DDS LOG:
DDS (Ver_09-03-16.01) - NTFSx86
Run by IT-CORP at 16:35:45.32 on 09/05/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1270.681 [GMT 8:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Norton AntiVirus 2005 *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Wintab32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\AnVir Task Manager Free\AnVir.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\IT-CORP\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.yahoo.com.sg/uSearch Page =
hxxp://www.google.comuSearch Bar =
hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext =
hxxp://www.symantec.com/techsupp/servle ... d=SymantecuInternet Settings,ProxyServer = proxy.tp.edu.sg:80
uInternet Settings,ProxyOverride = *.tp.edu.sg;<local>
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\acrobat\activex\AcroIEHelper.ocx
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [AnVir Task Manager Free] "c:\program files\anvir task manager free\AnVir.exe" Minimized
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [IBMPRC] c:\ibmtools\utils\ibmprc.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: Microsoft XML Parser for Java -
file://c:\windows\java\classes\xmldso.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -
hxxp://housecall65.trendmicro.com/house ... hcImpl.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -
hxxp://java.sun.com/products/plugin/1.4 ... 42-win.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} -
hxxps://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cabHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: tphotkey - tphklock.dll
LSA: Notification Packages = scecli pwdmon ACGina
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\it-corp\applic~1\mozilla\firefox\profiles\ghohpro5.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage -
www.yahoo.comFF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin7.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
============= SERVICES / DRIVERS ===============
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2007-5-24 59776]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2007-5-24 14208]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2007-5-24 11520]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-11 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-5-24 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-11 108552]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2007-5-24 6016]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2007-5-24 4608]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2007-5-24 4442]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-11 298776]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2004-12-16 63616]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [1980-1-1 14336]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2007-5-24 138720]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2007-5-24 26624]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2007-5-24 6016]
S2 MCUSBICD2;Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS);c:\windows\system32\drivers\icd2w2k.sys [2004-3-22 12427]
S2 MCUSBICD2LDR;Microchip MPLAB ICD 2 Firmware Loader Driver (ICD2W2KL.SYS);c:\windows\system32\drivers\icd2w2kl.sys [2004-3-22 16556]
S3 CD-Lock;CD-Lock;\??\e:\cdm.sys --> e:\cdm.sys [?]
S3 W2usbpad;W2usbpad;c:\windows\system32\drivers\w2usbpad.sys [2007-5-31 24576]
S3 Wtcls2k;Wtcls2k;c:\windows\system32\drivers\wtcls2k.sys [2007-5-31 12800]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
S4 PGPsdkServ;PGPsdkService;c:\windows\system32\PGPsdkServ.exe [2007-5-24 77824]
=============== Created Last 30 ================
2009-05-08 23:07 <DIR> --d----- c:\program files\Total War
2009-05-08 23:07 0 a------- c:\windows\_INS33IS._MP
2009-05-08 23:07 268 a------- c:\windows\_delis32.ini
2009-05-07 09:16 <DIR> --d----- c:\docume~1\it-corp\applic~1\TVU networks
2009-05-06 11:39 <DIR> --d----- c:\program files\ChartNexus
2009-05-05 18:33 <DIR> --d----- c:\docume~1\it-corp\applic~1\Malwarebytes
2009-05-05 18:33 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-05 18:33 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-05 18:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-05 18:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-05 13:07 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-05 12:43 <DIR> --d----- c:\program files\Trend Micro
2009-05-05 12:16 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-11 10:43 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-04-11 10:43 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-11 10:43 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-11 10:42 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-11 10:42 <DIR> --d----- c:\program files\AVG
2009-04-11 10:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-10 16:26 <DIR> --d----- c:\docume~1\it-corp\applic~1\Samsung
2009-04-10 16:25 5,632 a------- c:\windows\system32\drivers\StarOpen.sys
==================== Find3M ====================
2009-03-21 22:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-06 22:00 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 22:00 284,160 a------- c:\windows\system32\dllcache\pdh.dll
2009-03-03 07:27 1,499,136 a------- c:\windows\system32\dllcache\shdocvw.dll
2009-02-21 05:44 3,067,904 a------- c:\windows\system32\dllcache\mshtml.dll
2009-02-19 17:50 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2009-02-10 18:31 453,120 a------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 18:20 1,847,424 a------- c:\windows\system32\win32k.sys
2009-02-09 18:20 1,847,424 a------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 18:01 728,576 a------- c:\windows\system32\lsasrv.dll
2009-02-09 18:01 728,576 a------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 18:01 617,984 a------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 18:01 617,984 a------- c:\windows\system32\advapi32.dll
2009-02-09 18:01 473,088 a------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 18:01 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 18:01 401,408 a------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 18:01 715,264 a------- c:\windows\system32\ntdll.dll
2009-02-09 18:01 715,264 a------- c:\windows\system32\dllcache\ntdll.dll
2008-06-21 22:03 5,939 a------- c:\program files\install.log
2007-09-27 14:53 25,120 a------- c:\docume~1\it-corp\applic~1\GDIPFONTCACHEV1.DAT
============= FINISH: 16:36:29.53 ===============
Attach Log:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 24/05/2007 6:31:43 AM
System Uptime: 05/09/2009 4:14:53 PM (-2856 hours ago)
Motherboard: IBM | | 1872CA4
Processor: Intel(R) Pentium(R) M processor 1.86GHz | None | 1862/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 52 GiB total, 10.134 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP96: 05/05/2009 8:14:05 PM - System Checkpoint
RP97: 05/05/2009 11:24:04 PM - Installed Windows XP WgaNotify.
RP98: 06/05/2009 6:01:55 PM - Software Distribution Service 3.0
RP99: 07/05/2009 10:04:11 PM - System Checkpoint
RP100: 08/05/2009 10:29:29 PM - System Checkpoint
==== Installed Programs ======================
Access IBM
Access IBM Message Center
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0
Adobe Shockwave Player
AGEIA PhysX v7.11.13
AnVir Task Manager Free
Apple Software Update
AVG 8.5
BlueSoleil
BroadBand on Mobile
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon iP1300
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
ChartNexus 2.4.1
Choice Guard
CIC Sign-it EX for Acrobat
Compatibility Pack for the 2007 Office system
Easy-WebPrint
EMAS
ePad USB Driver
Eusing Free Registry Cleaner
FlashGet 1.9.0.1012
Garena
HijackThis 2.0.2
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
HouseCall 6.6
IBM 32-bit Runtime Environment for Java 2, v1.4.2
IBM Active Protection System
IBM DLA
IBM Integrated 56K Modem
IBM Rescue and Recovery with Rapid Restore
IBM SATA Power Management Driver
IBM Themes
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Power Manager
IBM ThinkPad Presentation Director
IBM ThinkPad UltraNav Driver
IBM ThinkPad UltraNav Wizard
IBM ThinkVantage Technologies Welcome Message
IBM TrackPoint Accessibility Features
IBM Update Connector
Intel(R) Graphics Media Accelerator Driver
Intel(R) Sebring API
InterVideo WinDVD
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
K-Lite Codec Pack 4.5.3 (Full)
Malwarebytes' Anti-Malware
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Application Error Reporting
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Office XP Professional with FrontPage
Microsoft Robotics Developer Studio 2008
Microsoft Robotics Studio (1.5)
Microsoft Robotics Studio Help
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
Microsoft XNA Framework
Microsoft XNA Framework Redistributable 1.0 Refresh
Microsoft XNA Framework Redistributable 2.0
MilkShape 3D 1.8.2
Mozilla Firefox (3.0.10)
MPLAB C18 v3.12 Student Edition
MSDN Library for Visual Studio 2005
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Paint.NET v3.36
PC-Doctor for Windows
PGP 8.0
PowerISO
QuickTime
Realterm 2.0.0.43
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem ^^
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Segoe UI
ShellExView
Shogun Total War
Skype™ 3.8
Sonic Express Labeler
Sonic RecordNow!
Sonic Update Manager
ThinkPad FullScreen Magnifier
ThinkPad Software Installer
ThinkVantage Access Connections
TVUPlayer 2.4.3.1
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Wallpapers
Warcraft III: All Products
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883517
Windows XP Hotfix - KB883523
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB884868
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB885894
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
08/05/2009 7:07:30 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
05/05/2009 3:10:29 AM, error: Service Control Manager [7000] - The Microchip MPLAB ICD 2 Firmware Loader Driver (ICD2W2KL.SYS) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
05/05/2009 3:10:29 AM, error: Service Control Manager [7000] - The Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/05/2009 2:42:14 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Office XP Service Pack 3.
==== End Of File ===========================
Gmer Log:
GMER 1.0.15.14972 -
http://www.gmer.netRootkit scan 2009-05-09 18:12:34
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT spqz.sys ZwCreateKey [0xB9EA80E0]
SSDT spqz.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spqz.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spqz.sys ZwOpenKey [0xB9EA80C0]
SSDT spqz.sys ZwQueryKey [0xB9EC7108]
SSDT spqz.sys ZwQueryValueKey [0xB9EC6F88]
SSDT spqz.sys ZwSetValueKey [0xB9EC719A]
INT 0x62 ? 8A1C8BF8
INT 0x63 ? 8A050F00
INT 0x82 ? 8A1C8BF8
INT 0x94 ? 8A050F00
INT 0xA4 ? 8A050F00
INT 0xB4 ? 8A050F00
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A1C71F8
AttachedDevice \FileSystem\Ntfs \Ntfs PGPsdk.sys (PGP Software Development Kit NT Driver/PGP Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{2D5A6FD3-050B-4F79-B2BD-A391DA2284E6} 894B41F8
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 TPInput.sys (IBM SATA Power Management Driver/IBM Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 PGPsdk.sys (PGP Software Development Kit NT Driver/PGP Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 TPInput.sys (IBM SATA Power Management Driver/IBM Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 PGPsdk.sys (PGP Software Development Kit NT Driver/PGP Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 8A0161F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A15B1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A15B1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A15B1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A15B1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A0161F8
Device \Driver\usbuhci \Device\USBPDO-2 8A0161F8
Device \Driver\usbuhci \Device\USBPDO-3 8A0161F8
Device \Driver\usbehci \Device\USBPDO-4 89FEE1F8
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A1C91F8
Device \Driver\Cdrom \Device\CdRom0 89FAA1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A1C91F8
Device \Driver\Cdrom \Device\CdRom1 89FAA1F8
Device \Driver\atapi \Device\Ide\IdePort0 8A1C81F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A1C81F8
Device \Driver\atapi \Device\Ide\IdePort1 8A1C81F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A1C81F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E161A8D5-84A9-4FA1-85A0-EE313E7D74C6} 894B41F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 894B41F8
Device \Driver\PCI_PNP6004 \Device\00000077 spqz.sys
Device \Driver\NetBT \Device\NetbiosSmb 894B41F8
Device \Driver\sptd \Device\1028148504 spqz.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 8A0161F8
Device \Driver\usbuhci \Device\USBFDO-1 8A0161F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8947F1F8
Device \Driver\usbuhci \Device\USBFDO-2 8A0161F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8947F1F8
Device \Driver\usbuhci \Device\USBFDO-3 8A0161F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{FE70D9FF-311E-4845-814C-2796AA89BB37} 894B41F8
Device \Driver\usbehci \Device\USBFDO-4 89FEE1F8
Device \Driver\Ftdisk \Device\FtControl 8A1C91F8
Device \Driver\a8rxqlfg \Device\Scsi\a8rxqlfg1 89FA51F8
Device \Driver\a8rxqlfg \Device\Scsi\a8rxqlfg1Port2Path0Target0Lun0 89FA51F8
Device \FileSystem\Fastfat \Fat 8945A1F8
Device \FileSystem\Fastfat \Fat A76271F9
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs 8945D1F8
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- Modules - GMER 1.0.15 ----
Module (noname) (*** hidden *** ) BA378000-BA37F880 (30848 bytes)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x38 0x46 0xF5 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x41 0xE9 0x14 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x83 0x46 0xC2 0xE9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x38 0x46 0xF5 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x41 0xE9 0x14 0x84 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x83 0x46 0xC2 0xE9 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage@HandWritingFiles 984158875
---- Files - GMER 1.0.15 ----
File C:\RRUbackups\Documents and Settings 0 bytes
File C:\RRUbackups\Documents and Settings\IT-CORP 0 bytes
File C:\RRUbackups\Documents and Settings\IT-CORP\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\IT-CORP\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\IT-CORP\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\IT-CORP\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRUbackups\Documents and Settings\IT-CORP\Application Data\Microsoft\Protect\S-1-5-21-85064697-1809139202-649963619-1005 0 bytes
File C:\RRUbackups\Documents and Settings\IT-CORP\Application Data\Microsoft\Protect\S-1-5-21-85064697-1809139202-649963619-1005\1d8c3369-2b90-4d15-bcf4-0b071f6847d4 388 bytes
File C:\RRUbackups\Documents and Settings\IT-CORP\Application Data\Microsoft\Protect\S-1-5-21-85064697-1809139202-649963619-1005\61d4ffae-231b-493b-af08-9104c06756a6 388 bytes
File C:\RRUbackups\Documents and Settings\IT-CORP\Application Data\Microsoft\Protect\S-1-5-21-85064697-1809139202-649963619-1005\Preferred 24 bytes
File C:\RRUbackups\hints.dat 8192 bytes
File C:\RRUbackups\pu.dat 224 bytes
File C:\RRUbackups\SAM 262144 bytes
File C:\RRUbackups\system 7077888 bytes
File C:\RRUbackups\system.dat 12288 bytes
---- EOF - GMER 1.0.15 ----