Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

more svhost in my process


  • Please log in to reply

#1
rhomel

rhomel

    Member

  • Member
  • PipPip
  • 90 posts
SLow StartUP. and Sometime the OS need CD installer Window Xp sP3 because of Error in explorer.

untitled.JPG

OTL logfile created on: 2/12/2012 10:13:21 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

1023.47 Mb Total Physical Memory | 413.50 Mb Available Physical Memory | 40.40% Memory free
2.40 Gb Paging File | 1.80 Gb Available in Paging File | 74.85% Paging File free
Paging file location(s): C:\pagefile.sys 1535 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 7.35 Gb Free Space | 37.66% Space Free | Partition Type: NTFS
Drive D: | 17.76 Gb Total Space | 9.20 Gb Free Space | 51.78% Space Free | Partition Type: NTFS

Computer Name: RHOMEL | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\My Documents\Downloads\Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Bluetooth XP Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files\PetanDrive\dokan\mounter.exe ()
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12021200\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\12021101\algo.dll ()
MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\pdf.dll ()
MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\avutil-51.dll ()
MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\avformat-53.dll ()
MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\avcodec-53.dll ()
MOD - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\gcswf32.dll ()
MOD - C:\Program Files\PetanDrive\dokan\mounter.exe ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()


========== Win32 Services (SafeList) ==========

SRV - (wscsvc) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (KMService) -- C:\WINDOWS\system32\srvany.exe ()
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files\Bluetooth XP Suite\Ath_CoexAgent.exe (Atheros)
SRV - (DokanMounter) -- C:\Program Files\PetanDrive\dokan\mounter.exe ()
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (IDMTDI) -- C:\WINDOWS\system32\drivers\idmtdi.sys (Tonec Inc.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssudobex) SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudobex.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (aswFW) -- C:\WINDOWS\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswNdis2) -- C:\WINDOWS\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswNdis) -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys (ALWIL Software)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (btfilter) -- C:\WINDOWS\system32\drivers\btfilter.sys (Atheros)
DRV - (BTATHUSB) -- C:\WINDOWS\system32\drivers\btathusb.sys (Atheros)
DRV - (btathspp) -- C:\WINDOWS\system32\drivers\btathspp.sys (Atheros)
DRV - (Atheros_btAudio) -- C:\WINDOWS\system32\drivers\btathsco.sys (Atheros)
DRV - (btathrcp) -- C:\WINDOWS\system32\drivers\btathrcp.sys (Atheros)
DRV - (BTATHPROT) -- C:\WINDOWS\system32\drivers\btathprot.sys (Atheros)
DRV - (btathPan) -- C:\WINDOWS\system32\drivers\btathpan.sys (Atheros)
DRV - (btatha2dp) -- C:\WINDOWS\system32\drivers\btatha2dp.sys (Atheros)
DRV - (Dokan) -- C:\WINDOWS\system32\drivers\dokan.sys (Windows ® Win 7 DDK provider)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ph
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 2F 1A 46 87 DC CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://www.google.co...earch?hl=en&q="
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/08 22:06:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/03 18:46:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Owner\Application Data\IDM\idmmzcc5 [2012/01/01 11:30:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Owner\Application Data\IDM\idmmzcc5 [2012/01/01 11:30:08 | 000,000,000 | ---D | M]

[2011/11/25 22:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/01/28 00:16:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpj9fd78.default\extensions
[2012/01/26 17:52:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpj9fd78.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/28 00:16:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpj9fd78.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/02/03 18:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/01 11:30:08 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\IDM\IDMMZCC5
[2011/12/08 22:06:04 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/12/25 02:19:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/04 06:18:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/02/03 18:46:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/13 21:27:57 | 006,179,767 | ---- | M] () -- C:\Program Files\mozilla firefox\components\scbypassv64.dll
[2011/12/24 00:53:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/15 01:14:32 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/12/24 00:53:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Mac OS X Simple Theme = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cihohekcekjgjdkeljpkbaaecgfoimbj\1.0.1_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: YouTube Enhancer = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmgegjjnjebkemeciiceihndnkamgpih\1.0_0\
CHR - Extension: VideoBB Video Unlimiter = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhidmoipgfngjclhdlocgencfklfjchg\1.2_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.0.6_0\
CHR - Extension: MegaSkipper = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\phlpjnmkcepflfoglccifhajagahaglm\19.64_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/12 12:04:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 177
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F31C0E6B-FCAF-4FDB-8511-2E7FDB773D52}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/09 07:54:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/12 13:00:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\syntaxerror00100
[2012/02/12 01:57:20 | 000,103,936 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2012/02/12 01:57:20 | 000,103,936 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmeaext.sys
[2012/02/12 01:57:20 | 000,103,936 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2012/02/12 01:57:20 | 000,103,936 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2012/02/11 21:23:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/02/09 02:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Garena
[2012/02/09 00:54:00 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/02/08 21:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Atheros
[2012/02/08 00:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\BMExplorer
[2012/02/08 00:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Bluetooth Exchange Folder
[2012/02/08 00:34:08 | 000,663,328 | ---- | C] (Atheros) -- C:\WINDOWS\System32\drivers\btathprot.sys
[2012/02/08 00:34:08 | 000,244,768 | ---- | C] (Atheros) -- C:\WINDOWS\System32\drivers\btfilter.sys
[2012/02/08 00:34:08 | 000,079,008 | ---- | C] (Atheros) -- C:\WINDOWS\System32\drivers\btathusb.sys
[2012/02/08 00:34:08 | 000,047,264 | ---- | C] (Atheros) -- C:\WINDOWS\System32\btathci.dll
[2012/02/08 00:34:07 | 000,085,152 | ---- | C] (Atheros) -- C:\WINDOWS\System32\drivers\btathspp.sys
[2012/02/08 00:34:07 | 000,029,856 | ---- | C] (Atheros) -- C:\WINDOWS\System32\drivers\btathsco.sys
[2012/02/08 00:34:06 | 000,036,384 | ---- | C] (Atheros) -- C:\WINDOWS\System32\drivers\btathpan.sys
[2012/02/08 00:34:06 | 000,013,344 | ---- | C] (Atheros) -- C:\WINDOWS\System32\drivers\btathrcp.sys
[2012/02/08 00:34:02 | 000,074,912 | ---- | C] (Atheros) -- C:\WINDOWS\System32\drivers\btatha2dp.sys
[2012/02/08 00:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bluetooth Suite
[2012/02/08 00:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Atheros
[2012/02/08 00:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bluetooth XP Suite
[2012/02/07 22:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Beyluxe
[2012/02/07 22:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Beyluxe Received Files
[2012/02/07 22:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Beyluxe Messenger
[2012/02/07 22:47:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Beyluxe Messenger
[2012/02/06 19:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/02/06 19:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/02/05 23:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Cain
[2012/02/05 14:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Intel
[2012/02/05 11:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Temp
[2012/02/05 11:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Samsung
[2012/02/05 11:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Samsung
[2012/02/05 11:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\samsung
[2012/02/05 11:43:56 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudserd.sys
[2012/02/05 11:43:55 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudobex.sys
[2012/02/05 11:43:52 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudmdm.sys
[2012/02/05 11:43:51 | 000,080,184 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudbus.sys
[2012/02/05 11:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
[2012/02/05 11:40:19 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2012/02/05 11:39:43 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2012/02/05 11:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012/02/05 11:39:42 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2012/02/05 11:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/02/05 11:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations
[2012/01/23 22:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\CherlesCanopytool
[2012/01/23 22:19:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Cherles00100
[2012/01/23 22:18:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\CherlesCanopyTool
[2012/01/19 01:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/01/19 01:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2012/01/16 21:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2012/01/14 08:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\JeS_Consultancy

========== Files - Modified Within 30 Days ==========

[2012/02/12 22:26:57 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{221737F7-2BBA-4B46-B3F2-4232F6D43D01}.job
[2012/02/12 22:10:31 | 000,102,568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\untitled.JPG
[2012/02/12 22:03:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-813497703-842925246-1003UA.job
[2012/02/12 21:54:15 | 000,181,423 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/02/12 21:52:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/12 21:52:30 | 1073,254,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/12 12:04:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/12 00:37:58 | 000,337,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/11 21:53:57 | 003,715,904 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ROM-Toolbox-Pro-v4.5.0-offline-need-approb.com.apk
[2012/02/11 19:30:05 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\StartupSlowFix Schedule.job
[2012/02/11 03:26:51 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Owner\bmarchive.bms
[2012/02/10 22:30:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/10 08:04:14 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-813497703-842925246-1003Core.job
[2012/02/09 02:03:45 | 000,051,186 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\room_v3.dat
[2012/02/09 02:01:35 | 000,000,495 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Garena Classic.lnk
[2012/02/09 01:15:46 | 000,045,901 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mission.JPG
[2012/02/09 00:54:39 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/02/08 23:43:36 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/08 19:30:23 | 000,812,768 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\elecengrterms.pdf
[2012/02/08 00:40:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_btathspp_01005.Wdf
[2012/02/08 00:35:37 | 000,505,056 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/08 00:35:37 | 000,088,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/08 00:34:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_btathprot_01005.Wdf
[2012/02/08 00:33:19 | 000,001,242 | ---- | M] () -- C:\WINDOWS\System32\drivers\ramps_0x01020200_40_0x01.dfu
[2012/02/08 00:33:19 | 000,001,204 | ---- | M] () -- C:\WINDOWS\System32\drivers\ramps_0x01020200_40_0x02.dfu
[2012/02/08 00:33:19 | 000,001,204 | ---- | M] () -- C:\WINDOWS\System32\drivers\ramps_0x01020200_40.dfu
[2012/02/08 00:33:19 | 000,001,198 | ---- | M] () -- C:\WINDOWS\System32\drivers\ramps_0x01020200_26.dfu
[2012/02/08 00:33:18 | 000,246,804 | ---- | M] () -- C:\WINDOWS\System32\drivers\AtherosBt.bin
[2012/02/06 19:14:08 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/02/05 23:48:56 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Cain.lnk
[2012/02/05 16:05:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012/02/05 12:26:03 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MultiLoader v.5.65 - by taylorh(www.corby2downloads.com).exe
[2012/02/05 11:55:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/02/05 11:44:20 | 000,000,469 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2012/02/05 11:40:26 | 000,000,469 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/01/30 20:23:02 | 000,053,154 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\407007_281713938555682_100001512341416_740577_1193551095_n.jpg
[2012/01/26 18:48:06 | 000,104,072 | ---- | M] (Tonec Inc.) -- C:\WINDOWS\System32\drivers\idmtdi.sys
[2012/01/22 02:08:00 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GarenaMaster_Full.lnk
[2012/01/19 01:38:50 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

========== Files Created - No Company Name ==========

[2012/02/12 22:10:31 | 000,102,568 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\untitled.JPG
[2012/02/12 00:37:58 | 000,337,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/11 21:53:30 | 003,715,904 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ROM-Toolbox-Pro-v4.5.0-offline-need-approb.com.apk
[2012/02/09 02:01:35 | 000,000,495 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Garena Classic.lnk
[2012/02/09 01:15:46 | 000,045,901 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mission.JPG
[2012/02/08 19:30:23 | 000,812,768 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\elecengrterms.pdf
[2012/02/08 00:40:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_btathspp_01005.Wdf
[2012/02/08 00:39:21 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Owner\bmarchive.bms
[2012/02/08 00:34:23 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_btathprot_01005.Wdf
[2012/02/06 22:41:11 | 000,193,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/06 19:07:48 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/02/05 23:48:56 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Cain.lnk
[2012/02/05 21:52:31 | 000,337,842 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-854245398-813497703-842925246-1003-0.dat
[2012/02/05 21:52:23 | 000,337,842 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/05 16:05:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012/02/05 12:26:03 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MultiLoader v.5.65 - by taylorh(www.corby2downloads.com).exe
[2012/02/05 11:44:20 | 000,000,469 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2012/02/05 11:40:26 | 000,000,469 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/01/30 20:23:05 | 000,053,154 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\407007_281713938555682_100001512341416_740577_1193551095_n.jpg
[2012/01/22 02:08:00 | 000,000,865 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GarenaMaster_Full.lnk
[2012/01/19 01:38:50 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/01/01 15:25:29 | 000,167,936 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2011/12/23 20:58:28 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/12/13 05:27:07 | 000,000,149 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\M2PD.ini
[2011/11/26 02:05:35 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\room_v3.dat
[2011/11/25 22:09:16 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/11/25 22:09:16 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/11/25 22:08:40 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2011/11/25 22:06:48 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/11/10 18:06:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2011/11/09 09:05:55 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2011/11/09 08:48:54 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/09 07:55:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/09 07:50:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/09 01:42:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/09 01:38:59 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/09/19 16:36:56 | 000,246,804 | ---- | C] () -- C:\WINDOWS\System32\drivers\AtherosBt.bin
[2011/07/19 00:32:06 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\dokan.dll
[2010/06/25 11:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/02/22 07:30:02 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2010/02/22 07:30:02 | 000,414,208 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2010/02/22 07:30:02 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2009/04/20 12:25:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2008/05/16 12:31:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 12:31:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/16 12:31:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 12:31:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/16 12:31:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 12:31:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 12:31:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/16 12:31:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/16 12:31:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 06:00:00 | 000,505,056 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 06:00:00 | 000,088,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/12/08 22:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/09 14:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2012/02/03 19:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverGenius
[2012/01/20 23:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2011/12/08 22:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/02/05 11:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/11/25 22:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/12/10 07:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/12/02 13:54:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/02/07 22:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Beyluxe
[2012/02/12 22:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DMCache
[2012/01/24 23:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2011/11/09 08:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2012/01/20 23:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GarenaPlus
[2011/12/30 08:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2012/02/11 21:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IDM
[2011/12/08 22:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iolo
[2012/02/08 23:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\petanDrive
[2012/02/05 11:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Samsung
[2011/11/25 23:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2011/12/12 02:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spiritsoft
[2011/11/29 02:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2011/12/25 17:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2012/02/05 11:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Temp
[2011/12/02 14:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2012/02/09 21:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2011/11/25 20:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wireshark
[2012/02/11 19:30:05 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\StartupSlowFix Schedule.job
[2012/02/12 22:26:57 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{221737F7-2BBA-4B46-B3F2-4232F6D43D01}.job

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 2/12/2012 10:13:21 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

1023.47 Mb Total Physical Memory | 413.50 Mb Available Physical Memory | 40.40% Memory free
2.40 Gb Paging File | 1.80 Gb Available in Paging File | 74.85% Paging File free
Paging file location(s): C:\pagefile.sys 1535 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 7.35 Gb Free Space | 37.66% Space Free | Partition Type: NTFS
Drive D: | 17.76 Gb Total Space | 9.20 Gb Free Space | 51.78% Space Free | Partition Type: NTFS

Computer Name: RHOMEL | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"D:\Garena Classic\Garena.exe" = D:\Garena Classic\Garena.exe:*:Enabled:Garena Classic -- (Garena Online PTE LTD)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{28B0F39B-C0C6-4CC5-902B-9BF20111804C}" = Bluetooth XP Suite
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-385C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{EB1BE39D-4C36-40A0-8CFB-079A2D14CB79}" = Windows Genuine Advantage Validation 1.9.42.0 Cracked
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Internet Security
"Beyluxe Messenger1" = Beyluxe Messenger
"Cain & Abel v4.9.43" = Cain & Abel v4.9.43
"CCleaner" = CCleaner
"CmdOpen Shell Extension" = Open Command Prompt Shell Extension (x86-32)
"CNXT_MODEM_PCI" = SoftV92 Data Fax Modem
"FileZilla Client" = FileZilla Client 3.5.2
"Foxit Reader" = Foxit Reader
"Garena Classic 2011" = Garena Classic 2011
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"im" = Garena Plus
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Internet Download Manager" = Internet Download Manager
"iolo Memory Mechanic_is1" = iolo Memory Mechanic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Silverlight" = Microsoft Silverlight
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"Network Updater" = Network Updater
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PetanDrive" = PetaNDrive 1.3.2
"Puran Defrag_is1" = Puran Defrag 7.3
"StartupSlowFix_is1" = StartupSlowFix 3.9
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Windows Doctor 2.7.1_is1" = Windows Doctor 2.7.1
"WinPcapInst" = WinPcap 4.1.2
"winusb0100" = Microsoft WinUsb 1.0
"Wireshark" = Wireshark 1.6.4
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MLQTSource" = MediaLooks QuickTime Source 1.7.0.6 (DirectShow Filter)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/8/2012 11:52:26 PM | Computer Name = RHOMEL | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting
module bmvfplugin.dll, version 7.3.0.130, fault address 0x0003c18c.

Error - 2/11/2012 5:26:10 AM | Computer Name = RHOMEL | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting
module bmvfplugin.dll, version 7.3.0.130, fault address 0x0003c18c.

Error - 2/11/2012 5:26:42 AM | Computer Name = RHOMEL | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting
module bmvfplugin.dll, version 7.3.0.130, fault address 0x0003c18c.

Error - 2/12/2012 2:14:04 PM | Computer Name = RHOMEL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008d1c0.

[ System Events ]
Error - 2/11/2012 10:07:51 PM | Computer Name = RHOMEL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.255.222 for the Network Card with network
address 0022B095943A has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/11/2012 10:10:31 PM | Computer Name = RHOMEL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 0022B095943A has been denied by the DHCP server 192.168.224.1 (The DHCP
Server sent a DHCPNACK message).

Error - 2/11/2012 11:33:06 PM | Computer Name = RHOMEL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.229.253 for the Network Card with network
address AACCBBDDFFEE has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/12/2012 2:40:13 AM | Computer Name = RHOMEL | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 2/12/2012 4:48:26 AM | Computer Name = RHOMEL | Source = Service Control Manager | ID = 7034
Description = The DokanMounter service terminated unexpectedly. It has done this
1 time(s).

Error - 2/12/2012 2:02:09 PM | Computer Name = RHOMEL | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 2/12/2012 2:03:40 PM | Computer Name = RHOMEL | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 2/12/2012 2:20:44 PM | Computer Name = RHOMEL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.101 for the Network Card with network
address AACCBBDDFFEE has been denied by the DHCP server 192.168.224.1 (The DHCP
Server sent a DHCPNACK message).

Error - 2/12/2012 11:52:46 PM | Computer Name = RHOMEL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.229.253 for the Network Card with network
address AACCBBDDFFEE has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/12/2012 11:54:20 PM | Computer Name = RHOMEL | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083


< End of report >
  • 0

Advertisements


#2
rhomel

rhomel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Last Night I use the ComboFix


ComboFix 12-02-11.02 - Owner 02/12/2012 2:48.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.63.1033.18.1023.644 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Owner\LOCALS~1\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
c:\documents and settings\All Users\Application Data\Update 9-16-11.exe
c:\documents and settings\Owner\Application Data\ShareCash Downloader v2.0.exe
c:\documents and settings\Owner\Application Data\ubot
c:\documents and settings\Owner\Local Settings\temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
d:\beyluxe messenger\Beyluxe Messenger.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_0
-------\Service_1
-------\Service_10
-------\Service_5
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 07:57 . 2009-01-06 23:14 103936 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-02-12 07:57 . 2009-01-06 23:14 103936 ----a-w- c:\windows\system32\drivers\ZTEusbnmeaext.sys
2012-02-12 07:57 . 2009-01-06 23:14 103936 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-02-12 07:57 . 2009-01-06 23:14 103936 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-02-12 07:56 . 2012-02-12 07:57 -------- d-----w- c:\windows\system32\SupportAppXL
2012-02-09 06:54 . 2012-02-09 06:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-09 03:49 . 2012-02-10 01:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Atheros
2012-02-08 06:40 . 2008-04-14 09:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-02-08 06:40 . 2008-04-14 09:41 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2012-02-08 06:39 . 2012-02-08 06:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\BMExplorer
2012-02-08 06:34 . 2011-09-19 22:54 1415328 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2012-02-08 06:34 . 2011-09-19 22:53 244768 ----a-w- c:\windows\system32\drivers\btfilter.sys
2012-02-08 06:34 . 2011-09-19 22:53 79008 ----a-w- c:\windows\system32\drivers\btathusb.sys
2012-02-08 06:34 . 2011-09-19 22:52 663328 ----a-w- c:\windows\system32\drivers\btathprot.sys
2012-02-08 06:34 . 2011-09-19 22:51 47264 ----a-w- c:\windows\system32\btathci.dll
2012-02-08 06:34 . 2011-09-19 22:53 85152 ----a-w- c:\windows\system32\drivers\btathspp.sys
2012-02-08 06:34 . 2011-09-19 22:53 29856 ----a-w- c:\windows\system32\drivers\btathsco.sys
2012-02-08 06:34 . 2011-09-19 22:52 13344 ----a-w- c:\windows\system32\drivers\btathrcp.sys
2012-02-08 06:34 . 2011-09-19 22:52 36384 ----a-w- c:\windows\system32\drivers\btathpan.sys
2012-02-08 06:34 . 2011-09-19 22:51 74912 ----a-w- c:\windows\system32\drivers\btatha2dp.sys
2012-02-08 06:33 . 2012-02-08 06:33 -------- d-----w- c:\program files\Common Files\Atheros
2012-02-08 06:31 . 2012-02-08 06:33 -------- d-----w- c:\program files\Bluetooth XP Suite
2012-02-08 04:51 . 2012-02-08 04:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Beyluxe
2012-02-08 04:47 . 2012-02-08 04:47 -------- d-----w- c:\windows\Beyluxe Messenger
2012-02-07 01:07 . 2012-02-07 01:14 -------- d-----w- c:\program files\CCleaner
2012-02-05 20:53 . 2012-02-05 20:53 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Intel
2012-02-05 17:59 . 2012-02-05 17:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Temp
2012-02-05 17:45 . 2012-02-05 17:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Samsung
2012-02-05 17:45 . 2012-02-05 17:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Samsung
2012-02-05 17:43 . 2011-12-08 04:22 181432 ----a-w- c:\windows\system32\drivers\ssudserd.sys
2012-02-05 17:43 . 2011-12-08 04:22 181432 ----a-w- c:\windows\system32\drivers\ssudobex.sys
2012-02-05 17:43 . 2011-12-08 04:22 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-02-05 17:43 . 2011-12-08 04:22 80184 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-02-05 17:40 . 2011-12-24 02:58 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-02-05 17:39 . 2012-02-05 17:39 -------- d-----w- c:\program files\MarkAny
2012-02-05 17:39 . 2011-12-24 02:58 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-02-05 17:39 . 2011-12-24 02:58 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-02-05 17:37 . 2012-02-05 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Samsung
2012-02-05 17:35 . 2012-02-05 17:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2012-02-05 17:02 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-02-05 17:02 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2012-02-05 17:02 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-02-05 17:02 . 2008-04-14 09:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-01-24 04:20 . 2012-01-24 04:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\CherlesCanopytool
2012-01-24 04:19 . 2012-01-24 04:19 -------- d--h--w- c:\windows\Cherles00100
2012-01-24 04:18 . 2012-01-24 04:18 -------- d--h--w- c:\windows\CherlesCanopyTool
2012-01-19 07:38 . 2012-01-24 14:09 -------- d-----w- c:\program files\uTorrent
2012-01-19 07:38 . 2012-02-10 03:38 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2012-01-17 03:53 . 2012-01-17 06:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2012-01-14 14:27 . 2012-01-14 14:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\JeS_Consultancy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 06:33 . 2011-09-19 22:36 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2012-01-27 00:48 . 2010-12-23 19:00 104072 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2011-12-25 08:19 . 2011-12-25 08:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-25 08:19 . 2011-11-09 13:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-24 02:58 . 2011-12-24 02:58 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-12-24 02:58 . 2011-12-24 02:58 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-12-24 02:58 . 2011-12-24 02:58 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-12-24 02:58 . 2011-12-24 02:58 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-12-24 02:58 . 2011-12-24 02:58 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-12-24 02:58 . 2011-12-24 02:58 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-12-24 02:58 . 2011-12-24 02:58 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-12-24 02:58 . 2011-12-24 02:58 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-12-24 02:58 . 2011-12-24 02:58 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-12-24 02:58 . 2011-12-24 02:58 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-12-24 02:58 . 2011-12-24 02:58 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-12-24 02:58 . 2011-12-24 02:58 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-12-24 02:58 . 2011-12-24 02:58 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-12-24 02:58 . 2011-12-24 02:58 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-12-24 02:58 . 2011-12-24 02:58 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-12-24 02:58 . 2011-12-24 02:58 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-12-24 02:58 . 2011-12-24 02:58 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-12-24 02:58 . 2011-12-24 02:58 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-12-24 02:58 . 2011-12-24 02:58 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-12-24 02:58 . 2011-12-24 02:58 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-12-24 02:58 . 2011-12-24 02:58 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-12-24 02:58 . 2011-12-24 02:58 172032 ----a-w- c:\windows\system32\muzapp.exe
2011-12-24 02:58 . 2011-12-24 02:58 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-12-24 02:58 . 2011-12-24 02:58 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-12-24 02:58 . 2011-12-24 02:58 14336 ----a-w- c:\windows\system32\avrt.dll
2011-12-24 02:58 . 2011-12-24 02:58 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-12-24 02:58 . 2011-12-24 02:58 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-12-24 02:58 . 2011-12-24 02:58 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-12-24 02:58 . 2011-12-24 02:58 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-12-24 02:58 . 2011-12-24 02:58 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-12-24 02:58 . 2011-11-26 06:29 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2011-12-13 01:20 . 2011-11-26 05:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-11 07:51 . 2011-12-11 07:51 81920 ----a-w- c:\windows\system32\vpncmd.exe
2011-12-10 21:24 . 2011-11-26 07:04 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 20:03 . 2011-12-01 05:15 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2011-12-09 20:02 . 2011-12-07 01:42 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2011-12-09 20:02 . 2011-11-09 13:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2011-11-28 18:01 . 2011-12-09 04:06 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-12-09 04:06 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-12-09 04:06 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-11-28 17:53 . 2011-12-09 04:06 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-12-09 04:06 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:53 . 2011-12-09 04:06 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-11-28 17:52 . 2011-12-09 04:06 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-12-09 04:06 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-12-09 04:06 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-12-09 04:06 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-12-09 04:06 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-12-09 04:06 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-28 17:26 . 2011-12-09 04:06 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-11-23 18:45 . 2011-12-09 19:59 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-02-04 00:46 . 2011-12-24 06:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-11-14 03:27 . 2011-12-12 01:45 6179767 ----a-w- c:\program files\mozilla firefox\components\scbypassv64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-20 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-12-19 19:46 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-02-06 3462552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-04-20 128512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PetanDrive.lnk]
backup=c:\windows\pss\PetanDrive.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^USB_Disk_Eject.exe]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\USB_Disk_Eject.exe
backup=c:\windows\pss\USB_Disk_Eject.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\urlspace
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtXpStack]
2011-09-19 22:48 2186400 ----a-w- c:\program files\Bluetooth XP Suite\BluetoothSuit.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
2007-08-09 21:48 528384 ----a-r- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 20:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-02-19 14:22 1089536 ----a-r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 23:57 86016 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-10 13:53 136176 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 01:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-12-28 05:21 937360 ----a-w- d:\kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-12-28 05:21 21392 ----a-w- d:\kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-12-28 05:21 3508624 ----a-w- d:\kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-12-24 23:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-11-24 05:05 6497592 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 18:31 13529088 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 20:01 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-12 01:03 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 15:01 328992 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 15:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"d:\\Garena Classic\\Garena.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [12/8/2011 10:06 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [12/8/2011 10:06 PM 195416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [12/8/2011 10:06 PM 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/8/2011 10:06 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/8/2011 10:06 PM 314456]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [12/23/2010 1:00 PM 104072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/8/2011 10:06 PM 20568]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [7/19/2011 12:32 AM 91904]
R2 DokanMounter;DokanMounter;c:\program files\PetanDrive\dokan\mounter.exe [7/19/2011 12:32 AM 25088]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/26/2011 1:04 AM 652872]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 11:07 AM 35088]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\Bluetooth XP Suite\Ath_CoexAgent.exe [9/19/2011 5:45 PM 158880]
R3 Atheros_btAudio;Bluetooth Virtual SCO Driver;c:\windows\system32\drivers\btathsco.sys [2/8/2012 12:34 AM 29856]
R3 btatha2dp;Bluetooth A2DP Audio Device Driver;c:\windows\system32\drivers\btatha2dp.sys [2/8/2012 12:34 AM 74912]
R3 BTATHPROT;General Bluetooth Filter;c:\windows\system32\drivers\btathprot.sys [2/8/2012 12:34 AM 663328]
R3 btathrcp;Bluetooth AVRCP Target Device;c:\windows\system32\drivers\btathrcp.sys [2/8/2012 12:34 AM 13344]
R3 btathspp;Bluetooth Serial Port Device;c:\windows\system32\drivers\btathspp.sys [2/8/2012 12:34 AM 85152]
R3 BTATHUSB;General Bluetooth Device;c:\windows\system32\drivers\btathusb.sys [2/8/2012 12:34 AM 79008]
R3 btfilter;General Bluetooth Filter ss;c:\windows\system32\drivers\btfilter.sys [2/8/2012 12:34 AM 244768]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/26/2011 1:04 AM 20464]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [12/8/2011 10:06 PM 127192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 KMService;KMService;c:\windows\system32\srvany.exe [11/9/2011 9:05 AM 8192]
S3 btathPan;Bluetooth PAN Miniport Device;c:\windows\system32\drivers\btathpan.sys [2/8/2012 12:34 AM 36384]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2/5/2012 11:43 AM 80184]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/9/2012 12:54 AM 40776]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2/5/2012 11:43 AM 181432]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudobex.sys [2/5/2012 11:43 AM 181432]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [2/5/2012 11:43 AM 181432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [1/5/2012 12:23 AM 233472]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-813497703-842925246-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-10 13:53]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-813497703-842925246-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-10 13:53]
.
2012-02-12 c:\windows\Tasks\StartupSlowFix Schedule.job
- c:\program files\StartupSlowFix\StartupSlowFix.exe [2011-12-10 01:49]
.
2012-02-12 c:\windows\Tasks\User_Feed_Synchronization-{221737F7-2BBA-4B46-B3F2-4232F6D43D01}.job
- c:\windows\system32\msfeedssync.exe [2009-04-20 18:22]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = ftp://169.254.1.1/
uInternet Settings,ProxyOverride = local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpj9fd78.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 9666
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9666
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-BeyluxeMessenger - d:\beyluxe messenger\Beyluxe Messenger.exe
MSConfigStartUp-Megakey - c:\documents and settings\Owner\Local Settings\Application Data\Megamedia\Megakey\Megakey.exe
MSConfigStartUp-MegakeyUpdater - c:\documents and settings\Owner\Local Settings\Application Data\Megamedia\Megakey\MegakeyUpdater.exe
AddRemove-01_Simmental - d:\usb drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - d:\usb drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - d:\usb drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - d:\usb drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - d:\usb drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - d:\usb drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - d:\usb drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - d:\usb drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - d:\usb drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - d:\usb drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - d:\usb drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - d:\usb drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - d:\usb drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - d:\usb drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - d:\usb drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - d:\usb drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - d:\usb drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - d:\usb drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - d:\usb drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-12 12:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{41fe86fd-90c8-4022-8a89-b764c063c2f8}]
@Denied: (Full) (Everyone)
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d1,b4,22,08,85,33,ed,bf,f4,a9,5c,94,04,88,a1,71,9e,05,06,05,7f,
96,74,dd,ed,6e,87,24,76,3b,0d,13,23,4a,b9,39,d5,d1,31,32,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):54,29,61,b8,27,12,ef,f6,d8,c0,c8,72,32,b9,2e,10,ad,a4,ee,0c,6f,
85,2c,0d,62,cd,de,3e,8a,d1,b6,0b,f7,d9,41,29,d7,72,53,67,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ff2d9165-22dd-42ac-b15e-4a272c90246f}]
@Denied: (Full) (Everyone)
"Model"=dword:0000001c
"Therad"=dword:0000001e
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.EXE'(1392)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-02-12 12:09:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-12 18:09
.
Pre-Run: 6,281,060,352 bytes free
Post-Run: 6,141,775,872 bytes free
.
- - End Of File - - 771B843E9C4CA8C51D65229E48847D47
  • 0

#3
rhomel

rhomel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
anyone can help me.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP