Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reinfected w/ Antivir Solution Pro


  • This topic is locked This topic is locked
22 replies to this topic

#1 xKitt

xKitt

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 08 August 2010 - 10:49 PM

My computer was first infected with Antivir Solution Pro 4 days ago (Wednesday), and after using RKill(iExplore) and MalwareBytes after each infection, I've been reinfected three more times, about once every day.
About 2 days ago, I made the switch from Safari to Firefox, but I don't think that has changed anything for this problem.
Did all the requested logs 3 hrs before quarantining the virus with MalwareBytes for the last time.
I have all the MalwareBytes logs and everything still quarantined, by the way.

While using GMER, I got a blue screen caused by a file that started with "pwli", although the file name was 3x as long.
After starting back up in Safe Mode with Networking, GMER had a problem and was closed by Windows; I ran Defogger again (1st time after the reboot), regardless of the warning. When I tried to open GMER again, my computer blue-screened without a specified reason.
Rebooted this time in Normal Mode and AntiVir Solution Pro opened up once again, so I used RKill(iExplore), MalwareBytes, and rebooted the computer.
GMER was closed because of some problem by Windows, I ran Defogger, tried GMER again, and I blue-screened with no specific reason once again...
So I'm sorry that I can't attach a GMER log.

I realize that I have to change all of my passwords on a secure computer ASAP, but am confused on whether the computer I used to put the RKill/MalwareBytes on a USB flash drive is still considered safe.
I'm also wondering what how to deal with my computer in the future now that it has been infected and is no longer secure.
Is switching to another disk like Windows 7 the only way to ensure that these old problems don't come back to haunt my computer?

DDS (Ver_10-03-17.01) - NTFSx86
Run by Anne at 18:46:47.78 on Sun 08/08/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.1044 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: CA Anti-Spyware *enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Windows\system32\mdmcls32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rpcnet.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svcprs32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\mdmcls32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\atwtusb.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Windows\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Windows\system32\mdmcls32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Tencent\QQ2009\Bin\QQ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Sharp\Button Manager B\btnman.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Tencent\QQ2009\Bin\TXPlatform.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
C:\Windows\system32\mdmcls32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Anne\Desktop\Defogger.exe
C:\Users\Anne\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.tdameritrade.com/welcome1.html
uDefault_Page_URL = hxxp://www.msn.com
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60282
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: {B1BE275B-78BF-4A33-81AB-380699CFF329} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {B3535C18-0E70-4D4B-B36B-BBFE139BB144} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {D1A1FD57-93FC-45FE-BC2A-B3A5D47D6674} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SharpTray] "c:\program files\sharp\sharpdesk\SharpTray.exe"
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [QQ2009] "c:\program files\tencent\qq2009\bin\QQ.exe" /background
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [hwnglusp] c:\users\anne\appdata\local\suukvutvy\twqgxditssd.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; Tablet PC 2.0; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; MSN Optimized;US; SPC 3.2 P1 Ta)" -"http://pbskids.org/barney/children/music/happyandsw.html"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [atwtusb] atwtusb.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Google IME Autoupdater] "c:\program files\google\google pinyin\GooglePinyinDaemon.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [dvHighMem] c:\windows\cfgmng32.exe
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-6.0.1.33\QOELoader.exe"
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\users\anne\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\anne\appdata\roaming\micros~1\windows\startm~1\programs\startup\viikii~1.lnk - c:\program files\viikiidesktopplugin\ViiKiiDesktopPlugin.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\button~1.lnk - c:\program files\sharp\button manager b\btnman.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Add to QQ Customized Emoticons - c:\program files\tencent\qq\AddEmotion.htm
IE: Add to QQ Customized Panel - c:\program files\tencent\qq\AddPanel.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Send Picture with QQ MMS - c:\program files\tencent\qq\SendMMS.htm
IE: QQ - c:\program files\tencent\qq2009\bin\AddEmotion.htm
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\program files\tencent\qq\QQ.EXE
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: dacom.net
Trusted Zone: epaygen.co.kr
Trusted Zone: epaygen.com
Trusted Zone: hanabank.com
Trusted Zone: hyundaicard.com
Trusted Zone: inicis.com
Trusted Zone: internet
Trusted Zone: jbbank.co.kr
Trusted Zone: kjbank.com
Trusted Zone: lgcard.com
Trusted Zone: lottecard.co.kr
Trusted Zone: macromedia.com
Trusted Zone: mcafee.com
Trusted Zone: nprotect.net
Trusted Zone: samsungcard.co.kr
Trusted Zone: shinhancard.com
Trusted Zone: suhyup.co.kr
Trusted Zone: vpay.co.kr
Trusted Zone: yescard.co.kr
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\anne\appdata\roaming\mozilla\firefox\profiles\hw8w6q6m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tdameritrade.com/welcome1.html
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 6522
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\lively\nplively.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-18 214024]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-10-13 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-10-13 21104]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-10-13 161008]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-10-13 130280]
S1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [2008-10-13 22528]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-6-18 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-6-18 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-6-18 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-6-18 40552]
S3 scskusbf;USB SCSK Filter Driver Service;c:\windows\system32\drivers\scskusbf.sys [2009-4-2 18184]
S3 scskusbs;USB SCSK Driver Service;c:\windows\system32\drivers\scskusbs.sys [2009-4-2 175872]
S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-6-18 209408]

============== File Associations ===============

txtfile=c:\windows\notepad.exe %1
.txt=

=============== Created Last 30 ================

2010-08-08 22:45:51 0 ----a-w- c:\users\anne\defogger_reenable
2010-08-05 19:55:48 76469 ----a-w- c:\users\anne\.recently-used.xbel
2010-08-05 03:49:58 0 d-----w- c:\users\anne\appdata\roaming\Malwarebytes
2010-08-05 03:49:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-05 03:49:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-05 03:49:29 0 d-----w- c:\programdata\Malwarebytes
2010-08-05 03:49:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-05 03:30:56 363520 ----a-w- c:\temp\iExplore.exe
2010-07-26 20:25:46 0 d-----w- c:\programdata\AIM
2010-07-26 20:25:07 0 d-----w- c:\program files\AIM
2010-07-26 20:24:30 0 d-----w- c:\program files\common files\Software Update Utility
2010-07-26 19:26:23 0 d-----w- c:\program files\iPod
2010-07-26 19:09:19 629 ----a-w- c:\windows\system32\mapisvc.inf
2010-07-23 22:59:19 18681 ------w- c:\windows\system32\abtsvchost.xml
2010-07-21 03:41:14 360 ----a-w- c:\windows\system32\msexcr.ini
2010-07-16 21:54:38 0 d-----w- c:\program files\Absolute Software
2010-07-16 21:54:14 29184 ----a-w- c:\windows\system32\CtLoJack.dll
2010-07-16 21:48:11 18733 ----a-w- c:\windows\system32\AbtSvcHost_.config
2010-07-16 21:47:45 49584 ----a-w- c:\windows\system32\AbtSvcHost_.exe
2010-07-12 16:52:12 49584 ----a-w- c:\windows\system32\AbtSvcHost.exe

==================== Find3M ====================

2010-08-08 19:34:25 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-07 17:46:23 296664 ----a-w- c:\programdata\nvModes.dat
2010-08-06 22:57:26 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-06-21 22:13:35 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-21 22:13:35 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-21 22:13:35 143360 ----a-w- c:\windows\inf\infstor.dat
2010-06-09 03:57:16 91472 ----a-w- c:\windows\system32\isafprod.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 04:14:46 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-11-17 11:58:10 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-06-18 10:26:24 76 --sh--r- c:\windows\CT4CET.bin
2009-10-14 01:22:23 204800 --sha-w- c:\windows\rnapxs\Rnapxs.dat
2009-07-10 01:30:22 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-06-11 04:03:40 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-11 04:03:40 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-11 04:03:40 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-11 04:03:40 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-03-21 05:05:46 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2009-03-21 05:05:46 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032120090322\index.dat
2010-03-08 20:37:38 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-09-24 19:29:56 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-09-24 19:29:56 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-09-24 19:29:56 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 18:52:33.17 ===============


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:34 PM

Posted 16 August 2010 - 04:34 AM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the "Custom Scans/Fixes" section paste in the below in bold

    netsvc
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
  • Push the button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into the body of your next reply.

~Blade


In your next reply, please include the following:
OTL.txt
Extras.txt

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#3 xKitt

xKitt
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 16 August 2010 - 10:40 AM

Thanks for the response. Haven't really been having trouble with the virus lately, but I don't think I've done anything to get rid of it completely yet.

OTL logfile created on: 8/16/2010 11:03:29 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Anne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.29 Gb Total Space | 109.16 Gb Free Space | 49.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.01 Gb Free Space | 60.10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XIE-PC
Current User Name: Anne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/16 11:02:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL.exe
PRC - [2010/07/22 22:07:03 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/22 22:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/12 12:52:12 | 000,049,584 | ---- | M] (Microsoft) -- C:\Windows\System32\AbtSvcHost_.exe
PRC - [2010/07/08 12:29:52 | 000,084,136 | ---- | M] (Absolute Software) -- C:\Program Files\Absolute Software\LoJack for Laptops Notifier 2\LoJackNotifier.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/08 23:57:16 | 000,255,312 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
PRC - [2010/06/08 23:57:16 | 000,230,736 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
PRC - [2010/05/27 15:07:36 | 000,238,928 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\cappactiveprotection.exe
PRC - [2010/05/27 15:07:35 | 000,185,680 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/19 16:54:07 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/04/15 15:18:50 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/04/13 19:06:47 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2010/04/07 15:25:43 | 000,152,904 | ---- | M] (Tencent) -- C:\Program Files\Tencent\QQ2009\Bin\TXPlatform.exe
PRC - [2010/04/07 15:25:43 | 000,144,712 | ---- | M] (Tencent) -- C:\Program Files\Tencent\QQ2009\Bin\QQ.exe
PRC - [2009/11/01 17:50:15 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/10/13 21:26:36 | 000,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2009/10/13 21:26:36 | 000,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
PRC - [2009/10/13 21:17:08 | 000,014,088 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/07 10:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/01 16:09:36 | 001,400,832 | ---- | M] () -- C:\Windows\System32\svcprs32.exe
PRC - [2009/06/01 16:01:02 | 002,289,664 | ---- | M] () -- C:\Windows\System32\mdmcls32.exe
PRC - [2009/06/01 15:59:16 | 010,940,416 | ---- | M] () -- C:\Windows\cfgmng32.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/09/29 19:48:58 | 000,283,888 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
PRC - [2008/08/30 15:14:36 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/10 15:56:29 | 001,442,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2008/06/10 15:56:27 | 000,447,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2008/03/04 01:05:24 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2008/01/25 01:42:14 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/01/20 22:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2008/01/20 22:24:17 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/12/03 00:28:06 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/12/03 00:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/07 17:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/07/27 17:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/05/31 17:05:20 | 000,323,232 | ---- | M] () -- C:\Windows\System32\atwtusb.exe
PRC - [2007/04/17 00:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
PRC - [2007/04/16 23:55:00 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\psqltray.exe
PRC - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/03/15 13:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/03 18:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 18:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/11/02 08:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2004/08/27 00:48:38 | 000,106,496 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Sharp\Button Manager B\btnman.exe
PRC - [2004/03/05 20:09:06 | 000,028,672 | ---- | M] () -- C:\Program Files\Sharp\Sharpdesk\SharpTray.exe


========== Modules (SafeList) ==========

MOD - [2010/08/16 11:02:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/07/12 12:52:12 | 000,049,584 | ---- | M] (Microsoft) [Auto | Running] -- C:\Windows\System32\AbtSvcHost_.exe -- (AbtSvcHost)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/08 23:57:16 | 000,255,312 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)
SRV - [2010/06/02 13:12:00 | 003,623,304 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/05/27 15:07:35 | 000,185,680 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/13 19:06:47 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/01 17:50:15 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093009-130223)
SRV - [2009/10/13 21:26:36 | 000,214,256 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/06/01 16:09:36 | 001,400,832 | ---- | M] () [Auto | Running] -- C:\Windows\System32\svcprs32.exe -- (WinSvchostManager)
SRV - [2008/09/29 19:48:58 | 000,283,888 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2008/08/30 15:14:36 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 00:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/12/03 00:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva351.sys -- (XDva351)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva346.sys -- (XDva346)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva337.sys -- (XDva337)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva323.sys -- (XDva323)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva310.sys -- (XDva310)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva300.sys -- (XDva300)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva281.sys -- (XDva281)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva280.sys -- (XDva280)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva275.sys -- (XDva275)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva270.sys -- (XDva270)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva262.sys -- (XDva262)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva257.sys -- (XDva257)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva225.sys -- (XDva225)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva202.sys -- (XDva202)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\scsk5.sys -- (scsk5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\RebirthRO\npkcusb.sys -- (npkcusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Anne\AppData\Local\Temp\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - [2010/06/03 15:10:43 | 000,746,216 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\vetefile.sys -- (VETEFILE)
DRV - [2010/06/03 15:10:42 | 000,130,280 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\veteboot.sys -- (VETEBOOT)
DRV - [2009/11/09 07:47:29 | 000,161,008 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\vetmonnt.sys -- (VETMONNT)
DRV - [2009/11/09 07:47:29 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\vet-filt.sys -- (VET-FILT)
DRV - [2009/11/09 07:47:29 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\vetfddnt.sys -- (VETFDDNT)
DRV - [2009/11/09 07:47:29 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\vet-rec.sys -- (VET-REC)
DRV - [2009/07/08 13:44:20 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/07/08 13:44:20 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/07/08 13:44:20 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/07/08 13:44:20 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/07/08 13:43:46 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/02 22:43:30 | 000,175,872 | ---- | M] (SoftCamp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\scskusbs.sys -- (scskusbs)
DRV - [2009/04/02 22:43:30 | 000,018,184 | ---- | M] (SoftCamp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\scskusbf.sys -- (scskusbf)
DRV - [2009/01/30 09:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/24 05:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/06/10 16:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/03/04 01:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 01:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/01/25 01:42:14 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/06 09:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/12/03 00:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/07 05:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel®
DRV - [2007/09/07 05:22:34 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/07 02:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/07 02:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/07 02:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/04/16 23:44:34 | 000,046,992 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/03/21 15:33:46 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/06 21:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 19:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 19:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/06/06 09:51:06 | 000,022,528 | ---- | M] (WALTOP International Corp.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aiptektp.sys -- (aiptektp)
DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tdameritrade.com/welcome1.html
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.sogou.com/ [binary data]
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baidu.com/
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=6080618
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=6080618
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.tdameritrade.com/welcome1.html"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.2.2
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 6522
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox [2009/10/13 21:17:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox [2009/10/13 21:17:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/15 15:20:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/06 19:13:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/06 19:13:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox [2009/10/13 21:17:40 | 000,000,000 | ---D | M]

[2010/08/06 19:14:35 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Mozilla\Extensions
[2010/08/15 20:56:03 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\hw8w6q6m.default\extensions
[2010/08/12 11:03:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\hw8w6q6m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/09 00:00:02 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\hw8w6q6m.default\extensions\https-everywhere@eff.org
[2010/08/06 19:13:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B1BE275B-78BF-4A33-81AB-380699CFF329} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {B3535C18-0E70-4D4B-B36B-BBFE139BB144} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [atwtusb] C:\Windows\System32\atwtusb.exe ()
O4 - HKLM..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe (CA, Inc.)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [dvHighMem] C:\Windows\cfgmng32.exe ()
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Google IME Autoupdater] C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe (Google Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [QOELOADER] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe (CA)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000..\Run: [QQ2009] C:\Program Files\Tencent\QQ2009\Bin\QQ.exe (Tencent)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000..\Run: [SharpTray] C:\Program Files\Sharp\Sharpdesk\SharpTray.exe ()
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe File not found
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001..\Run: [QQ2009] C:\Program Files\Tencent\QQ2009\Bin\QQ.exe (Tencent)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001..\Run: [SharpTray] C:\Program Files\Sharp\Sharpdesk\SharpTray.exe ()
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe File not found
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002..\Run: [QQ2009] C:\Program Files\Tencent\QQ2009\Bin\QQ.exe (Tencent)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002..\Run: [SharpTray] C:\Program Files\Sharp\Sharpdesk\SharpTray.exe ()
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found
O4 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found
O4 - Startup: C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: QQ - C:\Program Files\Tencent\QQ2009\Bin\AddEmotion.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE File not found
O9 - Extra 'Tools' menuitem : Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: dacom.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: epaygen.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: epaygen.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: hanabank.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: hyundaicard.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: inicis.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: jbbank.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: kjbank.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: lgcard.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: lottecard.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: macromedia.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: nprotect.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: samsungcard.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: shinhancard.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: suhyup.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: vpay.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Domains: yescard.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1000\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: dacom.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: epaygen.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: epaygen.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: hanabank.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: hyundaicard.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: inicis.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: jbbank.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: kjbank.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: lgcard.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: lottecard.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: macromedia.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: nprotect.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: samsungcard.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: shinhancard.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: suhyup.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: vpay.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Domains: yescard.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1001\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: dacom.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: epaygen.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: epaygen.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: hanabank.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: hyundaicard.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: inicis.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: jbbank.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: kjbank.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: lgcard.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: lottecard.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: macromedia.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: nprotect.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: samsungcard.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: shinhancard.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: suhyup.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: vpay.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Domains: yescard.co.kr ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2626349971-2234050652-3821861980-1002\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Anne\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anne\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{01aab720-aa0c-11de-bec0-001fe1dd5968}\Shell - "" = AutoRun
O33 - MountPoints2\{01aab720-aa0c-11de-bec0-001fe1dd5968}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{adb5c8a8-5b6b-11de-8f41-001fe1dd5968}\Shell - "" = AutoRun
O33 - MountPoints2\{adb5c8a8-5b6b-11de-8f41-001fe1dd5968}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{adb5c8ac-5b6b-11de-8f41-001fe1dd5968}\Shell - "" = AutoRun
O33 - MountPoints2\{adb5c8ac-5b6b-11de-8f41-001fe1dd5968}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/08/11 18:39:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/11 18:39:18 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/11 18:39:18 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/11 18:39:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/11 18:39:17 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/11 18:39:17 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/11 18:39:17 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/11 18:39:17 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/11 18:39:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/11 18:39:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/11 18:39:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/11 18:39:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/11 18:39:16 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/11 18:39:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/11 18:39:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/11 18:39:14 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/11 18:39:01 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/11 18:38:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/11 18:38:30 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/11 18:38:30 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/09 17:57:08 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\NeopleLauncherDFO
[2010/08/08 18:12:27 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\suukvutvy
[2010/08/06 19:14:01 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\Mozilla
[2010/08/06 19:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/05 21:32:13 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\efdgowdwx
[2010/08/04 23:49:58 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Malwarebytes
[2010/08/04 23:49:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/04 23:49:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/04 23:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/04 23:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/04 22:55:22 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\wsusdoifb
[2010/08/01 09:13:42 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\Absolute_Software
[2010/07/26 16:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2010/07/26 16:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/07/26 16:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/07/26 15:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/12/06 13:12:54 | 000,868,352 | ---- | C] (Dell, Inc. ) -- C:\Users\Anne\AppData\Roaming\DataSafeDotNet.exe
[2008/04/30 17:10:27 | 000,008,192 | ---- | C] ( ) -- C:\Windows\System32\cshost.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/16 11:12:59 | 004,980,736 | -HS- | M] () -- C:\Users\Anne\ntuser.dat
[2010/08/16 11:04:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/16 09:55:16 | 000,296,664 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/08/16 09:55:16 | 000,296,664 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/08/16 09:55:09 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2010/08/16 09:55:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/16 00:00:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/16 00:00:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/15 23:04:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/12 03:36:03 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/12 03:36:03 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/12 03:36:03 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/12 03:29:39 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2010/08/12 03:29:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/12 03:28:54 | 001,737,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/12 03:25:54 | 000,524,288 | -HS- | M] () -- C:\Users\Anne\ntuser.dat{402ee896-e835-11de-9a37-001fe1dd5968}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 03:25:54 | 000,065,536 | -HS- | M] () -- C:\Users\Anne\ntuser.dat{402ee896-e835-11de-9a37-001fe1dd5968}.TM.blf
[2010/08/12 03:25:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/12 03:24:59 | 003,899,385 | -H-- | M] () -- C:\Users\Anne\AppData\Local\IconCache.db
[2010/08/10 22:18:58 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\CAAntiSpywareScan_Daily as Anne at 9 17 PM.job
[2010/08/08 23:37:02 | 343,986,289 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/08 18:45:51 | 000,000,000 | ---- | M] () -- C:\Users\Anne\defogger_reenable
[2010/08/06 19:13:45 | 000,001,750 | ---- | M] () -- C:\Users\Anne\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/05 15:55:48 | 000,076,469 | ---- | M] () -- C:\Users\Anne\.recently-used.xbel
[2010/07/31 16:55:00 | 000,421,619 | ---- | M] () -- C:\Users\Anne\Documents\yobobarecipes.docx
[2010/07/26 16:25:57 | 000,001,969 | -H-- | M] () -- C:\IPH.PH
[2010/07/26 16:25:41 | 000,001,722 | ---- | M] () -- C:\Users\Anne\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/07/26 15:09:19 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/07/25 23:41:25 | 000,018,681 | ---- | M] () -- C:\Windows\System32\abtsvchost.xml
[2010/07/22 16:21:42 | 000,018,733 | ---- | M] () -- C:\Windows\System32\AbtSvcHost_.config
[2010/07/22 14:39:10 | 000,000,360 | ---- | M] () -- C:\Windows\System32\msexcr.ini
[2010/07/21 07:18:26 | 000,000,680 | ---- | M] () -- C:\Users\Anne\AppData\Local\d3d9caps.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/08 18:45:51 | 000,000,000 | ---- | C] () -- C:\Users\Anne\defogger_reenable
[2010/08/06 19:13:45 | 000,001,750 | ---- | C] () -- C:\Users\Anne\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/05 15:55:48 | 000,076,469 | ---- | C] () -- C:\Users\Anne\.recently-used.xbel
[2010/07/31 16:54:59 | 000,421,619 | ---- | C] () -- C:\Users\Anne\Documents\yobobarecipes.docx
[2010/07/26 16:25:41 | 000,001,722 | ---- | C] () -- C:\Users\Anne\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/07/26 15:11:10 | 002,474,569 | ---- | C] () -- C:\Users\Anne\Documents\Fhsstphysics.pdf
[2010/07/26 15:11:09 | 001,624,958 | ---- | C] () -- C:\Users\Anne\Documents\C_Sharp_Programming.pdf
[2010/07/26 15:09:19 | 000,000,629 | ---- | C] () -- C:\Windows\System32\mapisvc.inf
[2010/07/23 18:59:19 | 000,018,681 | ---- | C] () -- C:\Windows\System32\abtsvchost.xml
[2010/07/20 23:41:14 | 000,000,360 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2009/12/06 01:22:50 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/10/13 21:16:39 | 000,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll
[2009/10/13 21:15:44 | 004,747,264 | ---- | C] () -- C:\Windows\System32\win32cpr.dll
[2009/10/13 21:15:44 | 001,867,776 | ---- | C] () -- C:\Windows\System32\winsflt.dll
[2009/09/17 15:55:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/01 23:11:27 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009/08/01 23:11:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2009/08/01 23:11:27 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009/08/01 23:11:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2009/06/17 14:18:59 | 000,000,680 | ---- | C] () -- C:\Users\Anne\AppData\Local\d3d9caps.dat
[2008/10/13 22:29:28 | 000,005,725 | ---- | C] () -- C:\Windows\aiptbl.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/26 00:22:56 | 000,163,936 | ---- | C] () -- C:\Windows\_isusr32.dll
[2008/09/25 23:36:51 | 000,073,728 | ---- | C] () -- C:\Windows\System32\ZLIB.DLL
[2008/09/25 23:33:58 | 000,049,152 | ---- | C] () -- C:\Windows\SDConfig.dll
[2008/09/25 23:31:12 | 000,122,880 | ---- | C] () -- C:\Windows\System32\usc1.dll
[2008/09/25 23:31:12 | 000,045,056 | ---- | C] () -- C:\Windows\System32\_isusr2k.dll
[2008/09/21 01:12:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/09/21 01:12:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/08/11 10:57:34 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2008/07/07 10:46:22 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/07/06 20:49:29 | 000,020,090 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\UserTile.png
[2008/06/30 15:24:04 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2008/06/23 16:43:26 | 000,040,448 | ---- | C] () -- C:\Users\Anne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/23 15:25:31 | 000,001,844 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\install.dat
[2008/06/18 09:05:28 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/06/18 09:05:28 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/06/18 06:22:55 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/06/02 21:45:32 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/06/02 21:45:32 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/12/09 22:57:32 | 000,061,440 | ---- | C] () -- C:\Windows\System32\Scpmonal.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

========== LOP Check ==========

[2008/06/26 14:31:48 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Absolute
[2008/06/23 17:12:35 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\acccore
[2010/07/06 16:03:10 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\CallingID
[2009/07/03 05:07:12 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Chinatelecom
[2009/12/20 13:07:44 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Costco Photo Viewer US
[2009/05/31 16:39:17 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\FFSJ
[2009/07/26 02:21:51 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\FlashGet
[2009/10/28 17:05:48 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Fogware
[2009/07/15 23:30:09 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\GenieSoft
[2009/10/13 21:57:40 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\GetRightToGo
[2010/08/05 15:55:48 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\gtk-2.0
[2009/03/04 23:30:17 | 000,000,000 | -H-D | M] -- C:\Users\Anne\AppData\Roaming\ijjigame
[2010/08/10 11:28:27 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\NeopleLauncherDFO
[2008/07/16 00:46:33 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Nexon
[2008/09/08 20:33:12 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\NJStar
[2009/11/07 22:30:13 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\ooVoo Details
[2010/02/26 13:21:50 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\OpenOffice.org
[2008/07/06 20:49:29 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\PeerNetworking
[2010/03/13 21:30:33 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Progeny
[2009/07/06 23:01:41 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\QQ Games Plugin
[2009/08/09 08:32:46 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\QQMusicUpdate
[2008/09/26 00:23:08 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Sharp
[2009/01/04 16:39:29 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\SYSTEMAX Software Development
[2009/08/09 08:32:46 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Tencent
[2008/07/01 08:41:40 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\tmp
[2009/07/16 11:09:43 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\TopicsLearning
[2010/04/11 17:20:54 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2010/08/10 22:18:58 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\CAAntiSpywareScan_Daily as Anne at 9 17 PM.job
[2010/08/12 03:25:38 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< netsvc >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/04/17 00:06:36 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=E2D8E32A93945F3FCE220D0F71FDFB27 -- C:\Program Files\Fingerprint Reader Suite\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/09/07 05:27:28 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Drivers\storage\R166201\iaStor.sys
[2007/09/07 05:27:28 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_b92fa6ec\iaStor.sys
[2007/09/07 05:27:28 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_9af7e4ab\iaStor.sys
[2007/09/07 05:22:34 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R166200\iastor.sys
[2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/09/07 05:22:34 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/09/07 05:22:34 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/09/07 05:22:34 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
[2007/03/21 13:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/03/21 15:33:40 | 000,065,536 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Files - Unicode (All) ==========
[2009/10/18 01:15:19 | 000,011,180 | ---- | M] ()(C:\Users\Anne\Documents\??.docx) -- C:\Users\Anne\Documents\童话.docx
[2009/10/11 22:23:34 | 000,011,180 | ---- | C] ()(C:\Users\Anne\Documents\??.docx) -- C:\Users\Anne\Documents\童话.docx
< End of report >

OTL Extras logfile created on: 8/16/2010 11:03:29 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Anne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.29 Gb Total Space | 109.16 Gb Free Space | 49.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.01 Gb Free Space | 60.10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XIE-PC
Current User Name: Anne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2626349971-2234050652-3821861980-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [QQMusic.1.Play] -- "C:\Program Files\Tencent\QQMusic\QQMusic.exe" /play "%1" (Tencent)
Directory [QQMusic.2.Add] -- "C:\Program Files\Tencent\QQMusic\QQMusic.exe" /add "%1" (Tencent)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F0CB15-5336-41A1-8674-529E67679F03}" = rport=138 | protocol=17 | dir=out | app=system |
"{07111852-FA6A-49EA-93DE-25FDE3F9884A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{17927E27-9680-4E03-BF03-B48CD106E907}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27CF8FC4-F467-402F-93C7-C3AAA3E7A63E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C3B23C4-3932-4EE9-972D-893FC754DD18}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E370D3D-B1D4-4CA8-B085-E691D91882A1}" = rport=139 | protocol=6 | dir=out | app=system |
"{31A01014-A923-48B6-A16F-82E9156B271B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{41E94B1E-3EEA-4A77-9B30-05BC5176D2FF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{45CE6FB9-3CF5-443C-BFF0-0934C7F331AC}" = lport=139 | protocol=6 | dir=in | app=system |
"{5586E302-93DA-41A8-ABA5-3EBF8197DE6B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{558C0B68-23CA-42DF-964A-475212B9D82F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5994BCB0-BBAB-4FF5-ABF6-7E308F7C9932}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7061E35A-EA59-483D-9AD4-7B8B7419F7CF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B582C1B-5DDB-470A-876B-3239416B7787}" = rport=445 | protocol=6 | dir=out | app=system |
"{83E6EF2E-6DC2-466E-98A2-26D6339BD956}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8DD13B36-D8B3-4242-8505-3FCF4EF2603B}" = rport=137 | protocol=17 | dir=out | app=system |
"{8F46D2BE-9E41-4EFA-8E3D-8D990AB452EC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A39B2AA4-DCBB-4CD4-83D4-50DDFF3245E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A82BCFCB-B625-49B0-9836-14779D727F69}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AC67B1A5-5EAC-4216-8268-F0E2D82BA8CE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD5D357E-427B-48FB-8F2E-BCB321536FAB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF3B1A19-CCFA-425B-A320-6AD70470FEAA}" = lport=137 | protocol=17 | dir=in | app=system |
"{CD2CEE17-F0A9-4FB5-BB60-A1E17D950AD5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DD924080-1521-43AE-B107-25505E612AE9}" = lport=445 | protocol=6 | dir=in | app=system |
"{E08E5F43-84D2-442C-9AE3-3CD63F19F6C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E988C19B-4959-42FA-9463-C60546DF03A1}" = lport=138 | protocol=17 | dir=in | app=system |
"{EB4B7BA7-60EA-432A-85A7-86FAB1AF481F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F36B48D0-CDC3-4AE0-B913-EA5CDCC4105D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD1B98FF-AF95-46DD-93D4-BF68C7FD7A25}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01232AF2-D400-40B9-A875-DF670C698008}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{0777DDE6-D2DC-416B-95BB-8BD1DD068CDA}" = protocol=6 | dir=out | app=system |
"{272DD69E-464B-4E92-9656-29EBE19CFD31}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{279AC301-BDC2-4C6E-88B5-03A904A603EC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2DA3E940-7862-4CE8-8563-D49B71CA2542}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3515FC6A-0649-4765-B4CE-1F04AA15E527}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{363E245F-4690-4D38-B8B2-9BC8C2D024E6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3957706D-75B0-4B4D-9C01-A8C1AE2D15F2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4AE50D3C-0213-4A44-8B3C-12A01B3790E6}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{4DD2C14E-1678-478E-B6BA-73BEE6E7525F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{60926353-673F-46F7-AF3F-D07776012536}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{620F6A6E-1076-4278-BC91-584164A50F89}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{679E3EFB-91FA-465B-B0B5-1234AD6E5A5B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{68C1C4C4-D056-434E-94B6-B5936F0ADE11}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D9096F7-58EC-4277-992E-51AD9056F72E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{70452461-9147-4ADC-9B05-765454680D79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{79167277-5E9C-4B50-A307-A6D9D3419F5C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7D1BB3EA-FE1E-4464-B8E0-F32E9E129F15}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{80B6AFC0-A765-4ADF-9DD0-04A89C9F9B9F}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{819278CF-8E46-4ACC-BF3A-8A71C97BE0E4}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{8196EDFE-9BFE-47D1-AC08-CF2486325B63}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{847302C2-228D-40F3-8AF4-2A16A9FB1344}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{85D92B04-95F2-482D-B2F5-E2D2D1EF53B0}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{87454913-2F5D-423A-A3F0-A3B64EA2A49F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AEB908F-5638-41A6-BBB4-C01D4B368688}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9F2FC9FE-9C58-4A63-BF0A-B8D4742E3267}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9F6A6805-8767-4101-8FE0-4CC3156A2AF1}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{A004E9CD-1303-4AB7-8D20-D33BC0804658}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4B071CA-F1D7-49F9-A600-81FB6CCA251F}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{ADF87481-7BB8-4C37-8F64-F862B3EBBF5E}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{AEB9780D-EC65-4A60-AE51-21B3C55AEF31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B43DAA39-9E1E-4048-B6BB-A288A22F673C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B6904656-8F73-48AF-BB44-EE0582CCC7AC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8B660AF-9786-4FA1-B727-F57DE74245C1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BE7EA07F-51E8-472E-B1CD-79214C2A8596}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C16B8324-900C-4989-AF4E-B6114A79566E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C4880BC8-9B26-46F9-8DFA-8C2A760A21BD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C48A6F1D-577E-4DA5-B06D-625D9A21DF93}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{D1F6C2EA-98EC-4CD4-935B-DB835D66E0CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D968EDDA-DEC2-43B6-9290-A1F22C08F8FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E067F9FC-749E-483B-85E4-8E707A309C2F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E30A2E2D-74B6-4214-837C-DB61F360A74E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E453850B-07F1-496F-90FB-AE1BAA75C61E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E7DDFD74-E487-4190-A015-B5C7634427EE}" = protocol=17 | dir=in | app=c:\program files\redbana\audition\patcher.exe |
"{E89BA666-6C5D-4749-B2FE-DA6A8950C98F}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{F385905F-515A-4C75-A63B-4618B693F143}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{F46C002C-048E-4856-A806-1A97544807F5}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{F4BA9211-2E38-4AA6-B7F4-F4CBBADD04C9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F4D0D02F-8DDB-4500-9729-B9D318548B42}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F8AE48D5-0A30-4F91-8DD0-B03BC342680F}" = protocol=6 | dir=in | app=c:\program files\redbana\audition\patcher.exe |
"{F8BC0C62-D878-4F0D-A5D9-0AE984EDF76C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9548248-6D6A-45FE-A42F-95201126C843}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FD0F0B9A-10E0-4AE4-9762-9CA39AE93FBA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"TCP Query User{648C0E92-C0C8-49F2-A861-1759F9034110}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{6758847B-F131-4165-986F-1A6AA3264540}C:\program files\tencent\qqmusic\qqmusic.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qqmusic.exe |
"TCP Query User{855C0C75-EAFD-4DAF-A943-C96C2A377689}C:\users\anne\appdata\local\temp\qqmusicinstall.exe" = protocol=6 | dir=in | app=c:\users\anne\appdata\local\temp\qqmusicinstall.exe |
"TCP Query User{8DB0EA4E-0911-4640-8A74-8F91CE94657D}C:\program files\tencent\qq2009\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq2009\bin\qq.exe |
"TCP Query User{A5CC9BB5-4221-4258-A9BE-5B07F6E36B26}C:\program files\tencent\qqmusic\qzonemusic.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qzonemusic.exe |
"TCP Query User{DAED9662-D776-410D-9871-7B3329D69866}C:\program files\tencent\qqmusic\qqmusic.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qqmusic.exe |
"TCP Query User{EB5394E2-DF8D-4F64-A817-6DC5535D9E6E}C:\program files\tencent\qq2009\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq2009\bin\qq.exe |
"UDP Query User{1E7CB0CA-3E72-48EE-BBEB-42C3DE138DE8}C:\program files\tencent\qqmusic\qqmusic.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qqmusic.exe |
"UDP Query User{33F7A392-E938-4CF0-B70A-4822E9E886D3}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{6BDE5136-7B43-404D-B807-C44259DBE59C}C:\users\anne\appdata\local\temp\qqmusicinstall.exe" = protocol=17 | dir=in | app=c:\users\anne\appdata\local\temp\qqmusicinstall.exe |
"UDP Query User{6C849903-6464-47E3-8D5F-9C3435336EF3}C:\program files\tencent\qqmusic\qqmusic.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qqmusic.exe |
"UDP Query User{798E4E7D-AD27-4B5B-A66C-5263809CA68B}C:\program files\tencent\qqmusic\qzonemusic.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qzonemusic.exe |
"UDP Query User{BB356900-2968-4ABE-B0A3-54E3DAFFA918}C:\program files\tencent\qq2009\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq2009\bin\qq.exe |
"UDP Query User{D1D6D6B7-5783-4143-86C7-F947C42FA86A}C:\program files\tencent\qq2009\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq2009\bin\qq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{03ACC7CA-52CB-44d7-B87D-9F0D3B6930FD}" = HP Photosmart Printer Driver Software 10.0 02
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = Tencent QQ2009
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0AFD47CE-CA9C-4372-AA20-CB05D33638FA}" = CA Desktop DNA Migrator
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E5D21E4-9E1C-43DB-A3BB-3313E462435C}" = Grade 5 Success
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24EEF6D7-A7B6-4AA9-AFD9-407185A7769F}" = MapleStory
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28DFA10C-2588-4CF2-9275-E0EFF1E9BB0C}" = Complete Care Consumer Service Agreement
"{2DE38C17-DD7E-41BA-88BC-0A2387D29657}" = Lively by Google
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{3D281B1C-BF39-4893-B32A-EAB3B84BDE34}" = Audition
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40D49F15-20A3-451C-8F37-E1E7A9648109}" = Kindergarten Success
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{46C89347-CC1B-4DF0-9412-51DEA478E2D8}" = Spelling Accelerator
"{4922F4B2-A62B-4CBF-A299-F3EA2C8C8827}" = Grade 5 Success
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5A05B328-35EB-4CED-B16F-62FA5A2642E6}" =
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{788B97E8-D825-419A-8558-1C0B344C5371}" = Costco Photo Organizer
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{A33BE502-F7EA-4063-95E2-FCBE5E9D6A0C}" = Grade 2 Success
"{A3F0BB90-3DC8-420A-8F3A-F807374438EB}" = Grade 4 Success
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{AD654E84-D2D8-485E-903C-105A244C1D31}" = Grade 1 Success
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AEAD18F3-6481-4ef4-96B5-A24D5ADAC30D}" = CA Anti-Spyware
"{AF1778C9-CC16-4aad-AF43-9A57429E7114}" = PS_SF_02_Software
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B48337F4-01EE-4502-869F-BA75816D367C}" = Grade 4 Success
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7213B87-1A16-4369-ABC5-FA8DF031BE84}" = Spelling Accelerator
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C6CF9A19-A3C2-459C-B695-4ED60A059C80}" = Grade 1 Success
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}" = CA Website Inspector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D006FCB7-91A1-4A7F-9CE3-7735D4E93DD4}" = LoJack for Laptops Notifier
"{D23E6E13-653C-415e-937A-598E1CEFACB1}" = PS_SF_02_Software_Min
"{D2BD3C8F-9D7F-472B-BDF9-7309A5CB813A}" = Motorola Driver Installation 3.5.0
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{D86A1D1E-0544-432D-AEFB-18E35F62C25B}" = Grade 2 Success
"{DB512317-7C87-4964-B7FC-F54D7EE728B0}" = Grade 3 Success
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E64EE45A-9A93-47B7-9B11-9A7AC0362C3D}" = Grade 3 Success
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E797E7D2-D68C-4cb1-80D2-16049A8FBFB8}" = D5300_Help
"{E7C08429-18BB-4760-8596-6327C7267431}" = D5300
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7D1443-A5FD-426C-8DDB-B4430E3944C6}" = Kindergarten Success
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB52D14B-505F-4e32-89FF-1234233301D2}" = PS_SF_02_ProductContext
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_7" = AIM 7
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DFO" = DFOLauncher
"Download Manager" = Download Manager 2.3.8
"eTrust Suite Personal" = CA Internet Security Suite
"ffdshow_is1" = ffdshow [rev 1228] [2007-06-03]
"FlashGet" = FlashGet 1.9.6.1073
"FULL CLIENT8.0" = FULL CLIENT
"GOM Player" = GOM Player
"Google Desktop" = Google Desktop
"GooglePinyin" = Google Pinyin IME
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{0AFD47CE-CA9C-4372-AA20-CB05D33638FA}" = CA Desktop DNA Migrator
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NJStar Chinese WP" = NJStar Chinese WP
"NVIDIA Drivers" = NVIDIA Drivers
"PCFriendly" = PCFriendly
"QQMusic" = QQ音乐2009
"RealPlayer 12.0" = RealPlayer
"Rmtablet" = USB Tablet Manager
"SHARP AL-1500 1600CS Series PCL Printer Driver" = SHARP AL-1500/1600CS Series PCL Printer Driver
"Sharp Button Manager B" = Sharp Button Manager B
"Sharpdesk" = Sharpdesk
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TuxGuitar 1.1" = TuxGuitar
"TVAnts 1.0" = TVAnts 1.0
"VETWIN32Vp5" = CA Anti-Virus
"VLC media player" = VLC media player 0.9.8a
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.4.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2626349971-2234050652-3821861980-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji.com" = ijji
"Options 360™" = Options 360™

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2626349971-2234050652-3821861980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji.com" = ijji
"Options 360™" = Options 360™

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2626349971-2234050652-3821861980-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji.com" = ijji
"Options 360™" = Options 360™

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/14/2010 1:11:24 AM | Computer Name = Xie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/14/2010 1:11:24 AM | Computer Name = Xie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14836

Error - 8/14/2010 1:11:24 AM | Computer Name = Xie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14836

Error - 8/14/2010 1:11:25 AM | Computer Name = Xie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/14/2010 1:11:25 AM | Computer Name = Xie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15834

Error - 8/14/2010 1:11:25 AM | Computer Name = Xie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15834

Error - 8/14/2010 1:11:26 AM | Computer Name = Xie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/14/2010 1:11:26 AM | Computer Name = Xie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17254

Error - 8/14/2010 1:11:26 AM | Computer Name = Xie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17254

Error - 8/14/2010 1:11:27 AM | Computer Name = Xie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ Broadcom Wireless LAN Events ]
Error - 2/14/2010 11:44:37 PM | Computer Name = Xie-PC | Source = WLAN-Tray | ID = 0
Description = 22:44:37, Sun, Feb 14, 10 Error - Unable to gain access to user store


Error - 3/3/2010 4:00:05 PM | Computer Name = Xie-PC | Source = WLAN-Tray | ID = 0
Description = 15:00:05, Wed, Mar 03, 10 Error - Unable to gain access to user store


Error - 3/8/2010 4:27:01 PM | Computer Name = Xie-PC | Source = WLAN-Tray | ID = 0
Description = 15:27:00, Mon, Mar 08, 10 Error - Unable to gain access to user store


Error - 3/29/2010 12:45:42 AM | Computer Name = Xie-PC | Source = WLAN-Tray | ID = 0
Description = 00:45:41, Mon, Mar 29, 10 Error - Unable to gain access to user store


Error - 4/7/2010 11:45:19 PM | Computer Name = Xie-PC | Source = WLAN-Tray | ID = 0
Description = 23:45:19, Wed, Apr 07, 10 Error - Unable to gain access to user store


Error - 5/26/2010 3:26:57 PM | Computer Name = Xie-PC | Source = WLAN-Tray | ID = 0
Description = 15:26:57, Wed, May 26, 10 Error - Unable to gain access to user store


Error - 7/2/2010 12:31:02 AM | Computer Name = Xie-PC | Source = WLAN-Tray | ID = 0
Description = 00:31:02, Fri, Jul 02, 10 Error - Unable to gain access to user store


Error - 7/6/2010 11:00:47 AM | Computer Name = Xie-PC | Source = WLAN-Tray | ID = 0
Description = 11:00:47, Tue, Jul 06, 10 Error - Unable to gain access to user store


Error - 8/8/2010 7:31:04 PM | Computer Name = Xie-PC | Source = WLAN-Tray | ID = 0
Description = 19:31:02, Sun, Aug 08, 10 Error - Unable to gain access to user store


Error - 8/8/2010 11:37:25 PM | Computer Name = Xie-PC | Source = WLAN-Tray | ID = 0
Description = 23:37:25, Sun, Aug 08, 10 Error - Unable to gain access to user store


[ OSession Events ]
Error - 2/17/2009 8:29:28 PM | Computer Name = Xie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 31 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/18/2009 12:20:02 AM | Computer Name = Xie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 10925 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/20/2009 12:31:28 AM | Computer Name = Xie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 22763 seconds with 600 seconds of active time. This session ended with a
crash.

Error - 2/23/2009 1:07:23 AM | Computer Name = Xie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 112111 seconds with 2280 seconds of active time. This session ended with
a crash.

Error - 2/24/2009 10:14:41 PM | Computer Name = Xie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 12050 seconds with 900 seconds of active time. This session ended with a
crash.

Error - 2/25/2009 3:26:58 AM | Computer Name = Xie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 10132 seconds with 4800 seconds of active time. This session ended with
a crash.

Error - 2/25/2009 3:32:36 AM | Computer Name = Xie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 235 seconds with 180 seconds of active time. This session ended with a crash.

Error - 2/25/2009 10:01:22 PM | Computer Name = Xie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 9 seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/28/2009 3:16:40 AM | Computer Name = Xie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7505
seconds with 240 seconds of active time. This session ended with a crash.

Error - 1/20/2010 12:51:24 AM | Computer Name = Xie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24622
seconds with 1200 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/15/2010 12:20:54 AM | Computer Name = Xie-PC | Source = DCOM | ID = 10016
Description =

Error - 8/15/2010 12:20:54 AM | Computer Name = Xie-PC | Source = DCOM | ID = 10016
Description =

Error - 8/15/2010 11:00:49 PM | Computer Name = Xie-PC | Source = DCOM | ID = 10016
Description =

Error - 8/15/2010 11:00:50 PM | Computer Name = Xie-PC | Source = DCOM | ID = 10016
Description =

Error - 8/15/2010 11:00:50 PM | Computer Name = Xie-PC | Source = DCOM | ID = 10016
Description =

Error - 8/15/2010 11:00:50 PM | Computer Name = Xie-PC | Source = DCOM | ID = 10016
Description =

Error - 8/15/2010 11:00:50 PM | Computer Name = Xie-PC | Source = DCOM | ID = 10016
Description =

Error - 8/15/2010 11:00:50 PM | Computer Name = Xie-PC | Source = DCOM | ID = 10016
Description =

Error - 8/15/2010 11:00:50 PM | Computer Name = Xie-PC | Source = DCOM | ID = 10016
Description =

Error - 8/16/2010 10:15:57 AM | Computer Name = Xie-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.


< End of report >


#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:34 PM

Posted 16 August 2010 - 10:42 PM

Hello.

You're definitely still infected.

Download Combofix from any of the links below but rename it to renamed.exe before saving it to your desktop.


Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Double click on renamed.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~Blade


In your next reply, please include the following:
ComboFix log

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#5 xKitt

xKitt
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 17 August 2010 - 11:09 AM

ComboFix 10-08-16.04 - Anne 08/17/2010 11:35:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.1444 [GMT -4:00]
Running from: c:\users\Anne\Desktop\renamed.exe
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
SP: CA Anti-Spyware *enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\ijjistarter_verinfo.dat
c:\users\Anne\AppData\Roaming\DataSafeDotNet.exe
c:\users\Anne\AppData\Roaming\install.dat
c:\users\Public\Google
c:\users\Public\Google\Google Pinyin\10000.lib
c:\users\Public\Google\Google Pinyin\bihua.bin
c:\users\Public\Google\Google Pinyin\english.bin
c:\users\Public\Google\Google Pinyin\model.bin
c:\users\Public\Google\Google Pinyin\special.lib

.
((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-17 15:48 . 2010-08-17 15:48 -------- d-----w- c:\users\Lucky Guest\AppData\Local\temp
2010-08-17 15:48 . 2010-08-17 15:48 -------- d-----w- c:\users\Eileen\AppData\Local\temp
2010-08-17 15:48 . 2010-08-17 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-11 22:38 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 22:38 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 22:38 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 22:38 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 22:38 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 22:38 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 22:38 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-09 21:57 . 2010-08-10 15:28 -------- d-----w- c:\users\Anne\AppData\Roaming\NeopleLauncherDFO
2010-08-08 22:12 . 2010-08-09 03:16 -------- d-----w- c:\users\Anne\AppData\Local\suukvutvy
2010-08-06 23:14 . 2010-08-06 23:14 -------- d-----w- c:\users\Anne\AppData\Local\Mozilla
2010-08-06 01:32 . 2010-08-06 04:19 -------- d-----w- c:\users\Anne\AppData\Local\efdgowdwx
2010-08-05 03:49 . 2010-08-05 03:49 -------- d-----w- c:\users\Anne\AppData\Roaming\Malwarebytes
2010-08-05 03:49 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-05 03:49 . 2010-08-05 03:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-05 03:49 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-05 03:30 . 2010-08-05 03:21 363520 ----a-w- c:\temp\iExplore.exe
2010-08-05 02:55 . 2010-08-05 13:19 -------- d-----w- c:\users\Anne\AppData\Local\wsusdoifb
2010-08-01 13:13 . 2010-08-01 13:13 -------- d-----w- c:\users\Anne\AppData\Local\Absolute_Software
2010-07-26 20:25 . 2010-07-26 20:25 -------- d-----w- c:\program files\AIM
2010-07-26 20:24 . 2010-07-26 20:24 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-07-26 19:26 . 2010-07-26 19:26 -------- d-----w- c:\program files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 14:32 . 2008-06-30 19:23 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-17 14:32 . 2008-06-27 02:05 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-08-12 07:25 . 2008-06-18 05:12 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-12 07:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-05 19:55 . 2008-09-14 20:47 -------- d-----w- c:\users\Anne\AppData\Roaming\gtk-2.0
2010-08-02 19:30 . 2009-09-23 03:57 -------- d-----w- c:\program files\Safari
2010-07-26 19:27 . 2008-08-11 17:36 -------- d-----w- c:\program files\iTunes
2010-07-26 19:26 . 2008-08-11 17:34 -------- d-----w- c:\program files\Common Files\Apple
2010-07-21 11:18 . 2009-06-17 18:18 680 ----a-w- c:\users\Anne\AppData\Local\d3d9caps.dat
2010-07-16 21:54 . 2010-07-16 21:54 -------- d-----w- c:\program files\Absolute Software
2010-07-16 21:54 . 2010-07-16 21:54 29184 ----a-w- c:\windows\system32\CtLoJack.dll
2010-07-12 16:52 . 2010-07-16 21:47 49584 ----a-w- c:\windows\system32\AbtSvcHost_.exe
2010-07-12 16:52 . 2010-07-12 16:52 49584 ----a-w- c:\windows\system32\AbtSvcHost.exe
2010-07-06 20:03 . 2009-10-14 01:17 -------- d-----w- c:\users\Anne\AppData\Roaming\CallingID
2010-07-02 01:59 . 2008-06-18 10:22 -------- d-----w- c:\program files\Common Files\Java
2010-07-02 01:58 . 2008-06-18 10:22 -------- d-----w- c:\program files\Java
2010-06-26 13:33 . 2010-06-26 13:33 -------- d-----w- c:\program files\Gpotato
2010-06-26 06:05 . 2010-08-11 22:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 22:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 22:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 22:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 03:54 . 2010-06-26 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-25 07:03 . 2008-08-11 19:12 -------- d-----w- c:\program files\Microsoft.NET
2010-06-24 13:14 . 2010-04-11 21:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-24 12:19 . 2010-06-24 16:22 53632 ----a-w- c:\users\Anne\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-24 12:19 . 2010-04-11 21:20 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-21 22:10 . 2010-06-21 22:10 -------- d-----w- c:\program files\Bonjour
2010-06-21 13:37 . 2010-08-11 22:39 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 16:16 . 2010-08-11 22:39 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-09 03:57 . 2009-10-14 01:16 91472 ----a-w- c:\windows\system32\isafprod.dll
2010-06-03 19:10 . 2009-10-14 01:16 746216 ----a-w- c:\windows\system32\drivers\vetefile.sys
2010-06-03 19:10 . 2009-10-14 01:16 130280 ----a-w- c:\windows\system32\drivers\veteboot.sys
2010-05-27 20:08 . 2010-08-11 22:39 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-09 04:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 04:11 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 04:14 . 2008-06-30 19:24 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-05-21 18:14 . 2009-10-14 01:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2008-06-18 10:26 . 2008-06-18 10:26 76 --sh--r- c:\windows\CT4CET.bin
2009-10-14 01:22 . 2009-10-14 01:15 204800 --sha-w- c:\windows\rnapxs\Rnapxs.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-18 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SharpTray"="c:\program files\Sharp\Sharpdesk\SharpTray.exe" [2004-03-06 28672]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-02-25 1103216]
"QQ2009"="c:\program files\Tencent\QQ2009\Bin\QQ.exe" [2010-04-07 144712]
"Aim"="c:\program files\AIM\aim.exe" [2010-04-19 3972440]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-01 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"atwtusb"="atwtusb.exe" [2007-05-31 323232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-01-30 96800]
"Google IME Autoupdater"="c:\program files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-05-26 255472]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-10-14 181488]
"dvHighMem"="c:\windows\cfgmng32.exe" [2009-06-01 10940416]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2010-06-09 230736]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2009-10-14 14088]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-28 771312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-28 173296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-15 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-18 68856]

c:\users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Button Manager B.lnk - c:\program files\Sharp\Button Manager B\btnman.exe [2008-9-25 106496]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-06-23 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(B):88,65,3a,40,33,39,ca,01

R1 aiptektp;Pen Pad;c:\windows\system32\DRIVERS\aiptektp.sys [2006-06-06 22528]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c8ff243bc486e0;Google Update Service (gupdate1c8ff243bc486e0);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-29 133104]
R3 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-01 30192]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-02 3623304]
R3 scsk5;SCSK5 Driver Service;c:\windows\system32\drivers\scsk5.sys [x]
R3 scskusbf;USB SCSK Filter Driver Service;c:\windows\system32\drivers\scskusbf.sys [2009-04-03 18184]
R3 scskusbs;USB SCSK Driver Service;c:\windows\system32\drivers\scskusbs.sys [2009-04-03 175872]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva202;XDva202;c:\windows\system32\XDva202.sys [x]
R3 XDva225;XDva225;c:\windows\system32\XDva225.sys [x]
R3 XDva257;XDva257;c:\windows\system32\XDva257.sys [x]
R3 XDva262;XDva262;c:\windows\system32\XDva262.sys [x]
R3 XDva270;XDva270;c:\windows\system32\XDva270.sys [x]
R3 XDva275;XDva275;c:\windows\system32\XDva275.sys [x]
R3 XDva280;XDva280;c:\windows\system32\XDva280.sys [x]
R3 XDva281;XDva281;c:\windows\system32\XDva281.sys [x]
R3 XDva300;XDva300;c:\windows\system32\XDva300.sys [x]
R3 XDva310;XDva310;c:\windows\system32\XDva310.sys [x]
R3 XDva323;XDva323;c:\windows\system32\XDva323.sys [x]
R3 XDva337;XDva337;c:\windows\system32\XDva337.sys [x]
R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [x]
R3 XDva351;XDva351;c:\windows\system32\XDva351.sys [x]
R4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
S2 AbtSvcHost;AbtSvcHost;c:\windows\system32\AbtSvcHost_.exe [2010-07-12 49584]
S2 WinSvchostManager;WinSock Svchost Manager;c:\windows\System32\svcprs32.exe [2009-06-01 1400832]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2010-05-27 185680]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-08-11 c:\windows\Tasks\CAAntiSpywareScan_Daily as Anne at 9 17 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2009-10-14 19:07]

2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-15 19:29]

2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-15 19:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tdameritrade.com/welcome1.html
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Add to QQ Customized Emoticons - c:\program files\Tencent\QQ\AddEmotion.htm
IE: Add to QQ Customized Panel - c:\program files\Tencent\QQ\AddPanel.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send Picture with QQ MMS - c:\program files\Tencent\QQ\SendMMS.htm
IE: QQ - c:\program files\Tencent\QQ2009\Bin\AddEmotion.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\program files\Tencent\QQ\QQ.EXE
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: dacom.net
Trusted Zone: epaygen.co.kr
Trusted Zone: epaygen.com
Trusted Zone: hanabank.com
Trusted Zone: hyundaicard.com
Trusted Zone: inicis.com
Trusted Zone: internet
Trusted Zone: jbbank.co.kr
Trusted Zone: kjbank.com
Trusted Zone: lgcard.com
Trusted Zone: lottecard.co.kr
Trusted Zone: macromedia.com
Trusted Zone: mcafee.com
Trusted Zone: nprotect.net
Trusted Zone: samsungcard.co.kr
Trusted Zone: shinhancard.com
Trusted Zone: suhyup.co.kr
Trusted Zone: vpay.co.kr
Trusted Zone: yescard.co.kr
FF - ProfilePath - c:\users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\hw8w6q6m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tdameritrade.com/welcome1.html
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 6522
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Lively\nplively.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.txt=
.
- - - - ORPHANS REMOVED - - - -

BHO-{B1BE275B-78BF-4A33-81AB-380699CFF329} - (no file)
Toolbar-{B3535C18-0E70-4D4B-B36B-BBFE139BB144} - (no file)
WebBrowser-{B3535C18-0E70-4D4B-B36B-BBFE139BB144} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 11:49
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1504)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(908)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2010-08-17 11:58:45
ComboFix-quarantined-files.txt 2010-08-17 15:58

Pre-Run: 117,679,017,984 bytes free
Post-Run: 120,200,429,568 bytes free

- - End Of File - - 5AF06ACDA4B6E89D8F51315962E56100

Edited by xKitt, 17 August 2010 - 11:10 AM.


#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:34 PM

Posted 18 August 2010 - 08:44 AM

Hello xKitt.

I have a question before we proceed.
  • Did you meaningfully install Tencent QQ?

If you did not, please go to Add/Remove Programs and uninstall anything containing the terms Tencent or QQ.

Let me know, and we'll go from there.

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#7 xKitt

xKitt
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 18 August 2010 - 03:11 PM

Yes, I downloaded it on purpose about a year ago. I don't think the problem originated from there, though.
Tencent QQ is the most popular Chinese instant messenger, so maybe there's the Chinese government monitoring from it...

I'd rather not get rid of it until I find an alternative to communicating with my Chinese peers. Is that alright?

Also, does this mean that you can't find any more traces to the Antivir Solution Pro?

#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:34 PM

Posted 19 August 2010 - 11:01 AM

QUOTE
I'd rather not get rid of it until I find an alternative to communicating with my Chinese peers. Is that alright?

Yes, that's perfectly alright. If you purposefully downloaded it then it's fine to use. No need to worry about finding a replacement for it. I only asked because recently there have been some cases of items related to QQ being downloaded without user knowledge.

QUOTE
Also, does this mean that you can't find any more traces to the Antivir Solution Pro?

We still have some work to do, but I wanted to address that first. I have to leave right now, but will respond again with further instructions tonight.

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#9 xKitt

xKitt
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 21 August 2010 - 11:03 AM

Okay, thanks.
Forgot to reply to this, but figure that I might as well now ^^

#10 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:34 PM

Posted 22 August 2010 - 06:16 AM

Yikes. . . . sorry about the delay.

Please download: DelDomains.inf
Locate DelDomains.inf right-click and select: Install
Note: you will not see any on-screen action ...
This will remove all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones.
Note once you do this, any previous restricted zone hacks (spywareblaster, ie-spyad, etc) will need to be reapplyed.[/list]

***************************************************

1. Open notepad and copy/paste the text in the codebox below into it:

CODE
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=-

DDS::
uStart Page =
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer =

Firefox::
FF - ProfilePath - c:\users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\hw8w6q6m.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.type -


Save this as CFScript.txt, in the same location as renamed.exe

2. Close any open browsers.

3. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.



Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

~Blade


In your next reply, please include the following:
ComboFix Log
How is the computer running now?

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#11 xKitt

xKitt
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 22 August 2010 - 07:11 PM

Sorry for the stupid question, but what should be right-clicked in order to find the Install option for DelDomains?

#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:34 PM

Posted 22 August 2010 - 09:22 PM

Download the file to your Desktop, then right click it.

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#13 xKitt

xKitt
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 23 August 2010 - 08:59 AM

Can't really download or install anything if all I see is this. [see attached]
Am I missing something?

( Sorry for the delay again. )

Attached Files



#14 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:34 PM

Posted 23 August 2010 - 09:49 AM

Ah I see. okay.

from the page you just showed to me, click File>Save Page As. Save it to your desktop as deldomains.inf and then continue with the instructions above.

Let me know if that doesn't work.

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#15 xKitt

xKitt
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 24 August 2010 - 12:37 PM

Worked as you said.
I just ran ComboFix about an hour ago, got the log up, but as I was putting CA Antispyware back up, I allowed it to restart the computer thinking that the program would let me restart the computer at a later time.
Checked the Qoobox folder, but couldn't find a log for today's scan.
Is the log on my computer somewhere, or should I run ComboFix again?

( Just recently, all of my running programs go unresponsive after a minute or two, and take about five minutes to get back to normal, including Windows Explorer and Windows Task Manager. Firefox was [Not Responding] three times while I typed this. I'm guessing that this is unrelated to ComboFix, but just making sure. )




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users