default\extensions
[2009/11/04 22:16:19 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Firefox\Profiles\f2nftlk7.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/11/04 22:16:19 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Firefox\Profiles\f2nftlk7.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/06/23 19:23:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Firefox\Profiles\f2nftlk7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/22 12:19:34 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Firefox\Profiles\f2nftlk7.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2009/11/08 04:54:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Firefox\Profiles\f2nftlk7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/04 22:16:19 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Firefox\Profiles\f2nftlk7.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/06/08 11:28:50 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Firefox\Profiles\f2nftlk7.default\searchplugins\conduit.xml
[2011/06/20 21:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/27 21:13:50 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
[2010/12/02 20:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/22 07:44:58 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Program Files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2011/05/24 16:01:43 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011/05/24 16:01:43 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF
[2008/09/10 01:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

O1 HOSTS File: ([2010/07/18 11:58:31 | 000,001,604 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - No CLSID value found.
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DeathAdder] File not found
O4 - HKLM..\Run: [DeathAdderBlackEdition] File not found
O4 - HKLM..\Run: [INPProtect] File not found
O4 - HKLM..\Run: [Java] C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe (qKFtZijhm)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SycReg] File not found
O4 - HKLM..\Run: [syshost.exe] File not found
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [INPProtect] File not found
O4 - HKCU..\Run: [Java] C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe (qKFtZijhm)
O4 - HKCU..\Run: [MSWUpdate] File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [svchost] File not found
O4 - HKCU..\Run: [SycReg] File not found
O4 - HKCU..\Run: [syshost.exe] File not found
O4 - HKCU..\Run: [syshostmon.exe] File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Zulkifli\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Java = C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe (qKFtZijhm)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Zulkifli/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 () - file:///C:/DOCUME~1/Zulkifli/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Zulkifli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Zulkifli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/03 22:18:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/30 20:29:59 | 000,000,000 | ---D | M] - D:\Auto-Joiner -- [ NTFS ]
O33 - MountPoints2\{1b49b0cc-f291-11de-8949-00219798c855}\Shell\AutoRun\command - "" = F:\SysAnti.exe
O33 - MountPoints2\{1b49b0cc-f291-11de-8949-00219798c855}\Shell\Explore\Command - "" = F:\SysAnti.exe
O33 - MountPoints2\{1b49b0cc-f291-11de-8949-00219798c855}\Shell\Open\Command - "" = F:\SysAnti.exe
O33 - MountPoints2\{20dc7004-1138-11df-8986-00219798c855}\Shell\AutoRun\command - "" = tmp\winfix.exe
O33 - MountPoints2\{20dc7004-1138-11df-8986-00219798c855}\Shell\OpEn\cOMmAnD - "" = tmp\winfix.exe
O33 - MountPoints2\{33035190-eb2f-11df-8b69-00219798c855}\Shell\AutoRun\command - "" = SysAnti.exe
O33 - MountPoints2\{33035190-eb2f-11df-8b69-00219798c855}\Shell\Explore\Command - "" = SysAnti.exe
O33 - MountPoints2\{33035190-eb2f-11df-8b69-00219798c855}\Shell\Open\Command - "" = SysAnti.exe
O33 - MountPoints2\{33035191-eb2f-11df-8b69-00219798c855}\Shell\AutoRun\command - "" = F:\SysAnti.exe
O33 - MountPoints2\{33035191-eb2f-11df-8b69-00219798c855}\Shell\Explore\Command - "" = F:\SysAnti.exe
O33 - MountPoints2\{33035191-eb2f-11df-8b69-00219798c855}\Shell\Open\Command - "" = F:\SysAnti.exe
O33 - MountPoints2\{df4a926a-c90e-11de-88d8-00219798c855}\Shell\AutoRun\command - "" = thumbs_cache/instalador.exe
O33 - MountPoints2\{df4a926a-c90e-11de-88d8-00219798c855}\Shell\explore\command - "" = thumbs_cache/instalador.exe
O33 - MountPoints2\{df4a926a-c90e-11de-88d8-00219798c855}\Shell\open\command - "" = thumbs_cache/instalador.exe
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/22 11:54:20 | 001,220,608 | RHS- | C] (Furman) -- C:\Documents and Settings\Zulkifli\Application Data\yncvbc.exe
[2011/06/22 11:02:49 | 001,220,608 | RHS- | C] (Furman) -- C:\Documents and Settings\Zulkifli\Application Data\vegfnw.exe
[2011/06/22 11:02:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Application Data\Kerouac
[2011/06/22 11:00:06 | 001,220,608 | ---- | C] (Furman) -- C:\Documents and Settings\Zulkifli\Application Data\xsfoye.exe
[2011/06/21 21:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThreatFire
[2011/06/21 21:44:29 | 000,069,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/06/21 21:44:29 | 000,051,984 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/06/21 21:44:29 | 000,033,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/06/21 21:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2011/06/21 21:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/06/21 09:26:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Zulkifli\Recent
[2011/06/20 16:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Start Menu\Programs\HiJackThis
[2011/06/20 16:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2011/06/20 15:10:36 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/06/20 08:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Application Data\Java
[2011/06/19 10:41:09 | 000,414,223 | -H-- | C] (ICQ, LLC.) -- C:\Documents and Settings\Zulkifli\Application Data\iWin.exe
[2011/06/19 09:47:00 | 000,000,000 | ---D | C] -- C:\dir
[2011/06/19 00:37:25 | 000,159,744 | ---- | C] (67885498765567) -- C:\Documents and Settings\Zulkifli\Application Data\luydms.exe
[2011/06/17 09:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Local Settings\Application Data\SkypeFx
[2011/06/17 09:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Local Settings\Application Data\IsolatedStorage
[2011/06/16 15:28:52 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Zulkifli\Desktop\TDSSKiller.exe
[2011/06/13 21:59:11 | 000,009,856 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\System32\drivers\DABlack.sys
[2011/06/13 21:59:04 | 000,073,728 | ---- | C] (Razer Inc.) -- C:\WINDOWS\System32\DeathAdderBlackEdition.cpl
[2011/06/13 21:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Application Data\Razer
[2011/06/13 21:44:44 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2011/06/13 21:44:27 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01009.dll
[2011/06/13 21:44:27 | 000,010,240 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\VKbms.sys
[2011/06/13 21:44:27 | 000,006,656 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\hidkmdf.sys
[2011/06/13 21:44:26 | 000,073,728 | ---- | C] (Razer Inc.) -- C:\WINDOWS\System32\DeathAdder.cpl
[2011/06/13 21:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Razer
[2011/06/13 21:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Razer
[2011/06/13 21:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Application Data\InstallShield
[2011/06/07 19:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Application Data\ooVoo Details
[2011/05/31 08:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Desktop\Auto-Joiner
[2011/05/30 20:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Desktop\My Shared Folder
[2011/05/30 15:02:28 | 000,000,000 | ---D | C] -- C:\WinASO
[2011/05/29 14:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Application Data\go
[2011/05/29 14:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2011/05/24 16:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Application Data\Search Settings
[2011/05/24 16:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/05/24 16:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/22 14:09:58 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Desktop\HiJackThis.lnk
[2011/06/22 14:06:45 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/22 14:06:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/22 14:06:40 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/22 14:01:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/22 14:00:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/22 13:56:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1220945662-1417001333-1005UA.job
[2011/06/22 13:36:45 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1220945662-1417001333-1003UA.job
[2011/06/22 11:56:33 | 001,220,608 | RHS- | M] (Furman) -- C:\Documents and Settings\Zulkifli\Application Data\yncvbc.exe
[2011/06/22 11:05:11 | 001,220,608 | RHS- | M] (Furman) -- C:\Documents and Settings\Zulkifli\Application Data\vegfnw.exe
[2011/06/22 11:02:09 | 001,220,608 | ---- | M] (Furman) -- C:\Documents and Settings\Zulkifli\Application Data\xsfoye.exe
[2011/06/22 11:00:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2011/06/22 10:56:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1220945662-1417001333-1005Core.job
[2011/06/21 21:35:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1220945662-1417001333-1003Core.job
[2011/06/21 19:05:05 | 000,045,202 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\room_v3.dat
[2011/06/21 19:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule_219.job
[2011/06/21 19:00:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/06/21 18:39:57 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/21 17:22:11 | 000,001,055 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk
[2011/06/20 21:41:23 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/20 21:41:22 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Desktop\Google Chrome.lnk
[2011/06/20 21:04:33 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Zulkifli\Desktop\TDSSKiller.exe
[2011/06/20 20:35:53 | 000,013,824 | -H-- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\mybot.exe
[2011/06/20 17:21:24 | 000,414,223 | -H-- | M] (ICQ, LLC.) -- C:\Documents and Settings\Zulkifli\Application Data\iWin.exe
[2011/06/20 16:47:12 | 000,023,040 | -H-- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\serve1.exe
[2011/06/20 11:04:58 | 000,313,344 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\chrtmp
[2011/06/19 09:52:26 | 000,143,360 | -H-- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\dfsda.exe
[2011/06/19 08:42:37 | 000,454,656 | -H-- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\istealer.exe
[2011/06/19 00:37:36 | 000,159,744 | ---- | M] (67885498765567) -- C:\Documents and Settings\Zulkifli\Application Data\luydms.exe
[2011/06/16 11:47:14 | 000,443,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/16 11:47:14 | 000,071,940 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/16 10:01:32 | 000,001,843 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Desktop\HsTZSDw4avx.gif
[2011/06/15 19:04:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 19:01:17 | 000,000,480 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Zulkifli.job
[2011/06/13 21:51:25 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/13 21:44:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_VKbms_01009.Wdf
[2011/06/13 21:44:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/06/10 01:16:44 | 000,075,360 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Desktop\199282_194504783914029_100000635271310_546977_6863575_n.jpg
[2011/06/05 22:25:12 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Desktop\Garena.lnk
[2011/05/31 06:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/25 03:06:50 | 000,046,658 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\room.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/20 16:47:11 | 000,023,040 | -H-- | C] () -- C:\Documents and Settings\Zulkifli\Application Data\serve1.exe
[2011/06/20 16:12:53 | 000,002,565 | ---- | C] () -- C:\Documents and Settings\Zulkifli\Desktop\HiJackThis.lnk
[2011/06/19 09:52:13 | 000,143,360 | -H-- | C] () -- C:\Documents and Settings\Zulkifli\Application Data\dfsda.exe
[2011/06/19 08:51:23 | 000,013,824 | -H-- | C] () -- C:\Documents and Settings\Zulkifli\Application Data\mybot.exe
[2011/06/19 08:43:16 | 000,313,344 | ---- | C] () -- C:\Documents and Settings\Zulkifli\Application Data\chrtmp
[2011/06/19 08:42:10 | 000,454,656 | -H-- | C] () -- C:\Documents and Settings\Zulkifli\Application Data\istealer.exe
[2011/06/16 09:44:32 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\Zulkifli\Desktop\HsTZSDw4avx.gif
[2011/06/13 21:44:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_VKbms_01009.Wdf
[2011/06/13 21:44:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/06/13 21:44:46 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/06/10 01:16:23 | 000,075,360 | ---- | C] () -- C:\Documents and Settings\Zulkifli\Desktop\199282_194504783914029_100000635271310_546977_6863575_n.jpg
[2011/05/27 01:26:15 | 000,045,202 | ---- | C] () -- C:\Documents and Settings\Zulkifli\Application Data\room_v3.dat
[2011/03/22 21:32:43 | 000,046,658 | ---- | C] () -- C:\Documents and Settings\Zulkifli\Application Data\room.dat
[2011/02/13 11:00:17 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2011/01/21 23:22:00 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/21 23:21:57 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/21 23:21:57 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/21 23:21:42 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/15 14:32:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\EGameEncrypt.dll
[2011/01/13 18:12:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/22 14:19:33 | 000,000,292 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2010/12/22 07:45:24 | 000,000,891 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2010/12/22 07:44:53 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/12/18 16:58:02 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/12/11 04:17:13 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Zulkifli\Local Settings\Application Data\fusioncache.dat
[2010/10/12 10:29:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbmaaaba.sys
[2010/10/11 20:21:40 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.wtav
[2010/09/14 10:04:15 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/05/15 15:44:20 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/16 07:56:38 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\uc_karos_launching.dll
[2010/04/15 11:41:33 | 000,000,050 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2010/01/13 15:09:37 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/12/23 02:29:58 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\Zulkifli\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/17 13:01:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2009/11/06 20:51:17 | 000,657,191 | ---- | C] () -- C:\WINDOWS\Condition Zero Uninstaller.exe
[2009/11/05 14:19:15 | 000,064,440 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2009/11/04 21:42:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/04 17:12:24 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/04 17:12:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/04 17:12:20 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/04 17:12:20 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/04 17:12:18 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/04 14:56:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/04 06:04:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/04 06:01:20 | 002,092,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/03 23:22:17 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/11/03 22:20:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/03 22:15:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/10/07 13:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/14 12:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 12:41:26 | 000,273,856 | ---- | C] () -- C:\WINDOWS\System32\msqdpqcb.dll
[2007/01/23 20:11:20 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\QFClient2.dll
[2006/12/31 14:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 19:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 19:00:00 | 000,443,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 19:00:00 | 000,071,940 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 19:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
  • 0

#7
RKinner
Posted 22 June 2011 - 01:37 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)
2. Click the "Configuration" link on the main screen. This opens the configuration panel.
3. Check the "Expert mode" option.
4. Click on General > Security.
5. *Uncheck* the option titled "Protect files and registry entries from manipulation".
6. Click the "OK" button.
7. Reboot your computer.


:Services
userinit
GarenaCIG
cFosSpeedS

:OTL
PRC - [2011/06/20 08:15:23 | 000,579,080 | ---- | M] (qKFtZijhm) -- C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe
SRV - File not found [Disabled | Stopped] -- -- (userinit)
SRV - File not found [Auto | Stopped] -- -- (GarenaCIG)
SRV - File not found [Disabled | Stopped] -- -- (cFosSpeedS)
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - No CLSID value found.
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [DeathAdder] File not found
O4 - HKLM..\Run: [DeathAdderBlackEdition] File not found
O4 - HKLM..\Run: [INPProtect] File not found
O4 - HKLM..\Run: [Java] C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe (qKFtZijhm)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SycReg] File not found
O4 - HKLM..\Run: [syshost.exe] File not found
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [INPProtect] File not found
O4 - HKCU..\Run: [Java] C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe (qKFtZijhm)
O4 - HKCU..\Run: [MSWUpdate] File not found
O4 - HKCU..\Run: [svchost] File not found
O4 - HKCU..\Run: [SycReg] File not found
O4 - HKCU..\Run: [syshost.exe] File not found
O4 - HKCU..\Run: [syshostmon.exe] File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O33 - MountPoints2\{1b49b0cc-f291-11de-8949-00219798c855}\Shell\AutoRun\command - "" = F:\SysAnti.exe
O33 - MountPoints2\{1b49b0cc-f291-11de-8949-00219798c855}\Shell\Explore\Command - "" = F:\SysAnti.exe
O33 - MountPoints2\{1b49b0cc-f291-11de-8949-00219798c855}\Shell\Open\Command - "" = F:\SysAnti.exe
O33 - MountPoints2\{20dc7004-1138-11df-8986-00219798c855}\Shell\AutoRun\command - "" = tmp\winfix.exe
O33 - MountPoints2\{20dc7004-1138-11df-8986-00219798c855}\Shell\OpEn\cOMmAnD - "" = tmp\winfix.exe
O33 - MountPoints2\{33035190-eb2f-11df-8b69-00219798c855}\Shell\AutoRun\command - "" = SysAnti.exe
O33 - MountPoints2\{33035190-eb2f-11df-8b69-00219798c855}\Shell\Explore\Command - "" = SysAnti.exe
O33 - MountPoints2\{33035190-eb2f-11df-8b69-00219798c855}\Shell\Open\Command - "" = SysAnti.exe
O33 - MountPoints2\{33035191-eb2f-11df-8b69-00219798c855}\Shell\AutoRun\command - "" = F:\SysAnti.exe
O33 - MountPoints2\{33035191-eb2f-11df-8b69-00219798c855}\Shell\Explore\Command - "" = F:\SysAnti.exe
O33 - MountPoints2\{33035191-eb2f-11df-8b69-00219798c855}\Shell\Open\Command - "" = F:\SysAnti.exe
O33 - MountPoints2\{df4a926a-c90e-11de-88d8-00219798c855}\Shell\AutoRun\command - "" = thumbs_cache/instalador.exe
O33 - MountPoints2\{df4a926a-c90e-11de-88d8-00219798c855}\Shell\explore\command - "" = thumbs_cache/instalador.exe
O33 - MountPoints2\{df4a926a-c90e-11de-88d8-00219798c855}\Shell\open\command - "" = thumbs_cache/instalador.exe
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a

:files
C:\Documents and Settings\Zulkifli\Application Data\Java\
C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe
C:\tmp\winfix.exe

    
:Commands
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Ron
PS Going to bed now.
  • 0

#8
h1._.n1a
Posted 22 June 2011 - 01:45 AM

h1._.n1a

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ok will try and reply tmrow
  • 0

#9
h1._.n1a
Posted 22 June 2011 - 06:39 AM

h1._.n1a

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
this is the log from rebooting pc after running fix from OTL

========== SERVICES/DRIVERS ==========
Service userinit stopped successfully!
Service userinit deleted successfully!
Service GarenaCIG stopped successfully!
Service GarenaCIG deleted successfully!
Service cFosSpeedS stopped successfully!
Service cFosSpeedS deleted successfully!
========== OTL ==========
Process Nice.exe killed successfully!
Error: No service named userinit was found to stop!
Service\Driver key userinit not found.
Error: No service named GarenaCIG was found to stop!
Service\Driver key GarenaCIG not found.
Error: No service named cFosSpeedS was found to stop!
Service\Driver key cFosSpeedS not found.
Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ deleted successfully.
C:\Program Files\Softonic-Eng7\prxtbSof2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C08DF07A-3E49-4E25-9AB0-D3882835F153}\ deleted successfully.
C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3215F20-3212-11D6-9F8B-00D0B743919D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully.
C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4971EE7-DAA0-4053-9964-665D8EE6A077}\ deleted successfully.
File move failed. C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.
File Eng7\prxtbSof2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
File C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}\ not found.
File Eng7\prxtbSof2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DeathAdder deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DeathAdderBlackEdition deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\INPProtect deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Java deleted successfully.
C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SycReg deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\syshost.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ares deleted successfully.
C:\Program Files\Ares\Ares.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\INPProtect deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Java deleted successfully.
File C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSWUpdate deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\svchost deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SycReg deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\syshost.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\syshostmon.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL deleted successfully.
C:\WINDOWS\system32\cmd.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b49b0cc-f291-11de-8949-00219798c855}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b49b0cc-f291-11de-8949-00219798c855}\ not found.
File F:\SysAnti.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b49b0cc-f291-11de-8949-00219798c855}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b49b0cc-f291-11de-8949-00219798c855}\ not found.
File F:\SysAnti.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b49b0cc-f291-11de-8949-00219798c855}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b49b0cc-f291-11de-8949-00219798c855}\ not found.
File F:\SysAnti.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20dc7004-1138-11df-8986-00219798c855}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20dc7004-1138-11df-8986-00219798c855}\ not found.
File tmp\winfix.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20dc7004-1138-11df-8986-00219798c855}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20dc7004-1138-11df-8986-00219798c855}\ not found.
File tmp\winfix.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33035190-eb2f-11df-8b69-00219798c855}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33035190-eb2f-11df-8b69-00219798c855}\ not found.
File SysAnti.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33035190-eb2f-11df-8b69-00219798c855}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33035190-eb2f-11df-8b69-00219798c855}\ not found.
File SysAnti.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33035190-eb2f-11df-8b69-00219798c855}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33035190-eb2f-11df-8b69-00219798c855}\ not found.
File SysAnti.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33035191-eb2f-11df-8b69-00219798c855}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33035191-eb2f-11df-8b69-00219798c855}\ not found.
File F:\SysAnti.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33035191-eb2f-11df-8b69-00219798c855}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33035191-eb2f-11df-8b69-00219798c855}\ not found.
File F:\SysAnti.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33035191-eb2f-11df-8b69-00219798c855}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33035191-eb2f-11df-8b69-00219798c855}\ not found.
File F:\SysAnti.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df4a926a-c90e-11de-88d8-00219798c855}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df4a926a-c90e-11de-88d8-00219798c855}\ not found.
File thumbs_cache/instalador.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df4a926a-c90e-11de-88d8-00219798c855}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df4a926a-c90e-11de-88d8-00219798c855}\ not found.
File thumbs_cache/instalador.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df4a926a-c90e-11de-88d8-00219798c855}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df4a926a-c90e-11de-88d8-00219798c855}\ not found.
File thumbs_cache/instalador.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.
File M:\LaunchU3.exe -a not found.
========== FILES ==========
C:\Documents and Settings\Zulkifli\Application Data\Java folder moved successfully.
File\Folder C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe not found.
File\Folder C:\tmp\winfix.exe not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.24.1 log created on 06222011_203111

Files\Folders moved on Reboot...
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll moved successfully.

Registry entries deleted on Reboot...
  • 0

#10
h1._.n1a
Posted 22 June 2011 - 07:07 AM

h1._.n1a

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
this is otl.txt

OTL logfile created on: 6/22/2011 8:41:09 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Zulkifli\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 80.10% Memory free
5.09 Gb Paging File | 4.60 Gb Available in Paging File | 90.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 117.81 Gb Free Space | 60.32% Space Free | Partition Type: NTFS
Drive D: | 270.44 Gb Total Space | 270.07 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive E: | 76.69 Gb Total Space | 76.62 Gb Free Space | 99.91% Space Free | Partition Type: NTFS

Computer Name: CMZUL-PC | User Name: Zulkifli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/22 14:12:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zulkifli\My Documents\Downloads\OTL.exe
PRC - [2011/06/14 07:52:23 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Zulkifli\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/05/30 20:40:58 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/05/06 17:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/04/20 19:18:31 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2010/11/30 18:13:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/26 02:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
PRC - [2008/04/14 12:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (SafeList) ==========

MOD - [2011/06/22 14:12:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zulkifli\My Documents\Downloads\OTL.exe
MOD - [2011/02/22 13:57:42 | 000,406,800 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFWAH.dll
MOD - [2010/08/24 00:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/30 20:40:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/05/06 17:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/04/20 19:18:31 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/18 15:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/03/03 06:23:00 | 003,760,184 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/11/04 23:35:32 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV - [2011/04/20 19:18:33 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/01 14:34:46 | 000,009,856 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DABlack.sys -- (DABlackFltr)
DRV - [2010/11/30 18:13:39 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/01 00:16:40 | 000,010,240 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VKbms.sys -- (VKbms)
DRV - [2010/09/25 12:55:46 | 000,006,656 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/06/08 17:16:26 | 006,056,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/22 16:30:22 | 000,222,672 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/03/17 12:26:18 | 000,974,040 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfosspeed.sys -- (cFosSpeed)
DRV - [2010/02/24 15:06:36 | 000,173,328 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/10/17 16:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2008/10/17 16:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2007/12/12 14:35:46 | 000,212,992 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2007/09/20 18:07:40 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/09/20 18:07:38 | 000,053,632 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.flashget.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:5.0
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.7
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.8.5
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.4
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:4.4
FF - prefs.js..keyword.URL: "http://malaysia.sear...type=937811&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/22 07:44:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/17 08:15:49 | 000,000,000 | ---D | M]

[2009/11/21 22:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Extensions
[2009/11/21 22:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Extensions\[email protected]
[2011/06/20 21:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Firefox\Profiles\f2nftlk7.default\extensions
[2009/11/04 22:16:19 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Firefox\Profiles\f2nftlk7.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/11/04 22:16:19 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Firefox\Profiles\f2nftlk7.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/06/23 19:23:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Firefox\Profiles\f2nftlk7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/22 12:19:34 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Firefox\Profiles\f2nftlk7.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2009/11/08 04:54:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Firefox\Profiles\f2nftlk7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/04 22:16:19 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Firefox\Profiles\f2nftlk7.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/06/08 11:28:50 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\Mozilla\Firefox\Profiles\f2nftlk7.default\searchplugins\conduit.xml
[2011/06/20 21:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/27 21:13:50 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
[2010/12/02 20:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/22 07:44:58 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Program Files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2011/05/24 16:01:43 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011/05/24 16:01:43 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF
[2008/09/10 01:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

O1 HOSTS File: ([2010/07/18 11:58:31 | 000,001,604 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Documents and Settings\Zulkifli\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Java = C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Zulkifli/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 () - file:///C:/DOCUME~1/Zulkifli/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Zulkifli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Zulkifli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/03 22:18:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/30 20:29:59 | 000,000,000 | ---D | M] - D:\Auto-Joiner -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/22 20:31:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/22 17:53:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Zulkifli\Recent
[2011/06/22 11:54:20 | 001,220,608 | RHS- | C] (Furman) -- C:\Documents and Settings\Zulkifli\Application Data\yncvbc.exe
[2011/06/22 11:02:49 | 001,220,608 | RHS- | C] (Furman) -- C:\Documents and Settings\Zulkifli\Application Data\vegfnw.exe
[2011/06/22 11:02:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Application Data\Kerouac
[2011/06/22 11:00:06 | 001,220,608 | ---- | C] (Furman) -- C:\Documents and Settings\Zulkifli\Application Data\xsfoye.exe
[2011/06/21 21:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThreatFire
[2011/06/21 21:44:29 | 000,069,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/06/21 21:44:29 | 000,051,984 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/06/21 21:44:29 | 000,033,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/06/21 21:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2011/06/21 21:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/06/20 16:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Start Menu\Programs\HiJackThis
[2011/06/20 16:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2011/06/20 15:10:36 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/06/19 10:41:09 | 000,414,223 | -H-- | C] (ICQ, LLC.) -- C:\Documents and Settings\Zulkifli\Application Data\iWin.exe
[2011/06/19 09:47:00 | 000,000,000 | ---D | C] -- C:\dir
[2011/06/19 00:37:25 | 000,159,744 | ---- | C] (67885498765567) -- C:\Documents and Settings\Zulkifli\Application Data\luydms.exe
[2011/06/17 09:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Local Settings\Application Data\SkypeFx
[2011/06/17 09:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Local Settings\Application Data\IsolatedStorage
[2011/06/16 15:28:52 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Zulkifli\Desktop\TDSSKiller.exe
[2011/06/13 21:59:11 | 000,009,856 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\System32\drivers\DABlack.sys
[2011/06/13 21:59:04 | 000,073,728 | ---- | C] (Razer Inc.) -- C:\WINDOWS\System32\DeathAdderBlackEdition.cpl
[2011/06/13 21:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Application Data\Razer
[2011/06/13 21:44:44 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2011/06/13 21:44:27 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01009.dll
[2011/06/13 21:44:27 | 000,010,240 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\VKbms.sys
[2011/06/13 21:44:27 | 000,006,656 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\hidkmdf.sys
[2011/06/13 21:44:26 | 000,073,728 | ---- | C] (Razer Inc.) -- C:\WINDOWS\System32\DeathAdder.cpl
[2011/06/13 21:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Razer
[2011/06/13 21:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Razer
[2011/06/13 21:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Application Data\InstallShield
[2011/06/07 19:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Application Data\ooVoo Details
[2011/05/31 08:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Desktop\Auto-Joiner
[2011/05/30 20:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Desktop\My Shared Folder
[2011/05/30 15:02:28 | 000,000,000 | ---D | C] -- C:\WinASO
[2011/05/29 14:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Application Data\go
[2011/05/29 14:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2011/05/24 16:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zulkifli\Application Data\Search Settings
[2011/05/24 16:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/05/24 16:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/22 20:35:55 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/22 20:35:54 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/22 20:35:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1220945662-1417001333-1003UA.job
[2011/06/22 20:32:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/22 19:01:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/22 19:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule_219.job
[2011/06/22 19:00:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/06/22 18:56:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1220945662-1417001333-1005UA.job
[2011/06/22 17:42:22 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/22 16:50:33 | 000,045,202 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\room_v3.dat
[2011/06/22 16:00:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2011/06/22 14:31:50 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Desktop\HiJackThis.lnk
[2011/06/22 14:06:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/22 11:56:33 | 001,220,608 | RHS- | M] (Furman) -- C:\Documents and Settings\Zulkifli\Application Data\yncvbc.exe
[2011/06/22 11:05:11 | 001,220,608 | RHS- | M] (Furman) -- C:\Documents and Settings\Zulkifli\Application Data\vegfnw.exe
[2011/06/22 11:02:09 | 001,220,608 | ---- | M] (Furman) -- C:\Documents and Settings\Zulkifli\Application Data\xsfoye.exe
[2011/06/22 10:56:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1220945662-1417001333-1005Core.job
[2011/06/21 21:35:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1220945662-1417001333-1003Core.job
[2011/06/21 17:22:11 | 000,001,055 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk
[2011/06/20 21:41:23 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/20 21:41:22 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Desktop\Google Chrome.lnk
[2011/06/20 21:04:33 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Zulkifli\Desktop\TDSSKiller.exe
[2011/06/20 20:35:53 | 000,013,824 | -H-- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\mybot.exe
[2011/06/20 17:21:24 | 000,414,223 | -H-- | M] (ICQ, LLC.) -- C:\Documents and Settings\Zulkifli\Application Data\iWin.exe
[2011/06/20 16:47:12 | 000,023,040 | -H-- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\serve1.exe
[2011/06/20 11:04:58 | 000,313,344 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\chrtmp
[2011/06/19 09:52:26 | 000,143,360 | -H-- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\dfsda.exe
[2011/06/19 08:42:37 | 000,454,656 | -H-- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\istealer.exe
[2011/06/19 00:37:36 | 000,159,744 | ---- | M] (67885498765567) -- C:\Documents and Settings\Zulkifli\Application Data\luydms.exe
[2011/06/16 11:47:14 | 000,443,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/16 11:47:14 | 000,071,940 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/16 10:01:32 | 000,001,843 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Desktop\HsTZSDw4avx.gif
[2011/06/15 19:04:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 19:01:17 | 000,000,480 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Zulkifli.job
[2011/06/13 21:51:25 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/13 21:44:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_VKbms_01009.Wdf
[2011/06/13 21:44:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/06/10 01:16:44 | 000,075,360 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Desktop\199282_194504783914029_100000635271310_546977_6863575_n.jpg
[2011/06/05 22:25:12 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Desktop\Garena.lnk
[2011/05/31 06:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/25 03:06:50 | 000,046,658 | ---- | M] () -- C:\Documents and Settings\Zulkifli\Application Data\room.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/20 16:47:11 | 000,023,040 | -H-- | C] () -- C:\Documents and Settings\Zulkifli\Application Data\serve1.exe
[2011/06/20 16:12:53 | 000,002,565 | ---- | C] () -- C:\Documents and Settings\Zulkifli\Desktop\HiJackThis.lnk
[2011/06/19 09:52:13 | 000,143,360 | -H-- | C] () -- C:\Documents and Settings\Zulkifli\Application Data\dfsda.exe
[2011/06/19 08:51:23 | 000,013,824 | -H-- | C] () -- C:\Documents and Settings\Zulkifli\Application Data\mybot.exe
[2011/06/19 08:43:16 | 000,313,344 | ---- | C] () -- C:\Documents and Settings\Zulkifli\Application Data\chrtmp
[2011/06/19 08:42:10 | 000,454,656 | -H-- | C] () -- C:\Documents and Settings\Zulkifli\Application Data\istealer.exe
[2011/06/16 09:44:32 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\Zulkifli\Desktop\HsTZSDw4avx.gif
[2011/06/13 21:44:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_VKbms_01009.Wdf
[2011/06/13 21:44:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/06/13 21:44:46 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/06/10 01:16:23 | 000,075,360 | ---- | C] () -- C:\Documents and Settings\Zulkifli\Desktop\199282_194504783914029_100000635271310_546977_6863575_n.jpg
[2011/05/27 01:26:15 | 000,045,202 | ---- | C] () -- C:\Documents and Settings\Zulkifli\Application Data\room_v3.dat
[2011/03/22 21:32:43 | 000,046,658 | ---- | C] () -- C:\Documents and Settings\Zulkifli\Application Data\room.dat
[2011/02/13 11:00:17 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2011/01/21 23:22:00 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/21 23:21:57 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/21 23:21:57 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/21 23:21:42 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/15 14:32:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\EGameEncrypt.dll
[2011/01/13 18:12:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/22 14:19:33 | 000,000,292 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2010/12/22 07:45:24 | 000,000,891 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2010/12/22 07:44:53 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/12/18 16:58:02 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/12/11 04:17:13 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Zulkifli\Local Settings\Application Data\fusioncache.dat
[2010/10/12 10:29:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbmaaaba.sys
[2010/10/11 20:21:40 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.wtav
[2010/09/14 10:04:15 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/05/15 15:44:20 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/16 07:56:38 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\uc_karos_launching.dll
[2010/04/15 11:41:33 | 000,000,050 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2010/01/13 15:09:37 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/12/23 02:29:58 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\Zulkifli\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/17 13:01:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2009/11/06 20:51:17 | 000,657,191 | ---- | C] () -- C:\WINDOWS\Condition Zero Uninstaller.exe
[2009/11/05 14:19:15 | 000,064,440 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2009/11/04 21:42:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/04 17:12:24 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/04 17:12:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/04 17:12:20 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/04 17:12:20 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/04 17:12:18 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/04 14:56:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/04 06:04:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/04 06:01:20 | 002,092,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/03 23:22:17 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/11/03 22:20:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/03 22:15:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/10/07 13:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/14 12:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 12:41:26 | 000,273,856 | ---- | C] () -- C:\WINDOWS\System32\msqdpqcb.dll
[2007/01/23 20:11:20 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\QFClient2.dll
[2006/12/31 14:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 19:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 19:00:00 | 000,443,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 19:00:00 | 000,071,940 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 19:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
This is Extra.txt
OTL Extras logfile created on: 6/22/2011 8:41:09 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Zulkifli\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 80.10% Memory free
5.09 Gb Paging File | 4.60 Gb Available in Paging File | 90.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 117.81 Gb Free Space | 60.32% Space Free | Partition Type: NTFS
Drive D: | 270.44 Gb Total Space | 270.07 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive E: | 76.69 Gb Total Space | 76.62 Gb Free Space | 99.91% Space Free | Partition Type: NTFS

Computer Name: CMZUL-PC | User Name: Zulkifli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UACDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58075:TCP" = 58075:TCP:*:Enabled:Pando Media Booster
"58075:UDP" = 58075:UDP:*:Enabled:Pando Media Booster
"58198:TCP" = 58198:TCP:*:Enabled:Pando Media Booster
"58198:UDP" = 58198:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"56623:TCP" = 56623:TCP:*:Enabled:Pando Media Booster
"56623:UDP" = 56623:UDP:*:Enabled:Pando Media Booster
"57904:TCP" = 57904:TCP:*:Enabled:Pando Media Booster
"57904:UDP" = 57904:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"58075:TCP" = 58075:TCP:*:Enabled:Pando Media Booster
"58075:UDP" = 58075:UDP:*:Enabled:Pando Media Booster
"58198:TCP" = 58198:TCP:*:Enabled:Pando Media Booster
"58198:UDP" = 58198:UDP:*:Enabled:Pando Media Booster
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"8370:TCP" = 8370:TCP:*:Enabled:League of Legends Launcher
"8370:UDP" = 8370:UDP:*:Enabled:League of Legends Launcher
"6883:TCP" = 6883:TCP:*:Enabled:League of Legends Launcher
"6883:UDP" = 6883:UDP:*:Enabled:League of Legends Launcher
"6981:TCP" = 6981:TCP:*:Enabled:League of Legends Launcher
"6981:UDP" = 6981:UDP:*:Enabled:League of Legends Launcher
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\Valve\Condition Zero\hl.exe" = C:\Valve\Condition Zero\hl.exe:*:Disabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\WIZET\MapleStory\hshield\HSUpdate.exe" = C:\Program Files\WIZET\MapleStory\hshield\HSUpdate.exe:*:Disabled:HSUpdate
"C:\Program Files\WIZET\MapleStory\Patcher.exe" = C:\Program Files\WIZET\MapleStory\Patcher.exe:*:Disabled:Patcher MFC ?? ????
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Valve\Condition Zero\hlds.exe" = C:\Valve\Condition Zero\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)
"C:\HLDS\hlds.exe" = C:\HLDS\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)
"C:\Program Files\Left 4 Dead 2\left4dead2.exe" = C:\Program Files\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2
"C:\Program Files\Garena beta 4.0\Garena.exe" = C:\Program Files\Garena beta 4.0\Garena.exe:*:Enabled:Garena
"C:\gPotato.com\Allods Online\bin\LAUNCHER0.exe.EXE" = C:\gPotato.com\Allods Online\bin\LAUNCHER0.exe.EXE:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\launcher-broken.EXE" = C:\gPotato.com\Allods Online\bin\launcher-broken.EXE:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\Launcher.exe.exe" = C:\gPotato.com\Allods Online\bin\Launcher.exe.exe:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\Launcher0.exe" = C:\gPotato.com\Allods Online\bin\Launcher0.exe:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\Allods Online\bin\Launcher.exe" = C:\gPotato.com\Allods Online\bin\Allods Online\bin\Launcher.exe:*:Enabled:Allods Online launcher.exe
"C:\gPotato.com\Allods Online\bin\Allods Online\bin\AOgame.exe" = C:\gPotato.com\Allods Online\bin\Allods Online\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe
"C:\gPotato.com\Allods Online\bin\LAUNCHER.EXE" = C:\gPotato.com\Allods Online\bin\LAUNCHER.EXE:*:Enabled:Allods Online launcher.exe
"C:\gPotato.com\Allods Online\bin\AOgame.exe" = C:\gPotato.com\Allods Online\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe
"C:\gPotato.com\Allods Online\bin\bin\Launcher.exe" = C:\gPotato.com\Allods Online\bin\bin\Launcher.exe:*:Enabled:Allods Online launcher.exe
"C:\gPotato.com\Allods Online\bin\bin\AOgame.exe" = C:\gPotato.com\Allods Online\bin\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe
"C:\gPotato.com\Allods Online\bin\Launcher00.exe" = C:\gPotato.com\Allods Online\bin\Launcher00.exe:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\bin\Launcher0.exe" = C:\gPotato.com\Allods Online\bin\bin\Launcher0.exe:*:Enabled:Allods Launcher
"C:\gPotato.com\Allods Online\bin\Launcher000.exe" = C:\gPotato.com\Allods Online\bin\Launcher000.exe:*:Enabled:Allods Launcher
"C:\Program Files\CABAL Online (SG MY)\launcher\update\ESTdnheadless.exe" = C:\Program Files\CABAL Online (SG MY)\launcher\update\ESTdnheadless.exe:*:Disabled:EST! download engine
"L:\Allods Online\bin\Launcher0.exe" = L:\Allods Online\bin\Launcher0.exe:*:Enabled:Allods Launcher
"L:\Allods Online\bin\Launcher.exe" = L:\Allods Online\bin\Launcher.exe:*:Enabled:Allods Launcher
"C:\Program Files\MAIET\Gunz\GunzLauncher.exe" = C:\Program Files\MAIET\Gunz\GunzLauncher.exe:*:Enabled:Gunz
"C:\Program Files\ijji\ijji REACTOR\REACTOR.exe" = C:\Program Files\ijji\ijji REACTOR\REACTOR.exe:*:Enabled:Reactor Application
"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\ijji\ENGLISH\Gunz\Gunz.exe" = C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Disabled:Gunz
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver
"L:\Allods Online\BIN\Launcher000.exe" = L:\Allods Online\BIN\Launcher000.exe:*:Enabled:Allods Launcher
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe" = C:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju3A.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju3A.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\xxxwrp010yyzz\bin\javaw.exe" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\xxxwrp010yyzz\bin\javaw.exe:*:enabled:@xpsp2res.dll,-22019
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju42.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju42.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju4A.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju4A.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
"C:\Documents and Settings\Zulkifli\Desktop\Wtv\wtvClient.exe" = C:\Documents and Settings\Zulkifli\Desktop\Wtv\wtvClient.exe:*:Enabled:wtvClient
"C:\frozen throne 1.24b\Wtv\wtvClient.exe" = C:\frozen throne 1.24b\Wtv\wtvClient.exe:*:Enabled:wtvClient -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju91.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju91.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju1B.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju1B.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe" = C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient -- (Turbine, Inc.)
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju13D.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju13D.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju8C.tmp" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\iju8C.tmp:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Program Files\Garena Messenger\Apps\lol\Air\LolClient.exe" = C:\Program Files\Garena Messenger\Apps\lol\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"C:\Program Files\Garena Messenger\Apps\lol\Game\League of Legends.exe" = C:\Program Files\Garena Messenger\Apps\lol\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files\Garena Messenger\Room\garena_room.exe" = C:\Program Files\Garena Messenger\Room\garena_room.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\DFIGames\Dragonfly\Special Force\SpecialForce.exe" = C:\Program Files\DFIGames\Dragonfly\Special Force\SpecialForce.exe:*:Enabled:SpecialForce
"C:\Program Files\Garena Messenger\Apps\HoN\hon.exe" = C:\Program Files\Garena Messenger\Apps\HoN\hon.exe:*:Enabled:Heroes of Newerth -- (S2 Games)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo
"C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe" = C:\Documents and Settings\Zulkifli\Application Data\winlogon.exe:*:Enabled:CityScape
"C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\MSMT84F9DH.exe" = C:\DOCUME~1\Zulkifli\LOCALS~1\Temp\MSMT84F9DH.exe:*:Enabled:Windows Messanger
"C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe" = C:\Documents and Settings\Zulkifli\Application Data\Java\Nice.exe:*:Enabled:Windows Messanger


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{015536C0-151E-A1DF-1E2A-150A0341DE54}" = Antivirus 2010
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06B4C5C0-05C4-49C9-9D1F-24822D86EBF5}" = SpecialForce
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.1
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BA9D546-B0E3-4549-BB2E-3F4FF65A1B81}" = YouTube Downloader Toolbar v4.4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9EB5FC-1155-497B-9AF9-D1AB20382B10}" = STOPzilla
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DDF83FDD-89DB-47A4-A541-DD88C52F625A}" = Razer DeathAdder Black Edition Mouse
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.04.8007
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AMX Mod X Installer" = AMX Mod X Installer 1.8.1
"Any Video Converter_is1" = Any Video Converter 3.2.3
"Ares" = Ares 2.1.7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Condition Zero" = Condition Zero
"Defraggler" = Defraggler
"Fraps" = Fraps
"Garena" = Garena 2010
"Garena Messenger" = Garena - League of Legends
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HoN" = Garena - Heroes of Newerth
"ie8" = Windows Internet Explorer 8
"im" = Garena Messenger
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full)
"LimeWire" = LimeWire 5.5.16
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NSIS_cald3" = Cambridge Advanced Learner's Dictionary - 3rd Edition
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Opera 11.10.2092" = Opera 11.10
"QUICKfind" = QUICKfind server v1.1
"QuicktimeAlt_is1" = QuickTime Alternative 3.0.1
"RealAlt_is1" = Real Alternative 2.0.1
"RocketDock_is1" = RocketDock 1.3.5
"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
"uTorrent" = µTorrent
"Warkeys" = Warkeys 1.15.3.0b
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AikaOnline" = AikaOnline
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"LotRO MIDI Player" = LotRO MIDI Player
"Warcraft III" = Warcraft III: All Products
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2011 4:26:19 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 8:14:25 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 9:13:06 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 8:14:39 PM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 10:50:54 PM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 10:51:17 PM | Computer Name = CMZUL-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x24017c1e.

Error - 6/21/2011 1:49:23 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/21/2011 4:20:25 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/21/2011 4:35:59 AM | Computer Name = CMZUL-PC | Source = Application Error | ID = 1000
Description = Faulting application test.exe, version 0.0.0.0, faulting module test.exe,
version 0.0.0.0, fault address 0x000028c3.

Error - 6/21/2011 8:07:15 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

[ Application Events ]
Error - 6/20/2011 4:26:19 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 8:14:25 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 9:13:06 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 8:14:39 PM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 10:50:54 PM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/20/2011 10:51:17 PM | Computer Name = CMZUL-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x24017c1e.

Error - 6/21/2011 1:49:23 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/21/2011 4:20:25 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/21/2011 4:35:59 AM | Computer Name = CMZUL-PC | Source = Application Error | ID = 1000
Description = Faulting application test.exe, version 0.0.0.0, faulting module test.exe,
version 0.0.0.0, fault address 0x000028c3.

Error - 6/21/2011 8:07:15 AM | Computer Name = CMZUL-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 6/21/2011 9:31:37 PM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 6/22/2011 1:29:06 AM | Computer Name = CMZUL-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/22/2011 1:29:06 AM | Computer Name = CMZUL-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/22/2011 1:29:09 AM | Computer Name = CMZUL-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/22/2011 1:29:09 AM | Computer Name = CMZUL-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/22/2011 1:29:12 AM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 6/22/2011 2:00:22 AM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 6/22/2011 5:38:50 AM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 6/22/2011 8:11:34 AM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 6/22/2011 8:33:00 AM | Computer Name = CMZUL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058


< End of report >
  • 0

Advertisements

#11
h1._.n1a
Posted 23 June 2011 - 01:03 AM

h1._.n1a

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
this is the log from malwarabytes

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6923

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/23/2011 2:54:28 PM
mbam-log-2011-06-23 (14-54-28).txt

Scan type: Quick scan
Objects scanned: 157506
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{UT53BM5O-H006-I5L6-HLU4-S6Y2ME8IJSC6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{UT53BM5O-H006-I5L6-HLU4-S6Y2ME8IJSC6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VB AND VBA PROGRAM SETTINGS\Micronsoft (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Java (Trojan.Swisyn) -> Value: Java -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\dir\install\install\server.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Zulkifli\application data\dfsda.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Zulkifli\application data\istealer.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Zulkifli\application data\iWin.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Zulkifli\application data\luydms.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Zulkifli\my documents\downloads\removewga.exe (PUP.RemoveWGA) -> Not selected for removal.
c:\program files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.
c:\documents and settings\Zulkifli\local settings\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Zulkifli\local settings\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.
  • 0

#12
h1._.n1a
Posted 23 June 2011 - 01:39 AM

h1._.n1a

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
log from Combofix

ComboFix 11-06-22.02 - Zulkifli 06/23/2011 15:25:08.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2850 [GMT 8:00]
Running from: c:\documents and settings\Zulkifli\My Documents\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dir
c:\documents and settings\All Users\Application Data\.wtav
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Zulkifli\Application Data\chrtmp
c:\documents and settings\Zulkifli\Application Data\mybot.exe
c:\documents and settings\Zulkifli\Application Data\PriceGong
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Zulkifli\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Zulkifli\Application Data\serve1.exe
c:\documents and settings\Zulkifli\Application Data\vegfnw.exe
c:\documents and settings\Zulkifli\Application Data\xsfoye.exe
c:\documents and settings\Zulkifli\Application Data\yncvbc.exe
c:\documents and settings\Zulkifli\WINDOWS
c:\program files\Shared
c:\windows\system32\drivers\vbmaaaba.sys
.
----- BITS: Possible infected sites -----
.
hxxp://apnmedia.ask.com
hxxp://armmf.adobe.c
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vbmaaaba
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 06:48 . 2011-06-23 06:48 -------- d-----w- c:\documents and settings\Zulkifli\Application Data\Malwarebytes
2011-06-23 06:48 . 2011-05-29 01:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-23 06:48 . 2011-06-23 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-23 06:48 . 2011-06-23 06:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-23 06:48 . 2011-05-29 01:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-22 12:31 . 2011-06-22 12:31 -------- d-----w- C:\_OTL
2011-06-22 03:02 . 2011-06-22 05:39 -------- d-----w- c:\documents and settings\Zulkifli\Application Data\Kerouac
2011-06-20 08:12 . 2011-06-20 08:12 388096 ----a-r- c:\documents and settings\Zulkifli\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-20 07:10 . 2011-06-20 07:10 -------- d-----w- C:\!KillBox
2011-06-17 01:20 . 2011-06-17 01:20 -------- d-----w- c:\documents and settings\Zulkifli\Local Settings\Application Data\SkypeFx
2011-06-17 01:20 . 2011-06-17 01:20 -------- d-----w- c:\documents and settings\Zulkifli\Local Settings\Application Data\IsolatedStorage
2011-06-17 00:15 . 2011-06-07 04:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-06-13 13:59 . 2010-12-01 06:34 9856 ----a-w- c:\windows\system32\drivers\DABlack.sys
2011-06-13 13:59 . 2010-11-25 09:30 73728 ----a-w- c:\windows\system32\DeathAdderBlackEdition.cpl
2011-06-13 13:47 . 2011-06-13 13:47 -------- d-----w- c:\documents and settings\Zulkifli\Application Data\Razer
2011-06-13 13:44 . 2008-11-07 10:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-06-13 13:44 . 2010-09-30 16:16 10240 ----a-w- c:\windows\system32\drivers\VKbms.sys
2011-06-13 13:44 . 2010-09-25 04:55 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2011-06-13 13:44 . 2009-07-14 20:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-06-13 13:44 . 2011-06-20 13:55 -------- d-----w- c:\program files\Razer
2011-06-13 13:44 . 2006-11-22 21:55 73728 ----a-w- c:\windows\system32\DeathAdder.cpl
2011-06-13 13:44 . 2011-06-13 13:44 -------- d-----w- c:\documents and settings\Zulkifli\Application Data\InstallShield
2011-06-07 11:08 . 2011-06-07 11:08 -------- d-----w- c:\documents and settings\Zulkifli\Application Data\ooVoo Details
2011-05-30 07:02 . 2011-01-02 20:25 -------- d-----w- C:\WinASO
2011-05-29 06:40 . 2011-06-23 03:02 -------- d-----w- c:\documents and settings\Zulkifli\Application Data\go
2011-05-29 06:40 . 2011-06-23 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Easybits GO
2011-05-24 08:01 . 2011-05-24 08:01 -------- d-----w- c:\documents and settings\Zulkifli\Application Data\Search Settings
2011-05-24 08:01 . 2011-05-24 08:01 -------- d-----w- c:\program files\Application Updater
2011-05-24 08:01 . 2011-05-24 08:01 -------- d-----w- c:\program files\YouTube Downloader Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-20 13:12 . 2008-04-13 23:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-05-20 00:46 . 2011-05-20 00:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 15:31 . 2009-11-03 14:15 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-04-13 23:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2008-04-14 04:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:11 . 2008-04-14 04:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2008-04-13 23:07 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-13 23:47 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 11:18 . 2010-12-19 13:13 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-12-20 7151616]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Zulkifli\Start Menu\Programs\Startup\
My_AutoWarkey_Script.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-9-26 245248]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Zulkifli^Start Menu^Programs^Startup^Warkeys Update.lnk]
backup=c:\windows\pss\Warkeys Update.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaCIG
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaMessenger]
2011-05-24 10:28 4382552 ----a-w- c:\program files\Garena Messenger\GarenaMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 14:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-10-15 03:51 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"szserver"=2 (0x2)
"YahooAUService"=2 (0x2)
"userinit"=2 (0x2)
"cFosSpeedS"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Valve\\Condition Zero\\hl.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Valve\\Condition Zero\\hlds.exe"=
"c:\\HLDS\\hlds.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\frozen throne 1.24b\\Wtv\\wtvClient.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Program Files\\Garena Messenger\\Apps\\lol\\Air\\LolClient.exe"=
"c:\\Program Files\\Garena Messenger\\Apps\\lol\\Game\\League of Legends.exe"=
"c:\\Program Files\\Garena Messenger\\Room\\garena_room.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Garena Messenger\\Apps\\HoN\\hon.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"56623:TCP"= 56623:TCP:Pando Media Booster
"56623:UDP"= 56623:UDP:Pando Media Booster
"57904:TCP"= 57904:TCP:Pando Media Booster
"57904:UDP"= 57904:UDP:Pando Media Booster
"58075:TCP"= 58075:TCP:Pando Media Booster
"58075:UDP"= 58075:UDP:Pando Media Booster
"58198:TCP"= 58198:TCP:Pando Media Booster
"58198:UDP"= 58198:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"6883:TCP"= 6883:TCP:League of Legends Launcher
"6883:UDP"= 6883:UDP:League of Legends Launcher
"6981:TCP"= 6981:TCP:League of Legends Launcher
"6981:UDP"= 6981:UDP:League of Legends Launcher
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2/24/2010 3:06 PM 173328]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/19/2010 9:13 PM 136360]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [5/6/2011 5:33 PM 393112]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [7/3/2010 11:16 AM 632792]
R3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\drivers\hidkmdf.sys [6/13/2011 9:44 PM 6656]
R3 VKbms;Virtual HID Minidriver;c:\windows\system32\drivers\VKbms.sys [6/13/2011 9:44 PM 10240]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/14/2010 10:33 AM 136176]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/18/2010 4:58 PM 1691480]
S3 DABlackFltr;DeathAdder Black Edition;c:\windows\system32\drivers\DABlack.sys [6/13/2011 9:59 PM 9856]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Zulkifli\LOCALS~1\Temp\YZG396.tmp --> c:\docume~1\Zulkifli\LOCALS~1\Temp\YZG396.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/14/2010 10:33 AM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/23/2011 2:48 PM 39984]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [11/7/2009 12:42 AM 131072]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [11/7/2009 12:42 AM 79104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [11/3/2009 10:41 PM 212992]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-14 02:33]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-14 02:33]
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1220945662-1417001333-1003Core.job
- c:\documents and settings\Zulkifli\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-20 09:55]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1220945662-1417001333-1003UA.job
- c:\documents and settings\Zulkifli\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-20 09:55]
.
2011-06-23 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 07:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.flashget.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{23EE5872-0EBC-4A21-844C-A29646C0B772}: NameServer = 202.188.0.133 202.188.1.5
FF - ProfilePath - c:\documents and settings\Zulkifli\Application Data\Mozilla\Firefox\Profiles\f2nftlk7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-25819098.sys
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
HKLM_ActiveSetup-{C3B9F9DA-7A2F-D1AB-DFB2-E2AFD86BB26E} - c:\documents and settings\Zulkifli\Application Data\Java\Nice.exe
AddRemove-LotRO MIDI Player - c:\windows\system32\javaws.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 15:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Zulkifli\LOCALS~1\Temp\YZG396.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-1220945662-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4b,38,dc,ac,76,7e,f2,48,bc,09,cc,c6,a8,93,19,ca,7b,3e,01,05,71,26,5f,
2d,89,c9,29,4d,3f,14,37,15,d7,74,5f,3e,4f,f8,1e,97,c9,76,06,1f,e5,81,30,dc,\
"??"=hex:c7,01,43,df,55,c0,0c,b6,7d,87,3c,d4,55,a1,45,f4
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1028)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(1688)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\windows\system32\Msi.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2011-06-23 15:37:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-23 07:37
.
Pre-Run: 126,158,569,472 bytes free
Post-Run: 126,128,562,176 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
.
- - End Of File - - C3A95D09FFEEE2E1FBAE814D600A5B88
  • 0

#13
h1._.n1a
Posted 23 June 2011 - 01:43 AM

h1._.n1a

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Only the fix mBPr is enable but the fix button is not enable.here is the log

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-23 15:41:07
-----------------------------
15:41:07.906 OS Version: Windows 5.1.2600 Service Pack 3
15:41:07.906 Number of processors: 2 586 0x407
15:41:07.906 ComputerName: CMZUL-PC UserName: Zulkifli
15:41:08.484 Initialize success
15:41:24.750 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-f
15:41:24.750 Disk 0 Vendor: HDS728080PLA380 PF2OA60A Size: 78533MB BusType: 3
15:41:24.750 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-17
15:41:24.750 Disk 1 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 3
15:41:26.765 Disk 1 MBR read successfully
15:41:26.765 Disk 1 MBR scan
15:41:26.765 Disk 1 Windows XP default MBR code
15:41:28.765 Disk 1 scanning sectors +976752000
15:41:28.796 Disk 1 scanning C:\WINDOWS\system32\drivers
15:41:34.546 Service scanning
15:41:35.406 Disk 1 trace - called modules:
15:41:35.421 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:41:35.437 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8ae08ab8]
15:41:35.437 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000073[0x8aef3318]
15:41:35.437 5 ACPI.sys[f74e5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-17[0x8aed7030]
15:41:35.437 Scan finished successfully
15:42:05.484 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Zulkifli\My Documents\Downloads\MBR.dat"
15:42:05.484 The log file has been saved successfully to "C:\Documents and Settings\Zulkifli\My Documents\Downloads\aswMBR.txt"
  • 0

#14
RKinner
Posted 23 June 2011 - 09:03 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Your logs look clean now. Any problems?

If not: We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab which will remove the program and its backups of malware along with some of our other tools (tho not aswMBR)

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You do not have the latest Java (Java™ 6 Update 26). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you can download and run the UpdateChecker:
http://www.filehippo.../updatechecker/

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#15
h1._.n1a
Posted 24 June 2011 - 07:41 AM

h1._.n1a

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
my computer has no problem alrdy.tq vry much for your help.btw is cleaning system important?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP