Solved Computer runs very slow

[Resolved] Computer runs very slow

I am new here, sorry for my grammar mistake~

Before I use my teacher's laptop,it takes a faster time..
Later on,it is getting very slowly when I using the internet or opening a file to downloading a few file and so on. I wonder if this computer can go any faster than i imagine..when i bought this computer it was very fast and recently now i getting slowly..
Can you help me to identify whether the system contains viruses or trojans
thank you very much

System Specs:
Nec Computers Asia Pacific
VERSA series computer
AMD turion(TM) 64 mobile
technology ML-32
792 Mhz, 448 MB of RAM
Windows Xp service Pack 3

 

DDS (Ver_10-11-08.01) - NTFSx86
Run by User at 11:42:18.81 on Mon 11/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.175 [GMT 8:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\8V9UABSR\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230533671968
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\ro3ek77w.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJPI142_05.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);

============= SERVICES / DRIVERS ===============

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2009-9-15 97608]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-15 11608]
R1 MFKGTKEY;MFKGTKEY;c:\windows\system32\drivers\mfkgtkey.sys [1980-1-1 14208]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
R1 Ps2LedIF;Ps2LedIF;c:\windows\system32\drivers\Ps2LedIF.sys [1980-1-1 5376]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\avira\antivir desktop\avfwsvc.exe [2009-9-15 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-9-15 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-15 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-15 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-9-15 434945]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-15 55656]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2009-9-15 69632]
R3 Ps2Led;NEC Note Keyboard with One-touch start buttons;c:\windows\system32\drivers\Ps2Led.sys [1980-1-1 9088]

=============== Created Last 30 ================

2010-11-08 03:13:42 6146896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{d372d5ca-8de3-46f8-9e1d-7d4387dfbada}\mpengine.dll
2010-11-01 23:35:15 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-11-01 23:35:15 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-01 23:35:14 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-01 23:34:47 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 04:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 11:43:52.12 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-08.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/29/2008 2:48:08 PM
System Uptime: 11/8/2010 11:00:12 AM (0 hours ago)

Motherboard: NEC | |
Processor: AMD Turion(tm) 64 mobile Technology ML-32 | Laptop Computer CPU | 792/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 20 GiB total, 8.63 GiB free.
D: is FIXED (FAT32) - 13 GiB total, 11.682 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Reader 7.0
Avira Premium Security Suite
Canon LBP2900
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Isis 3.00 (With House System)
Java 2 Runtime Environment, SE v1.4.2_05
Markah Kerja Kursus PMR
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Security Essentials
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
Percubaan-Pmr
Samsung ML-2010 Series
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Semak SMM Ver 4.0 1.0
Sistem Maklumat Murid
SMM 4.02
Sonic RecordNow!
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3

==== End Of File ===========================

 

mbam log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5076

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/9/2010 8:02:06 AM
mbam-log-2010-11-09 (08-02-06).txt

Scan type: Quick scan
Objects scanned: 147664
Time elapsed: 13 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

When I attempt to run GMER, it has scanned some files and hanged there. I have to do force-restart after that. Can I skip GMER and post MBR check??

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 170):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7B3E000 \WINDOWS\system32\KDCOM.DLL
0xF7A4E000 \WINDOWS\system32\BOOTVID.dll
0xF750F000 ACPI.sys
0xF7B40000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74FE000 pci.sys
0xF763E000 isapnp.sys
0xF7A52000 compbatt.sys
0xF7A56000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7C06000 pciide.sys
0xF78BE000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7B42000 aliide.sys
0xF7B44000 cmdide.sys
0xF7B46000 toside.sys
0xF7B48000 viaide.sys
0xF7B4A000 intelide.sys
0xF74E0000 pcmcia.sys
0xF764E000 MountMgr.sys
0xF74C1000 ftdisk.sys
0xF7B4C000 dmload.sys
0xF749B000 dmio.sys
0xF78C6000 PartMgr.sys
0xF7A5A000 ACPIEC.sys
0xF7C07000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF765E000 VolSnap.sys
0xF7A5E000 cpqarray.sys
0xF7483000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF746B000 atapi.sys
0xF7A62000 aha154x.sys
0xF78CE000 sparrow.sys
0xF7A66000 symc810.sys
0xF766E000 aic78xx.sys
0xF7A6A000 dac960nt.sys
0xF767E000 ql10wnt.sys
0xF7A6E000 amsint.sys
0xF78D6000 asc.sys
0xF7A72000 asc3550.sys
0xF78DE000 mraid35x.sys
0xF78E6000 i2omp.sys
0xF7A76000 ini910u.sys
0xF768E000 ql1240.sys
0xF769E000 aic78u2.sys
0xF78EE000 symc8xx.sys
0xF78F6000 sym_hi.sys
0xF78FE000 sym_u3.sys
0xF7906000 ABP480N5.SYS
0xF790E000 asc3350p.sys
0xF7B4E000 cd20xrnt.sys
0xF76AE000 ultra.sys
0xF7452000 adpu160m.sys
0xF7916000 dpti2o.sys
0xF76BE000 ql1080.sys
0xF76CE000 ql1280.sys
0xF76DE000 ql12160.sys
0xF791E000 perc2.sys
0xF7B50000 perc2hib.sys
0xF7926000 hpn.sys
0xF7A7A000 cbidf2k.sys
0xF7426000 dac2w2k.sys
0xF76EE000 disk.sys
0xF76FE000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7406000 fltmgr.sys
0xF792E000 PxHelp20.sys
0xF73EF000 KSecDD.sys
0xF7362000 Ntfs.sys
0xF7335000 NDIS.sys
0xF770E000 viaagp.sys
0xF771E000 ohci1394.sys
0xF772E000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF731B000 Mup.sys
0xF773E000 alim1541.sys
0xF774E000 amdagp.sys
0xF775E000 agp440.sys
0xF776E000 agpCPQ.sys
0xF777E000 gagp30kx.sys
0xF77BE000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF783E000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF7B22000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF71B6000 \SystemRoot\system32\DRIVERS\sisgrp.sys
0xF71A2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF785E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF786E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF787E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF717F000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7049000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF79C6000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7009000 \SystemRoot\system32\drivers\smwdm.sys
0xF6FE5000 \SystemRoot\system32\drivers\portcls.sys
0xF788E000 \SystemRoot\system32\drivers\drmk.sys
0xF6FC5000 \SystemRoot\system32\drivers\aeaudio.sys
0xF79E6000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6FA1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79EE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF79F6000 \SystemRoot\system32\DRIVERS\sisnicxp.sys
0xF6C7F000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF789E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7253000 \SystemRoot\system32\DRIVERS\Ps2Led.sys
0xF7A06000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6C65000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF7A0E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6C54000 \SystemRoot\system32\DRIVERS\avfwim.sys
0xF7C17000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF78AE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7243000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6C15000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF730B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF72FB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A2E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6B64000 \SystemRoot\system32\DRIVERS\psched.sys
0xF72EB000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A3E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7946000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6B34000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF72DB000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B64000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6AD6000 \SystemRoot\system32\DRIVERS\update.sys
0xF7212000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF72CB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF728B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B7A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF6C3C000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB5695000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF7BB8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D33000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BBC000 \SystemRoot\System32\Drivers\Beep.SYS
0xF6AC6000 \SystemRoot\system32\drivers\mfkgtkey.sys
0xF7BC0000 \SystemRoot\system32\drivers\ps2ledif.sys
0xF79B6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF79BE000 \SystemRoot\System32\drivers\vga.sys
0xF7BC4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BC8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79D6000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79FE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6AB6000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB5662000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB5609000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB55E1000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB556B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB5554000 \SystemRoot\system32\DRIVERS\avfwot.sys
0xF77AE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7B02000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF77CE000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB5532000 \SystemRoot\System32\drivers\afd.sys
0xF77DE000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7A36000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF7B0A000 \SystemRoot\system32\DRIVERS\srvkp.sys
0xB5467000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB53F7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77FE000 \SystemRoot\System32\Drivers\Fips.SYS
0xB53DB000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7BCE000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB538F000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB5377000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BD4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6C34000 \SystemRoot\System32\drivers\Dxapi.sys
0xF796E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D1C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\SiSGRV.dll
0xB5203000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB51E3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB4EF6000 \SystemRoot\system32\drivers\wdmaud.sys
0xF6BA5000 \SystemRoot\system32\drivers\sysaudio.sys
0xB4CCD000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB4EB6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB48DD000 \SystemRoot\system32\DRIVERS\srv.sys
0xB45F4000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 34):
0 System Idle Process
4 System
1056 C:\WINDOWS\system32\smss.exe
1112 csrss.exe
1140 C:\WINDOWS\system32\winlogon.exe
1184 C:\WINDOWS\system32\services.exe
1196 C:\WINDOWS\system32\lsass.exe
1372 C:\WINDOWS\system32\svchost.exe
1440 svchost.exe
1484 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1536 C:\WINDOWS\system32\svchost.exe
1692 svchost.exe
1760 svchost.exe
228 C:\WINDOWS\explorer.exe
416 C:\WINDOWS\system32\spoolsv.exe
496 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1856 svchost.exe
544 C:\Program Files\Microsoft Security Essentials\msseces.exe
628 avfwsvc.exe
648 C:\WINDOWS\system32\ctfmon.exe
676 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
712 C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
736 C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
764 C:\APPS\HIDSERVICE\HidService.exe
816 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
852 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
1496 wdfmgr.exe
1656 C:\APPS\Powercinema\Kernel\TV\CLSched.exe
1040 C:\WINDOWS\system32\CNAB4RPK.EXE
1048 C:\WINDOWS\system32\wuauclt.exe
2264 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
2276 C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
3144 alg.exe
360 C:\Documents and Settings\User\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`00689600 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000006`007d7c00 (FAT32)

PhysicalDrive0 Model Number: HTS424040M9AT00, Rev: MA2OA71A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


Done!

 

I've run Rootkit unhooker, but nothing detected

 

ComboFix 10-11-07.A2 - User 11/09/2010 11:42:23.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.128 [GMT 8:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\RkUnhooker\Uninstall.exe
C:\khq
D:\khq

.
((((((((((((((((((((((((( Files Created from 2010-10-09 to 2010-11-09 )))))))))))))))))))))))))))))))
.

2010-11-09 03:08 . 2010-11-09 03:46 -------- d-----w- c:\documents and settings\RkUnhooker
2010-11-09 03:06 . 2010-11-09 03:11 -------- d-----w- C:\RkUnhooker
2010-11-08 23:45 . 2010-11-08 23:45 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-11-08 23:45 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-08 23:45 . 2010-11-08 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-08 23:45 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-08 23:45 . 2010-11-08 23:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-08 03:13 . 2010-10-07 23:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D372D5CA-8DE3-46F8-9E1D-7D4387DFBADA}\mpengine.dll
2010-11-01 23:35 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-11-01 23:35 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-01 23:35 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-01 23:34 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2010-06-03 23:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-08-03 02:43 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-18 06:53 . 2005-04-01 01:39 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2005-04-01 01:39 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2005-04-01 01:39 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 04:23 . 2005-04-01 01:39 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-10 05:58 . 2005-04-01 01:40 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2005-04-01 01:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2005-04-01 01:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2005-04-01 01:39 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2005-04-01 01:40 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2005-04-01 01:40 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2005-04-01 01:40 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2005-04-01 01:40 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-11-05 05:03 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2005-04-01 01:39 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-04-01 01:40 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2005-04-01 01:40 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-14 1094224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-07-22 05:38 88361 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-01-28 03:41 135168 ----a-w- c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 21:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-14 20:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NECMFK]
2005-06-21 12:56 72192 ----a-w- c:\program files\NECMFK\necmfk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-05-11 05:48 127118 ----a-w- c:\apps\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Common SM]
2005-07-03 07:20 372736 ------w- c:\windows\Samsung\ComSMMgr\SSMMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
2005-08-25 11:02 32768 ----a-w- c:\windows\system32\Keyhook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2005-09-13 01:51 49152 ----a-w- c:\windows\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2004-08-06 00:27 860160 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 01:11 1388544 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-06-03 14:05 32881 ----a-w- c:\program files\Java\j2re1.4.2_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-01-12 00:49 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\APPS\\Powercinema\\PowerCinema.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE "=

R1 MFKGTKEY;MFKGTKEY;c:\windows\system32\drivers\mfkgtkey.sys [1/1/1980 14208]
R1 Ps2LedIF;Ps2LedIF;c:\windows\system32\drivers\Ps2LedIF.sys [1/1/1980 5376]
R3 Ps2Led;NEC Note Keyboard with One-touch start buttons;c:\windows\system32\drivers\Ps2Led.sys [1/1/1980 9088]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - RKHDRV40
*Deregistered* - rkhdrv40
.
Contents of the 'Scheduled Tasks' folder

2010-11-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 13:40]

2010-11-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 07:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ro3ek77w.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJPI142_05.dll
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
AddRemove-RKU - c:\documents and settings\RkUnhooker\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-09 11:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-11-09 11:50:36
ComboFix-quarantined-files.txt 2010-11-09 03:50

Pre-Run: 9,349,713,920 bytes free
Post-Run: 9,371,262,976 bytes free

- - End Of File - - 6908EE967C94327044C0922F3A85DAE4

 

SystemLook 04.09.10 by jpshortstuff
Log created at 12:25 on 09/11/2010 by User
Administrator - Elevation successful

========== file ==========

c:\windows\system32\drivers\Ps2Led.sys - File found and opened.
MD5: 0B9A015157B612FCC07579D1E7B50433
Created at 16:00 on 31/12/1979
Modified at 06:18 on 25/04/2005
Size: 9088 bytes
Attributes: --a----
FileDescription: NEC MultiFunction Keyboard Filter Driver
FileVersion: 5.1.2600.1106 built by: WinDDK
ProductVersion: 5.1.2600.1106
OriginalFilename: Ps2Led.sys
InternalName: Ps2Led.sys
ProductName: NEC MFK Driver
CompanyName: NEC Corporation
LegalCopyright: (C)2000-2002 NEC Corporation

c:\windows\system32\drivers\Ps2LedIF.sys - File found and opened.
MD5: 46717C665F6C9034563A8D20BB40D878
Created at 16:00 on 31/12/1979
Modified at 11:29 on 05/10/2004
Size: 5376 bytes
Attributes: --a----
FileDescription: NEC MultiFunction Keyboard LED IF Driver
FileVersion: 5.1.2600.1106 built by: WinDDK
ProductVersion: 5.1.2600.1106
OriginalFilename: Ps2LedIF.sys
InternalName: Ps2LedIF.sys
ProductName: NEC MFK Driver
CompanyName: NEC Corporation
LegalCopyright: (C)2000-2002 NEC Corporation

c:\windows\system32\drivers\mfkgtkey.sys - File found and opened.
MD5: 031DFCF2A888A9560ACE0CE2C3D843CC
Created at 16:00 on 31/12/1979
Modified at 13:05 on 10/05/2005
Size: 14208 bytes
Attributes: --a----
FileDescription: Get Key Program for NEC MultiFunction Keyboard
FileVersion: 10.0.2.0
ProductVersion: 10.0.2.0
OriginalFilename: MFKGTKEY.SYS
InternalName: MFKGTKEY.SYS
ProductName: NEC MFKB Library
CompanyName: (C)NEC Corporation, NEC Personal Products, Ltd. 2002-2005
LegalCopyright: (C)NEC Corporation, NEC Personal Products, Ltd.
Comments:

-= EOF =-

 

OTL logfile created on: 11/9/2010 12:49:32 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 72.00 Mb Available Physical Memory | 16.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 8.74 Gb Free Space | 43.70% Space Free | Partition Type: NTFS
Drive D: | 13.23 Gb Total Space | 11.68 Gb Free Space | 88.29% Space Free | Partition Type: FAT32

Computer Name: SNNCI7079535 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/09 12:48:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/04/02 01:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/11 20:26:56 | 000,063,112 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNAB4RPK.EXE
PRC - [2005/05/11 13:52:04 | 000,737,381 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005/05/11 13:52:00 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2005/05/11 13:50:34 | 000,110,672 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2005/05/11 13:50:14 | 000,221,266 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/11/09 12:48:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2010/08/24 00:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2005/05/11 13:52:00 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/05/11 13:50:34 | 000,110,672 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/05/11 13:50:14 | 000,221,266 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/01/07 11:01:52 | 000,049,152 | ---- | M] () [Auto | Stopped] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2006/06/12 18:36:30 | 000,009,344 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2005/09/13 09:51:40 | 000,261,632 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/09/13 09:51:40 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/05/10 21:05:26 | 000,014,208 | ---- | M] ((C)NEC Corporation, NEC Personal Products, Ltd. 2002-2005) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfkgtkey.sys -- (MFKGTKEY)
DRV - [2005/05/01 01:01:56 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/04/25 14:18:48 | 000,009,088 | ---- | M] (NEC Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ps2Led.sys -- (Ps2Led)
DRV - [2005/03/14 13:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2005/01/20 22:25:16 | 000,108,887 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/05 16:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004/10/05 19:29:46 | 000,005,376 | ---- | M] (NEC Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ps2ledif.sys -- (Ps2LedIF)
DRV - [2004/09/14 21:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2004/08/11 16:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/07/22 14:50:16 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/27 13:29:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/04 07:44:04 | 000,000,000 | ---D | M]

[2009/11/17 09:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/11/17 09:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ro3ek77w.default\extensions
[2009/11/17 09:31:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/11/09 11:47:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1230533671968 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.251.3.2 10.253.0.13
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\NEC.BMP
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 12:48:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/11/09 12:24:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/09 11:50:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/09 11:39:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/09 11:39:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/09 11:39:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/09 11:39:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/09 11:39:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/09 11:37:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/09 11:06:58 | 000,000,000 | ---D | C] -- C:\RkUnhooker
[2010/11/09 07:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2010/11/09 07:45:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/09 07:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/09 07:45:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/09 07:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/09 07:43:47 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\My Documents\mbam-setup.exe
[2010/11/02 12:16:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/10/30 18:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\LPU & LKC
[1998/08/24 09:31:44 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/09 12:48:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/11/09 12:23:33 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SystemLook.exe
[2010/11/09 11:47:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/09 11:33:43 | 003,906,043 | R--- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2010/11/09 11:06:22 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SoftSea_download.html
[2010/11/09 11:06:18 | 000,169,655 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RkU3.7.300.505.exe
[2010/11/09 10:43:32 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/09 10:37:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/09 10:37:17 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/11/09 10:36:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/09 10:36:39 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/09 07:52:34 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBRCheck.exe
[2010/11/09 07:48:28 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\User\Desktop\esdssfs3.exe
[2010/11/09 07:45:26 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/09 07:44:41 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\My Documents\mbam-setup.exe
[2010/11/08 11:15:42 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\User\Desktop\PEPERIKSAAN PMR 2010 LPU.doc
[2010/11/08 11:12:07 | 000,163,328 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Peperiksaan PMR 2010 LPC.doc
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/03 07:21:00 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Excel LPU 2010.xls
[2010/11/02 12:48:31 | 000,308,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/02 12:38:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/02 12:35:49 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/02 12:03:11 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\User\Desktop\NEW TUNTUTAN PERJALANAN TEMPLATE 2010 (NOV).xls
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/09 12:23:27 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SystemLook.exe
[2010/11/09 11:39:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/09 11:39:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/09 11:39:30 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/09 11:39:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/09 11:39:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/09 11:32:17 | 003,906,043 | R--- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2010/11/09 07:52:33 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBRCheck.exe
[2010/11/09 07:48:25 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\User\Desktop\esdssfs3.exe
[2010/11/09 07:45:26 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/02 12:01:35 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\User\Desktop\NEW TUNTUTAN PERJALANAN TEMPLATE 2010 (NOV).xls
[2010/10/31 16:46:19 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Excel LPU 2010.xls
[2010/10/31 16:45:46 | 000,163,328 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Peperiksaan PMR 2010 LPC.doc
[2010/10/30 20:01:40 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\User\Desktop\PEPERIKSAAN PMR 2010 LPU.doc
[2010/04/28 11:26:56 | 000,000,166 | ---- | C] () -- C:\WINDOWS\TryPMRUbk.ini
[2010/03/17 11:12:06 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/03/17 11:12:01 | 000,000,318 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2010/03/17 11:11:35 | 000,001,084 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2010/03/17 11:11:07 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DLL
[2010/02/15 21:42:04 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2006/01/12 09:02:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/12 08:51:12 | 000,000,968 | ---- | C] () -- C:\WINDOWS\necmfk.ini
[2006/01/12 08:51:12 | 000,000,582 | ---- | C] () -- C:\WINDOWS\wmfkbpok.ini
[2006/01/12 08:46:29 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/01/12 08:37:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/12 08:23:18 | 000,076,101 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2006/01/12 08:23:09 | 000,073,915 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/04/09 13:52:08 | 000,005,068 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/01 10:07:08 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/04/01 09:50:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/23 12:06:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/09/22 14:03:54 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\PG32CONV.DLL

========== LOP Check ==========

[2009/04/14 17:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2010/11/09 10:43:32 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/09 10:37:17 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/01/12 08:38:58 | 000,000,210 | RHS- | M] () -- C:\BOOT.BAK
[2010/10/02 08:11:15 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2004/08/04 14:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/11/09 11:50:37 | 000,009,050 | ---- | M] () -- C:\ComboFix.txt
[2010/11/09 10:36:39 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2006/01/12 08:45:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/01/12 08:45:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/29 15:08:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/09 10:36:33 | 2097,152,000 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/04/01 09:57:58 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/04/25 06:07:24 | 000,069,120 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43e.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/04/01 09:48:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/04/01 09:48:42 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/04/01 09:48:42 | 000,843,776 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/12/29 15:14:41 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/12/29 15:29:22 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/04/01 10:05:22 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/11/09 11:33:43 | 003,906,043 | R--- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2010/11/09 07:48:28 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\User\Desktop\esdssfs3.exe
[2007/08/27 19:46:14 | 000,095,744 | ---- | M] () -- C:\Documents and Settings\User\Desktop\JjJBprGtulb75.exe
[2010/11/09 07:52:34 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBRCheck.exe
[2010/05/06 13:56:06 | 011,862,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/11/09 12:48:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/11/09 11:06:18 | 000,169,655 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RkU3.7.300.505.exe
[2010/05/17 07:18:52 | 002,615,237 | ---- | M] () -- C:\Documents and Settings\User\Desktop\sap123_050310.exe
[2010/05/17 07:18:30 | 002,532,469 | ---- | M] () -- C:\Documents and Settings\User\Desktop\sap45_050310.exe
[2010/11/09 12:23:33 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SystemLook.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/11/09 07:44:41 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\My Documents\mbam-setup.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/12/29 15:29:22 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\User\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/09 11:50:41 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\User\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/11 01:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 22:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

OTL Extras logfile created on: 11/9/2010 12:49:32 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 72.00 Mb Available Physical Memory | 16.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 8.74 Gb Free Space | 43.70% Space Free | Partition Type: NTFS
Drive D: | 13.23 Gb Total Space | 11.68 Gb Free Space | 88.29% Space Free | Partition Type: FAT32

Computer Name: SNNCI7079535 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\APPS\Powercinema\PowerCinema.exe" = C:\APPS\Powercinema\PowerCinema.exe:*:EnabledowerCinema -- (CyberLink Corp.)
"C:\WINDOWS\system32\CNAB4RPK.EXE" = C:\WINDOWS\system32\CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process -- (CANON INC.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A550A0E2-5EDC-4DB3-837E-D1423C57A473}" = Markah Kerja Kursus PMR
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EC0A62C4-732F-4950-AF2C-3570AD232B47}" = Percubaan-Pmr
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"Canon LBP2900" = Canon LBP2900
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Isis_is1" = Isis 3.00 (With House System)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"Semak SMM Ver 4.0" = Semak SMM Ver 4.0 1.0
"Sistem Maklumat Murid4.0" = Sistem Maklumat Murid
"SMM" = SMM 4.02
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/1/2010 8:27:14 PM | Computer Name = SNNCI7079535 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 10/30/2010 6:41:31 AM | Computer Name = SNNCI7079535 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 10/30/2010 6:41:35 AM | Computer Name = SNNCI7079535 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 11/2/2010 12:35:14 AM | Computer Name = SNNCI7079535 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 11/2/2010 12:55:31 AM | Computer Name = SNNCI7079535 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 11/8/2010 12:04:37 AM | Computer Name = SNNCI7079535 | Source = Avira AntiVir | ID = 4118
Description =

Error - 11/8/2010 12:04:41 AM | Computer Name = SNNCI7079535 | Source = Avira AntiVir | ID = 4118
Description =

Error - 11/8/2010 12:14:27 AM | Computer Name = SNNCI7079535 | Source = Avira AntiVir | ID = 4118
Description =

Error - 11/8/2010 7:35:38 PM | Computer Name = SNNCI7079535 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/8/2010 7:35:39 PM | Computer Name = SNNCI7079535 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 11/8/2010 9:17:58 PM | Computer Name = SNNCI7079535 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 11/8/2010 9:17:58 PM | Computer Name = SNNCI7079535 | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/8/2010 10:33:35 PM | Computer Name = SNNCI7079535 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 11/8/2010 10:33:37 PM | Computer Name = SNNCI7079535 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 11/8/2010 10:33:38 PM | Computer Name = SNNCI7079535 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 11/8/2010 10:33:40 PM | Computer Name = SNNCI7079535 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 11/8/2010 10:33:43 PM | Computer Name = SNNCI7079535 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 11/8/2010 10:33:43 PM | Computer Name = SNNCI7079535 | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/8/2010 11:11:40 PM | Computer Name = SNNCI7079535 | Source = Service Control Manager | ID = 7034
Description = The 1F6DB884 service terminated unexpectedly. It has done this 1
time(s).

Error - 11/8/2010 11:42:14 PM | Computer Name = SNNCI7079535 | Source = Service Control Manager | ID = 7034
Description = The Generic Service for HID Keyboard Input Collections service terminated
unexpectedly. It has done this 1 time(s).


< End of report >

 

Sorry I am just as blur as scgoh123..... xP
Actually me and scgoh123 are helping teachers to clean viruses.

The computer is running a little bit faster than before........but when I checked the computer's system specs, I've discovered that the pc just have 700+ MHz!! Is it too slow for Windows XP to run??