[CODE]

2011-03-01,12:50:25

System Repair Engineer 2.8.4.1331
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2, v.3670 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Running Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan
    Scheduled Tasks
    Windows Security Update Check
    API HOOK
    Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)Microsoft Windows Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /installquiet /nodetect>  []
    <High Definition Audio Property Page Shortcut><CHDAudPropShortcut.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SmartIT Client><C:\SmartIT\lsass.exe>  [(Verified)LIGHT STAR INFORMATION CO., LTD.]
    <UserFaultCheck><%systemroot%\system32\dumprep 0 -u>  [File is missing]
    <OfficeScanNT Monitor><"C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow>  [(Verified)Trend Micro, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [(Verified)Microsoft Windows Publisher]

==================================
Startup Folders
[Monitor Apache Servers]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk --> C:\PROGRA~1\APACHE~1\Apache2.2\bin\APACHE~1.EXE [Apache Software Foundation]><N>

==================================
Services
[Apache2.2 / Apache2.2][Stopped/Auto Start]
  <"C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice><Apache Software Foundation>
[Bluetooth Service / btwdins][Running/Auto Start]
  <C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe><Broadcom Corporation.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ITClientSvs / ITClientSvs][Running/Auto Start]
  <C:\SmartIT\smss.exe><Light Star Information>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rsd Service / RsMgrSvc][Running/Auto Start]
  <"C:\Program Files\Rising\RSD\RsMgrSvc.exe"><Beijing Rising Information Technology Co., Ltd.>
[Subversion Repository / subversion_service][Stopped/Manual Start]
  <c:\subversion\bin\svnserve.exe --service -r d:\svndb><(File is missing)>
[OfficeScan NT Listener / tmlisten][Running/Auto Start]
  <"C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe"><Trend Micro Inc.>
[OfficeScanNT RealTime Scan / ntrtscan][Running/Auto Start]
  <"C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe"><Trend Micro Inc.>
[OfficeScan NT Proxy Service / TmProxy][Stopped/Manual Start]
  <"C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe"><Trend Micro Inc.>

==================================
Drivers
[Bluetooth Audio Device / btaudio][Running/Manual Start]
  <system32\drivers\btaudio.sys><Broadcom Corporation.>
[Bluetooth Virtual Communications Driver / BTDriver][Running/Manual Start]
  <system32\DRIVERS\btport.sys><Broadcom Corporation.>
[蓝牙总线枚举器 / BTKRNL][Running/Manual Start]
  <system32\DRIVERS\btkrnl.sys><Broadcom Corporation.>
[Bluetooth LAN Access Server / BTWDNDIS][Stopped/Manual Start]
  <system32\DRIVERS\btwdndis.sys><Broadcom Corporation.>
[WIDCOMM USB Bluetooth Driver / BTWUSB][Running/Manual Start]
  <System32\Drivers\btwusb.sys><Broadcom Corporation.>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
  <system32\drivers\CHDAud.sys><Conexant Systems Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[ITFF / ITFF][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\itff.sys><LightStar Information Co.,LTD>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Quantum DeepScanner Servers / qutmdserv][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\qutmdrv.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SogouNetopt / SogouNetopt][Stopped/Manual Start]
  <\??\C:\Program Files\SogouExplorer\sogounetopt.sys><Sogou.com>
[tifm21 / tifm21][Running/Manual Start]
  <system32\drivers\tifm21.sys><Texas Instruments>
[Intel(R) PRO/Wireless 3945ABG Adapter Driver / w39n51][Stopped/Manual Start]
  <system32\DRIVERS\w39n51.sys><Intel? Corporation>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[Trend Micro VSAPI NT / VSApiNt][Running/Auto Start]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys><Trend Micro Inc.>
[Trend Micro PreFilter / TmPreFilter][Running/Auto Start]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys><Trend Micro Inc.>
[Trend Micro TDI Driver / tmtdi][Running/System Start]
  <system32\DRIVERS\tmtdi.sys><Trend Micro Inc.>
[Trend Micro Filter / TmFilter][Running/Auto Start]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys><Trend Micro Inc.>
[tmcomm / tmcomm][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\tmcomm.sys><Trend Micro Inc.>

==================================
Browser Add-ons
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[EF2KRS2.ctlEF2KRS2]
  {2D272DB5-C4CC-11D3-AAEE-0080C8BA466E} <C:\WINDOWS\Downloaded Program Files\EF2KRS2.ocx, Data Systems Consulting Co., Ltd.>
[EF2KGrid.Grid]
  {4BDFCD1F-FE6D-11D4-ACF5-0080C8D96040} <C:\WINDOWS\Downloaded Program Files\EF2KGrid.ocx, Data Systems Consulting Co., Ltd.>
[EF2KARY2.ctlEF2KARY2]
  {53548F21-D707-11D3-AB0C-0080C8BA466E} <C:\WINDOWS\Downloaded Program Files\EF2KARY2.ocx, Data Systems Consulting Co., Ltd.>
[EF2KDT.ctlEF2KDT]
  {B8C54992-B7BF-11D3-AACE-0080C8BA466E} <C:\WINDOWS\Downloaded Program Files\EF2KDT.ocx, Data Systems Consulting Co., Ltd.>
[EF2KRSE.ctlEF2KRSE]
  {CF265377-E224-11D4-ACE8-0080C8D96040} <C:\WINDOWS\Downloaded Program Files\EF2KRSE.ocx, Data Systems Consulting Co., Ltd.>
[EF2KRS2.ctlEF2KRS2]
  {2D272DB5-C4CC-11D3-AAEE-0080C8BA466E} <C:\WINDOWS\Downloaded Program Files\EF2KRS2.ocx, Data Systems Consulting Co., Ltd.>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[EF2KGrid.Grid]
  {4BDFCD1F-FE6D-11D4-ACF5-0080C8D96040} <C:\WINDOWS\Downloaded Program Files\EF2KGrid.ocx, Data Systems Consulting Co., Ltd.>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation>
[EF2KARY2.ctlEF2KARY2]
  {53548F21-D707-11D3-AB0C-0080C8BA466E} <C:\WINDOWS\Downloaded Program Files\EF2KARY2.ocx, Data Systems Consulting Co., Ltd.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[EF2KDT.ctlEF2KDT]
  {B8C54992-B7BF-11D3-AACE-0080C8BA466E} <C:\WINDOWS\Downloaded Program Files\EF2KDT.ocx, Data Systems Consulting Co., Ltd.>
[EF2KRSE.ctlEF2KRSE]
  {CF265377-E224-11D4-ACE8-0080C8D96040} <C:\WINDOWS\Downloaded Program Files\EF2KRSE.ocx, Data Systems Consulting Co., Ltd.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, (Signed) Macromedia, Inc.>
[]
  {D4027C7F-154A-4066-A1AD-4243D8127440} <, >
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[]
  {FDAEAB93-6DC0-4A63-81C6-95C88ED36F6A} <, >
[E&xport to Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 584 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2162 (xpsp_sp2_idx.040709-1830)]
[PID: 652 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2162 (xpsp_sp2_idx.040709-1830)]
[PID: 676 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2162 (xpsp_sp2_idx.040709-1830)]
[PID: 720 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233)]
[PID: 732 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2162 (xpsp_sp2_idx.040709-1830)]
[PID: 888 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2162 (xpsp_sp2_idx.040709-1830)]
[PID: 968 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2162 (xpsp_sp2_idx.040709-1830)]
[PID: 1060 / SYSTEM][C:\Program Files\Rising\RSD\RsMgrSvc.exe]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.22]
    [C:\Program Files\Rising\RSD\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RSD\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
[PID: 1132 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2162 (xpsp_sp2_idx.040709-1830)]
[PID: 1204 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2162 (xpsp_sp2_idx.040709-1830)]
[PID: 1412 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\bthcrp.dll]  [Broadcom Corporation., 4.0.1.3400]
    [C:\WINDOWS\system32\WidcommSdk.dll]  [Broadcom Corporation., 4.0.1.3400]
    [C:\WINDOWS\system32\wbtapi.dll]  [Broadcom Corporation., 4.0.1.3400]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 1644 / SYSTEM][C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe]  [Broadcom Corporation., 4.0.1.3400]
[PID: 1700 / SYSTEM][C:\SmartIT\smss.exe]  [Light Star Information, 6]
[PID: 1772 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8433]
[PID: 1964 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2162 (xpsp_sp2_idx.040709-1830)]
[PID: 2016 / SYSTEM][C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe]  [Microsoft Corporation, 2.50.4160.2000]
[PID: 184 / SYSTEM][C:\WINDOWS\system32\CCM\CcmExec.exe]  [Microsoft Corporation, 2.50.4160.2000 built by: SMS]
[PID: 608 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2162 (xpsp_sp2_idx.040709-1830)]
[PID: 1620 / Toking_Sun][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8433]
    [C:\WINDOWS\system32\NVRSZHT.DLL]  [NVIDIA Corporation, 6.14.10.8433]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\WINDOWS\system32\btncopy.dll]  [Broadcom Corporation., 4.0.1.3400]
    [C:\Program Files\7-Zip\7-zip.dll]  [Igor Pavlov, 9.20]
[PID: 276 / Toking_Sun][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2162 (xpsp_sp2_idx.040709-1830)]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.8433]
    [C:\WINDOWS\system32\NVRSZHT.DLL]  [NVIDIA Corporation, 6.14.10.8433]
[PID: 1296 / Toking_Sun][C:\SmartIT\lsass.exe]  [Light Star Information, 6]
[PID: 1360 / Toking_Sun][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2162 (xpsp_sp2_idx.040709-1830)]
[PID: 2052 / Toking_Sun][C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe]  [Apache Software Foundation, 2.2.14]
[PID: 2536 / Toking_Sun][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2162 (xpsp_sp2_idx.040709-1830)]
[PID: 2280 / SYSTEM][C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe]  [Trend Micro Inc., 10.5.0.1040]
    [C:\Program Files\Trend Micro\OfficeScan Client\VSAPI32.dll]  [Trend Micro Inc., 8.700-1004]
    [C:\Program Files\Trend Micro\OfficeScan Client\FlowControl.dll]  [Trend Micro Inc., 8.0.0.3031]
    [C:\Program Files\Trend Micro\OfficeScan Client\libTmCAV.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwCommon.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\ZLib.dll]  [Trend Micro Inc., 1.31.0.1708]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcDog.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\TmListen.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\TmListenShare.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\libNetCtrl.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\TMSOCK.dll]  [Trend Micro Inc., 10.5.0.1023]
    [C:\Program Files\Trend Micro\OfficeScan Client\PccWFWMo.dll]  [Trend Micro Inc., 1.0.0.0]
    [C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\TmPac.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\NTSvcRes.dll]  [Trend Micro Inc., 8.0.0.3031]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcTmProxy.dll]  [Trend Micro Inc., 10.0.0.1169]
[PID: 2956 / SYSTEM][C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe]  [Trend Micro Inc., 10.5.0.1023]
    [C:\Program Files\Trend Micro\OfficeScan Client\VSAPI32.dll]  [Trend Micro Inc., 8.700-1004]
    [C:\Program Files\Trend Micro\OfficeScan Client\FlowControl.dll]  [Trend Micro Inc., 8.0.0.3031]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcDog.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\libCNTProdRes.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\TMBMCLI.dll]  [Trend Micro Inc., 2.2.0.1018]
    [C:\Program Files\Trend Micro\OfficeScan Client\TmEngDrv.dll]  [Trend Micro Inc., 2.2.0.1018]
    [C:\Program Files\Trend Micro\OfficeScan Client\NTSvcRes.dll]  [Trend Micro Inc., 8.0.0.3031]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll]  [Trend Micro Inc., 10.0.0.1169]
    [C:\Program Files\Trend Micro\OfficeScan Client\ssapi32.dll]  [Trend Micro Inc., 6.2.0.3009]
[PID: 3572 / SYSTEM][C:\WINDOWS\TEMP\QHEC17.EXE]  [Trend Micro Inc., 10.5.0.1023]
    [C:\Program Files\Trend Micro\OfficeScan Client\NTSvcRes.dll]  [Trend Micro Inc., 8.0.0.3031]
[PID: 3784 / SYSTEM][C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe]  [Trend Micro Inc., 1.0.0.3084]
[PID: 3532 / Toking_Sun][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2162 (xpsp_sp2_idx.040709-1830)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.3.0.3286]
    [C:\WINDOWS\system32\macromed\flash\flash.ocx]  [Macromedia, Inc., 6,0,79,0]
[PID: 2888 / Toking_Sun][C:\SmartIT\AppM.ls]  [Light Star Information, 6]
    [C:\SmartIT\lscommc.dll]  [Light Star Information, 6]
[PID: 1736 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2162 (xpsp_sp2_idx.040709-1830)]
[PID: 3924 / Toking_Sun][C:\WINDOWS\system32\mspaint.exe]  [(Verified) Microsoft Corporation, 5.1.2600.3660 (xpsp_sp2_gdr.091216-1517)]
[PID: 3280 / Toking_Sun][C:\Documents and Settings\Toking_Sun\Desktop\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.4.1331]
[PID: 2760 / Toking_Sun][C:\Documents and Settings\Toking_Sun\Desktop\sreng2\SREa52aef44.EXE]  [Smallfrogs Studio, 2.8.4.1331]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1644, C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2052, C:\PROGRAM FILES\APACHE SOFTWARE FOUNDATION\APACHE2.2\BIN\APACHEMONITOR.EXE]

==================================
Scheduled Tasks
[Enabled] At4.job
        C:\WINDOWS\dns.bat 
[Enabled] At3.job
        C:\WINDOWS\dns.bat 
[Enabled] At2.job
        C:\WINDOWS\dns.bat 
[Enabled] At1.job
        C:\WINDOWS\dns.bat 

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


[/CODE]