« previous next »
Pages: [1]

Author Topic: Email automated vacation replies  (Read 479 times)

Offline jayyap

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Email automated vacation replies
« on: April 25, 2009, 11:39:16 AM »
sir. im not sure what is happening to my email. it suddenly change my setting and activate the "automated vacation replies" along with a message too.
i 100% sure that itz not done by me.
is my computer attack by virus or spyware?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Email automated vacation replies
« Reply #1 on: April 25, 2009, 11:51:39 AM »
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline jayyap

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Email automated vacation replies
« Reply #2 on: April 25, 2009, 12:38:23 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:05 AM, on 4/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\jay yap\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - E:\xunlei\ComDlls\TDAtOnce_Now.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\xunlei\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jay yap\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - E:\xunlei\Program\geturl.htm
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - E:\xunlei\Program\getallurl.htm
O9 - Extra button: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\xunlei\Thunder.exe
O9 - Extra 'Tools' menuitem: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\xunlei\Thunder.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\FRONTP~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10741 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Email automated vacation replies
« Reply #3 on: April 25, 2009, 02:38:55 PM »
That doesn't show nothing
Can you do the following

Download [color=\"#FF0000\"]Rooter.exe[/color] to your desktop

    * Then doubleclick it to start the tool
    * A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

Download [color=\"#FF0000\"]OTListIt2[/color][/url] by OldTimer to your Desktop.
  • Close all windows and double click OTListIt2.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline jayyap

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Email automated vacation replies
« Reply #4 on: April 26, 2009, 03:16:07 AM »
Microsoft Windows XP Professional (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:39997 Mo/Free:978 Mo)
D:\ [Fixed] - NTFS - (Total:112619 Mo/Free:4042 Mo)
E:\ [Fixed] - NTFS - (Total:39997 Mo/Free:2705 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Fixed] - NTFS - (Total:76308 Mo/Free:3442 Mo)
H:\ [Fixed] - NTFS - (Total:74465 Mo/Free:1041 Mo)
S:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sun 04/26/2009|16:06

----------------------\\  Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\WgaTray.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
---------- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
---------- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
---------- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
---------- C:\Documents and Settings\jay yap\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
---------- C:\Program Files\Common Files\Teleca Shared\Generic.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
---------- C:\WINDOWS\system32\igfxsrvc.exe
---------- C:\WINDOWS\system32\PnkBstrA.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
---------- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
---------- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Windows Live\Contacts\wlcomm.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\Documents and Settings\jay yap\Desktop\Rooter.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\  Search..

----------------------\\  ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sun 04/26/2009|16:06


OTListIt logfile created on: 4/26/2009 4:12:57 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0     Folder = C:\Documents and Settings\jay yap\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 71.09% Memory free
3.30 Gb Paging File | 2.82 Gb Available in Paging File | 85.44% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 4.95 Gb Free Space | 12.67% Space Free | Partition Type: NTFS
Drive D: | 109.98 Gb Total Space | 39.95 Gb Free Space | 36.32% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 26.64 Gb Free Space | 68.21% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 74.52 Gb Total Space | 7.36 Gb Free Space | 9.88% Space Free | Partition Type: NTFS
Drive H: | 72.72 Gb Total Space | 61.02 Gb Free Space | 83.91% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: XP-A95DD1399C01
Current User Name: jay yap
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
 
[color=\"orange\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2007/12/21 10:57:26 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2007/12/21 10:57:26 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/09/05 23:29:58 | 00,917,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2007/06/13 19:26:03 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
PRC - [2008/02/20 11:06:58 | 01,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/06/14 16:29:59 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/02/04 12:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
PRC - [2005/10/26 16:17:24 | 00,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/05/21 17:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/06/08 16:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2007/03/12 13:49:26 | 00,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2008/09/03 18:16:53 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\jay yap\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2005/08/10 07:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2008/02/20 11:08:46 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/02/24 11:58:14 | 00,868,352 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2007/09/17 15:10:08 | 00,252,696 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2008/12/05 09:23:03 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2007/03/12 13:49:46 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007/03/12 13:49:46 | 01,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/04/26 16:11:39 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jay yap\Desktop\OTListIt2.exe
 
[color=\"orange\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2008/06/14 09:37:08 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/12/21 10:57:26 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007/12/20 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/02/20 11:14:52 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2008/02/20 11:08:46 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2004/08/04 14:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/03/14 19:19:10 | 00,779,824 | ---- | M] (Nero AG) -- D:\Program Files\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2007/03/12 13:49:46 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2008/05/21 17:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
SRV - [2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
SRV - [2001/08/23 20:00:00 | 00,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regedt32.exe -- (NOD32FiXTemDono [Auto | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/12/05 09:23:03 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2007/06/15 16:55:00 | 00,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2006/10/15 23:40:29 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2005/10/06 18:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS [On_Demand | Stopped])
 
[color=\"orange\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2007/12/21 11:53:20 | 02,843,136 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2004/08/22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus [Boot | Running])
DRV - [2004/08/22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt [Boot | Running])
DRV - [2007/09/17 15:09:52 | 00,254,872 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2008/02/20 11:01:30 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\eamon.sys -- (eamon [Auto | Running])
DRV - [2008/02/20 11:02:22 | 00,029,704 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\easdrv.sys -- (easdrv [System | Running])
DRV - [2008/02/20 11:11:16 | 00,033,800 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\epfwtdir.sys -- (epfwtdir [System | Running])
DRV - [2006/10/15 23:38:24 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/03/13 13:05:30 | 00,044,672 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\HECI.sys -- (HECI [On_Demand | Running])
DRV - [2007/09/17 15:10:12 | 05,761,760 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Stopped])
DRV - [2007/07/12 22:35:02 | 00,305,176 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2007/09/20 15:02:57 | 00,305,176 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iastor76.sys -- (iastor76 [Boot | Running])
DRV - [2007/09/17 15:08:44 | 04,402,176 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007/02/09 20:24:22 | 00,091,520 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx [Boot | Running])
DRV - [2007/02/22 11:15:56 | 00,137,216 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2007/02/22 11:15:14 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2007/02/22 11:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj [On_Demand | Stopped])
DRV - [2007/02/22 11:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm [On_Demand | Stopped])
DRV - [2008/05/16 06:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\pnarp.sys -- (pnarp [Auto | Running])
DRV - [2001/08/23 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/05/16 06:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\purendis.sys -- (purendis [Auto | Running])
DRV - [2007/11/13 18:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2005/04/30 01:52:24 | 00,037,708 | ---- | M] () -- C:\WINDOWS\System32\Drivers\ulink.sys -- (Usblink [On_Demand | Stopped])
DRV - [2006/02/20 17:59:28 | 00,058,288 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w810bus.sys -- (w810bus [On_Demand | Stopped])
DRV - [2006/02/20 17:59:32 | 00,008,336 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w810mdfl.sys -- (w810mdfl [On_Demand | Stopped])
DRV - [2006/02/20 17:59:34 | 00,094,064 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w810mdm.sys -- (w810mdm [On_Demand | Stopped])
DRV - [2006/02/20 17:59:34 | 00,085,408 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w810mgmt.sys -- (w810mgmt [On_Demand | Stopped])
DRV - [2006/02/20 17:59:36 | 00,083,344 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w810obex.sys -- (w810obex [On_Demand | Stopped])
 
[color=\"orange\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"orange\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=\"orange\"]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1B33E42F-EF14-4cd3-B6DC-174571C4349C}:3.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2008/06/14 16:30:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/12 20:41:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/24 23:30:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/24 23:30:18 | 00,000,000 | ---D | M]
 
[2008/06/19 14:31:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jay yap\Application Data\mozilla\Extensions
[2008/06/19 14:31:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jay yap\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/25 23:03:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jay yap\Application Data\mozilla\Firefox\Profiles\10rylu9a.default\extensions
[2009/02/20 21:30:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jay yap\Application Data\mozilla\Firefox\Profiles\10rylu9a.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
[2008/06/14 15:53:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jay yap\Application Data\mozilla\Firefox\Profiles\10rylu9a.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/04/25 23:03:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/24 23:30:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/14 15:17:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2008/08/20 19:18:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/12 20:41:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/18 18:10:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/24 23:30:11 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 23:30:11 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/12 19:45:10 | 00,036,864 | ---- | M] (????) -- C:\Program Files\mozilla firefox\components\NsThunderLoader.dll
[2009/01/12 19:45:10 | 00,053,248 | ---- | M] (Thunder Networking Technologies,LTD) -- C:\Program Files\mozilla firefox\components\ThunderComponent.dll
[2008/05/29 22:24:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/05/29 22:24:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/05/29 22:24:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 12:19:14 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/05/29 22:24:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/05/29 22:24:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/05/29 22:24:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - E:\xunlei\ComDlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Thunder Browser Helper) - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\xunlei\ComDlls\xunleiBHO_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions (Sony Ericsson Mobile Communications AB)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\jay yap\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\jay yap\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - E:\xunlei\Program\geturl.htm ()
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - E:\xunlei\Program\getallurl.htm ()
O8 - Extra context menu item: 使用迅雷下载 - E:\xunlei\Program\geturl.htm ()
O8 - Extra context menu item: 使用迅雷下载全部链接 - E:\xunlei\Program\getallurl.htm ()
O9 - Extra Button: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\xunlei\Thunder.exe (Thunder Networking Technologies,LTD)
O9 - Extra 'Tools' menuitem : Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\xunlei\Thunder.exe (Thunder Networking Technologies,LTD)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Frontpage\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Filter:  - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/13 19:18:05 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
 
[color=\"orange\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[1 C:\WINDOWS\System32\*.tmp files]
[2009/04/26 16:09:45 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jay yap\Desktop\OTListIt2.exe
[2009/04/26 16:06:41 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/26 16:06:01 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\jay yap\Desktop\Rooter.exe
[2009/04/26 02:00:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jay yap\Desktop\Yuh Ming
[2009/04/26 01:59:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jay yap\Desktop\Torrent
[2009/04/26 01:38:02 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\jay yap\Desktop\HijackThis.lnk
[2009/04/26 01:37:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jay yap\Application Data\Yahoo!
[2009/04/26 01:37:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/04/26 01:37:38 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/04/26 01:35:32 | 00,009,917 | ---- | C] () -- C:\Documents and Settings\jay yap\My Documents\Contacts for jay_yap89 (Email Removed).ctt
[2009/04/24 16:32:21 | 00,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/04/24 16:32:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2009/04/22 22:56:12 | 00,891,392 | ---- | C] () -- C:\Documents and Settings\jay yap\My Documents\finger_footy.pps
[2009/04/21 22:25:31 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\jay yap\My Documents\Resign Letter.doc
[2009/04/17 23:39:11 | 00,010,899 | ---- | C] () -- C:\Documents and Settings\jay yap\My Documents\今天.docx
** - C:\Documents and Settings\jay yap\My Documents\??.docx
[2009/04/12 18:43:32 | 00,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2009/04/12 18:43:28 | 00,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2009/04/12 18:42:43 | 00,023,992 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2009/04/12 18:42:41 | 00,025,272 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2009/04/12 18:42:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2009/04/12 18:23:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/04/05 17:02:28 | 00,001,839 | ---- | C] () -- C:\Documents and Settings\jay yap\Desktop\Windows Live Messenger .lnk
[2009/04/05 17:02:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/04/05 17:02:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/04/05 17:02:04 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/04/05 17:01:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/04/05 16:59:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/04/04 23:13:49 | 00,146,125 | ---- | C] () -- C:\Documents and Settings\jay yap\My Documents\DTCN%20IGB%20Scholarship%202009.pdf
[2009/04/04 22:53:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jay yap\Local Settings\Application Data\Microsoft Help
[2009/04/04 13:30:54 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
[2009/04/04 13:30:54 | 00,000,232 | -H-- | C] () -- C:\sqmdata12.sqm
[2009/04/04 13:30:48 | 00,000,268 | -H-- | C] () -- C:\sqmdata11.sqm
[2009/04/04 13:30:47 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt11.sqm
[2009/03/22 20:08:48 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/17 21:31:03 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2009/02/17 21:31:03 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2008/12/31 17:04:42 | 00,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/05 08:41:43 | 00,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/11/19 21:02:32 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/11/06 17:07:10 | 00,000,041 | ---- | C] () -- C:\WINDOWS\System32\SUPPORT.INI
[2008/10/03 17:09:36 | 00,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/10/03 17:09:34 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/10/03 17:09:26 | 00,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll
[2008/08/29 10:30:10 | 00,000,106 | ---- | C] () -- C:\WINDOWS\CardGame1001.ini
[2008/08/29 10:11:34 | 00,000,411 | ---- | C] () -- C:\WINDOWS\CLASSICZAP.INI
[2008/07/24 21:04:35 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/07/24 21:04:30 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/24 21:04:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/24 21:04:29 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/24 21:04:24 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/07/24 21:04:24 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/07/23 22:57:46 | 00,037,708 | ---- | C] () -- C:\WINDOWS\System32\drivers\ulink.sys
[2008/06/25 17:42:30 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/06/23 20:13:40 | 00,000,203 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/06/15 10:37:14 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/06/14 23:42:54 | 00,000,061 | ---- | C] () -- C:\WINDOWS\WatsonsBlockGame.ini
[2008/06/14 18:49:29 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2008/06/14 13:32:01 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/14 09:13:55 | 00,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2008/06/13 19:15:45 | 00,000,147 | ---- | C] () -- C:\WINDOWS\System32\cpuz.ini
[2008/02/20 11:11:16 | 00,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2007/03/29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004/08/22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2001/08/23 20:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 20:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
 
[color=\"orange\"]========== Files - Modified Within 30 Days ==========[/color]
 
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/04/26 16:11:39 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jay yap\Desktop\OTListIt2.exe
[2009/04/26 16:06:21 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\jay yap\Desktop\Rooter.exe
[2009/04/26 15:18:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/26 15:18:39 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/04/26 15:18:30 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/04/26 15:18:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/26 15:18:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/26 01:38:02 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\jay yap\Desktop\HijackThis.lnk
[2009/04/26 01:37:36 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\jay yap\Desktop\CCleaner.lnk
[2009/04/26 01:35:32 | 00,009,917 | ---- | M] () -- C:\Documents and Settings\jay yap\My Documents\Contacts for jay_yap89 (Email Removed).ctt
[2009/04/25 22:40:05 | 00,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1993962763-725345543-1003.job
[2009/04/25 22:29:00 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2009/04/25 22:19:28 | 00,056,320 | ---- | M] () -- C:\Documents and Settings\jay yap\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/25 22:12:01 | 00,045,220 | ---- | M] () -- C:\WINDOWS\System32\cid_store.dat
[2009/04/25 18:49:35 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/25 18:49:20 | 00,000,026 | ---- | M] () -- C:\WINDOWS\System32\xlhcc.dat
[2009/04/22 22:56:25 | 00,891,392 | ---- | M] () -- C:\Documents and Settings\jay yap\My Documents\finger_footy.pps
[2009/04/22 22:21:41 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\jay yap\My Documents\Resign Letter.doc
[2009/04/18 18:33:00 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.INI
[2009/04/17 23:39:11 | 00,010,899 | ---- | M] () -- C:\Documents and Settings\jay yap\My Documents\今天.docx
** - C:\Documents and Settings\jay yap\My Documents\??.docx
[2009/04/17 13:05:23 | 00,462,344 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/17 13:05:23 | 00,395,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/17 13:05:23 | 00,059,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/15 21:31:59 | 00,138,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/04/15 21:31:52 | 00,183,112 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/04/12 18:43:32 | 00,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2009/04/11 00:04:36 | 02,108,346 | -H-- | M] () -- C:\Documents and Settings\jay yap\Local Settings\Application Data\IconCache.db
[2009/04/06 22:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/05 17:02:52 | 00,000,909 | ---- | M] () -- C:\Documents and Settings\jay yap\My Documents\My Sharing Folders.lnk
[2009/04/05 17:02:28 | 00,001,839 | ---- | M] () -- C:\Documents and Settings\jay yap\Desktop\Windows Live Messenger .lnk
[2009/04/05 09:01:09 | 00,076,592 | ---- | M] () -- C:\Documents and Settings\jay yap\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/05 09:00:59 | 00,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/04 23:13:49 | 00,146,125 | ---- | M] () -- C:\Documents and Settings\jay yap\My Documents\DTCN%20IGB%20Scholarship%202009.pdf
[2009/04/04 22:48:12 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/04 13:30:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/04/04 13:30:54 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/04/04 13:30:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/04/04 13:30:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
< End of report >


OTListIt Extras logfile created on: 4/26/2009 4:12:57 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0     Folder = C:\Documents and Settings\jay yap\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 71.09% Memory free
3.30 Gb Paging File | 2.82 Gb Available in Paging File | 85.44% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 4.95 Gb Free Space | 12.67% Space Free | Partition Type: NTFS
Drive D: | 109.98 Gb Total Space | 39.95 Gb Free Space | 36.32% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 26.64 Gb Free Space | 68.21% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 74.52 Gb Total Space | 7.36 Gb Free Space | 9.88% Space Free | Partition Type: NTFS
Drive H: | 72.72 Gb Total Space | 61.02 Gb Free Space | 83.91% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: XP-A95DD1399C01
Current User Name: jay yap
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
 
[color=\"orange\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=\"orange\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"25298:TCP" = 25298:TCP:*:Enabled:BitComet 25298 TCP
"25298:UDP" = 25298:UDP:*:Enabled:BitComet 25298 UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
 
[color=\"orange\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/10/10 20:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/10/10 20:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/06/03 11:42:44 | 02,596,152 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
[2008/07/22 12:34:50 | 02,772,992 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager
[2008/11/07 23:30:40 | 05,488,640 | ---- | M] (Activision Blizzard, Inc.) -- D:\COD WAW\CoDWaW.exe:*:Enabled:Call of Duty® - World at War(tm)
[2008/11/09 23:47:14 | 05,444,880 | ---- | M] (Activision Blizzard, Inc.) -- D:\COD WAW\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War(tm)
[2006/10/15 17:41:14 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2009/01/12 19:45:56 | 02,381,264 | ---- | M] (Thunder Networking Technologies,LTD) -- E:\xunlei\Program\Thunder5.exe:*:Enabled:Thunder
[2007/08/29 00:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 05:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service
 
[color=\"orange\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{072A1145-79D5-4BEB-4D8A-59CCB7CB31AE}" = Catalyst Control Center Graphics Full Existing
"{097CF8DE-C007-F3C5-2A80-C1AD2A9D7EFB}" = Catalyst Control Center Graphics Previews Common
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E5E5B46-61B6-3FF3-5C7C-87F1AC00568E}" = CCC Help Czech
"{0F200FB1-B904-1820-0EEA-15C458B575B3}" = CCC Help Portuguese
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{137FAA2D-7C3F-4BA9-9367-F2E01EDA5BA0}" = Caplio Software
"{145C6099-E682-AFBB-4E4C-2FE72333E2FB}" = CCC Help Hungarian
"{15A0B9F3-DCE9-42D8-0F81-A03C0BF9BB3B}" = CCC Help Norwegian
"{19A84EB1-D85B-BB4F-0030-B7E2BC1ACB6F}" = Catalyst C
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Email automated vacation replies
« Reply #5 on: April 26, 2009, 09:41:10 AM »
I don't see much wrong
but let's do the following

Download [color=\"#FF0000\"]> ATF Cleaner <[/color] by Atribune and save it to your Desktop.

Double Click on ATF-Cleaner.exe to Run it
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit from the Main menu

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
       
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
       
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
       
  • Make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
       
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Also post a fresh Hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »