Api.Mybrowserbar.com [Solved]

Hello again

Welcome back to the Malware Forum.

I see you have some additions to the OTL log that weren't there in your last logs when we met earlier this month.

These ones are regarded as foistware they come bundled with adware.

Let's see what we can do about them.

Now

Please run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :processes
  
  :OTL
  IE - URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
  O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
  O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
  O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
  O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
  
  :Files
  C:\Program Files\Search Settings
  :Commands
  [purity]
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• It will produce a log for you on reboot, please post that log in your next reply.

Next

• Close all windows and open OTL again.
• Click Run Scan and let the program run uninterrupted
• It will produce a log for you. Post the log here.

So when you come back please post

• OTL fix log
• OTL scan results

Hello again old friend! I have to say I'm glad to see a familiar face on the case Foistware eh? Seems there's no limit to the amount of ways I can screw up this machine Alright, here we go.

OTL Run Fix Log

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
C:\Program Files\Search Settings\kb128\SearchSettings.dll unregistered successfully.
C:\Program Files\Search Settings\kb128\SearchSettings.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll NOT unregistered.
C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Program Files\Search Settings\kb128\SearchSettings.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
File C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\Search Settings\SearchSettings.exe moved successfully.
========== FILES ==========
C:\Program Files\Search Settings\kb128\temp moved successfully.
C:\Program Files\Search Settings\kb128\res moved successfully.
C:\Program Files\Search Settings\kb128 moved successfully.
C:\Program Files\Search Settings moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

User: Default User

User: Public

User: Xu
->Temp folder emptied: 74384037 bytes
->Temporary Internet Files folder emptied: 2770487 bytes
->Java cache emptied: 129296 bytes
->FireFox cache emptied: 52573217 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 1374 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 123.84 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.0.10.7 log created on 08242009_000129

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL Log After Reboot

OTL logfile created on: 24/08/2009 12:07:31 AM - Run 4
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Xu\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 121.38 Gb Free Space | 42.51% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.98 Gb Free Space | 49.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PROXY
Current User Name: Xu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/05/27 18:00:32 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/06/09 07:11:14 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/12/08 14:34:40 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2007/12/08 14:34:10 | 02,506,752 | ---- | M] (Dell Inc.) -- C:\Windows\System32\bcmwltry.exe
PRC - [2009/05/27 18:00:32 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2007/04/16 23:05:52 | 00,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
PRC - [2007/09/20 15:31:10 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/02 15:22:15 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/07/24 18:02:44 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/02/15 18:25:34 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
PRC - [2009/07/02 15:22:16 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/02 15:22:16 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/07/19 08:40:06 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/07/02 15:22:16 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/04/10 23:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/06/16 16:26:31 | 01,320,288 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/01/20 19:23:41 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe
PRC - [2009/01/29 15:11:32 | 00,052,392 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/07/26 14:40:41 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/05/10 01:01:00 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/04/16 22:55:00 | 00,053,776 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\psqltray.exe
PRC - [2007/07/24 18:02:42 | 00,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/12/08 14:34:40 | 03,444,736 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2009/07/02 15:22:16 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/07/02 13:29:22 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/06/03 14:46:38 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/10 23:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/01/20 19:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/20 19:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/02/22 17:01:38 | 01,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2009/04/23 06:29:14 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/23 06:29:18 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/01/20 19:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2007/05/22 14:18:56 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/01/20 19:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2009/04/10 23:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/04/10 23:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2006/09/08 15:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\HidFind.exe
PRC - [2007/06/06 16:44:44 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apntex.exe
PRC - [2009/04/10 23:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/08/04 17:56:38 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/23 14:09:14 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Xu\Desktop\OTL.exe
PRC - [2009/06/03 14:46:38 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/09/20 15:31:10 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe -- (AESTFilters [Auto | Running])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/07/19 08:40:06 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/07/02 15:22:15 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/03/29 21:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/06/09 07:11:14 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService [Auto | Running])
SRV - [2008/01/20 19:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/04/10 23:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/02/18 11:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/08/15 06:17:50 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist [On_Demand | Stopped])
SRV - [2007/07/24 18:02:44 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON [Auto | Running])
SRV - [2009/02/18 11:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/02/18 11:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/05/27 18:00:32 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2009/06/03 14:46:38 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter [Auto | Running])
SRV - [2008/02/15 18:25:34 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2008/01/20 19:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2007/12/08 14:34:40 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2008/01/20 19:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/01/20 19:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008/01/20 19:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008/01/20 19:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008/01/20 19:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 02:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/01/20 19:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2007/06/25 18:53:10 | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2008/01/20 19:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008/01/20 19:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/07/19 08:40:25 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/07/02 15:22:20 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/07/02 15:22:26 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2007/12/06 21:52:48 | 01,044,984 | ---- | M] (Broadcom Corp.) -- C:\Windows\System32\DRIVERS\bcmwl6.sys -- (BCM43XX [On_Demand | Running])
DRV - [2006/11/02 01:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 01:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 01:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 01:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 01:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 01:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/20 19:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008/01/20 19:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2009/02/17 10:11:30 | 00,024,232 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
DRV - [2008/01/20 19:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/01/20 19:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2007/04/25 12:17:36 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2008/01/20 19:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 02:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 02:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 02:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008/01/20 19:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2008/01/20 19:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008/01/20 19:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2006/11/02 02:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 02:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 00:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2009/05/27 16:04:00 | 09,850,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2008/01/20 19:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008/01/20 19:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2007/10/11 01:03:00 | 00,235,648 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\DRIVERS\OEM02Dev.sys -- (OEM02Dev [On_Demand | Running])
DRV - [2007/03/05 18:45:04 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) -- C:\Windows\System32\DRIVERS\OEM02Vfx.sys -- (OEM02Vfx [On_Demand | Running])
DRV - [2008/01/20 19:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2008/02/15 18:01:18 | 00,046,592 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2007/07/30 10:42:58 | 00,043,008 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])
DRV - [2007/07/30 11:54:02 | 00,038,400 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Running])
DRV - [2006/11/01 23:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/20 19:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2008/02/15 18:27:02 | 00,330,752 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2006/11/02 02:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 02:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 02:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2009/07/25 15:34:05 | 00,044,288 | ---- | M] () -- C:\Users\Xu\Desktop\SysProtDrv.sys -- (SysProtDrv.sys [On_Demand | Stopped])
DRV - [2007/09/10 16:50:02 | 00,047,120 | ---- | M] (UPEK Inc.) -- C:\Windows\System32\Drivers\tcusb.sys -- (TcUsb [On_Demand | Running])
DRV - [2008/01/20 19:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2009/04/08 05:47:33 | 00,029,696 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\System32\DRIVERS\VClone.sys -- (VClone [On_Demand | Running])
DRV - [2008/01/20 19:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007/12/06 09:51:00 | 00,298,496 | ---- | M] (Marvell) -- C:\Windows\System32\DRIVERS\yk60x86.sys -- (yukonwlh [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3053924517-2714169248-3537610253-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3053924517-2714169248-3537610253-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-21-3053924517-2714169248-3537610253-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKU\S-1-5-21-3053924517-2714169248-3537610253-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3053924517-2714169248-3537610253-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3053924517-2714169248-3537610253-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 F1 1E EC 9E 23 CA 01 [binary data]
IE - HKU\S-1-5-21-3053924517-2714169248-3537610253-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3053924517-2714169248-3537610253-1000\S-1-5-21-3053924517-2714169248-3537610253-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3053924517-2714169248-3537610253-1000\S-1-5-21-3053924517-2714169248-3537610253-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://search.yahoo....type=867034&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/02 21:44:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/07/14 17:20:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/07/26 14:40:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/04 17:56:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 17:56:52 | 00,000,000 | ---D | M]

[2009/07/03 23:30:01 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\mozilla\Extensions
[2009/07/03 23:30:01 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/23 21:23:01 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\mozilla\Firefox\Profiles\9icj02pf.default\extensions
[2009/07/03 23:33:23 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\mozilla\Firefox\Profiles\9icj02pf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/15 21:55:36 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\mozilla\Firefox\Profiles\9icj02pf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/14 15:33:22 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\mozilla\Firefox\Profiles\9icj02pf.default\extensions\[email protected]
[2009/08/22 19:58:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/26 15:17:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
[2009/08/04 17:56:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/15 14:14:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/17 10:58:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/04 15:52:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/07/26 15:17:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/08/04 17:56:37 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 17:56:37 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/04 17:56:40 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/26 14:40:51 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/04 00:19:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/04 00:19:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/04 00:19:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/04 00:19:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/04 00:19:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/04 00:19:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/04 00:19:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/26 14:41:03 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/07/26 14:40:48 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/08/04 17:56:43 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/04 17:56:43 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/04 17:56:43 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/04 17:56:43 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/04 17:56:43 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/04 17:56:43 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/22 19:49:01 | 00,000,865 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (56 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-21-3053924517-2714169248-3537610253-1000..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-3053924517-2714169248-3537610253-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3053924517-2714169248-3537610253-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3053924517-2714169248-3537610253-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Xu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Xu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3053924517-2714169248-3537610253-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3053924517-2714169248-3537610253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3053924517-2714169248-3537610253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-3053924517-2714169248-3537610253-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.146.192.16 24.113.32.29 24.113.32.30 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/24 00:01:29 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/23 17:42:21 | 00,061,440 | ---- | C] ( ) -- C:\Users\Xu\Desktop\VEW.exe
[2009/08/23 14:09:11 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Xu\Desktop\OTL.exe
[2009/08/21 17:35:23 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/08/21 09:40:43 | 00,000,000 | ---D | C] -- C:\Windows\Temp
[2009/08/21 08:20:04 | 00,000,000 | ---D | C] -- C:\Users\Xu\AppData\Roaming\Auslogics
[2009/08/21 08:20:01 | 00,000,943 | ---- | C] () -- C:\Users\Xu\Desktop\Auslogics Disk Defrag.lnk
[2009/08/21 08:20:00 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009/08/20 23:03:28 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2009/08/20 19:18:06 | 00,004,608 | ---- | C] () -- C:\Users\Xu\Desktop\w9xpopen.exe
[2009/08/20 19:18:04 | 01,867,776 | ---- | C] () -- C:\Users\Xu\Desktop\python24.dll
[2009/08/20 19:18:04 | 00,013,824 | ---- | C] () -- C:\Users\Xu\Desktop\ogmtoavi.exe
[2009/08/20 19:18:04 | 00,000,000 | ---D | C] -- C:\Users\Xu\Desktop\vorbistools
[2009/08/20 19:18:04 | 00,000,000 | ---D | C] -- C:\Users\Xu\Desktop\source
[2009/08/20 19:18:02 | 00,275,668 | ---- | C] () -- C:\Users\Xu\Desktop\library.zip
[2009/08/20 19:18:02 | 00,000,000 | ---D | C] -- C:\Users\Xu\Desktop\OGMDemuxer
[2009/08/20 19:18:00 | 00,000,000 | ---D | C] -- C:\Users\Xu\Desktop\besweet
[2009/08/20 19:18:00 | 00,000,000 | ---D | C] -- C:\Users\Xu\Desktop\AVImux
[2009/08/19 10:46:24 | 00,744,740 | ---- | C] () -- C:\Windows\System32\oem16.inf
[2009/08/19 10:35:46 | 00,001,243 | ---- | C] () -- C:\Users\Xu\Documents\instruction.rtf
[2009/08/18 16:15:13 | 00,000,412 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{BBF1942C-A11A-4F82-BECB-02A073B814A3}.job
[2009/08/18 15:34:06 | 00,001,929 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2009/08/18 15:34:06 | 00,001,815 | ---- | C] () -- C:\Users\Xu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2009/08/18 15:34:06 | 00,001,030 | ---- | C] () -- C:\Users\Xu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2009/08/16 02:58:17 | 00,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2009/08/16 02:58:17 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2009/08/16 02:58:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/08/15 08:40:20 | 02,414,012 | -H-- | C] () -- C:\Users\Xu\AppData\Local\IconCache.db
[2009/08/15 08:07:25 | 00,022,729 | ---- | C] () -- C:\newkey
[2009/08/15 08:07:25 | 00,022,729 | ---- | C] () -- C:\newfile.enc
[2009/08/15 08:00:45 | 56,396,264 | ---- | C] () -- C:\Users\Xu\Desktop\Dell_multi-device_A17_R174292.exe
[2009/08/15 07:40:01 | 37,560,64768 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/15 07:23:50 | 55,353,248 | ---- | C] () -- C:\Users\Xu\Desktop\R200183.EXE
[2009/08/15 06:17:56 | 00,000,000 | ---D | C] -- C:\Program Files\Citrix
[2009/08/14 00:41:31 | 00,000,000 | ---D | C] -- C:\Users\Xu\Documents\ZSNES
[2009/08/13 23:27:54 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/08/13 23:27:53 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/08/13 23:27:53 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/08/13 23:27:53 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/08/13 23:27:52 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/08/13 23:27:52 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/08/13 23:27:52 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/08/13 23:27:52 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/08/13 23:27:51 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/08/13 23:27:51 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/08/13 23:27:51 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/08/13 23:27:51 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/08/13 23:27:51 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/08/13 23:27:51 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/08/13 23:27:50 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/08/13 23:27:50 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/08/13 23:27:50 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/08/13 23:27:50 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/08/13 23:27:49 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/08/13 23:27:48 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/08/13 23:27:47 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/08/13 23:26:21 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/08/13 23:26:20 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/08/13 23:26:20 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/08/13 23:26:20 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/08/13 23:26:19 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/08/13 23:26:19 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/08/13 23:26:19 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/08/13 23:26:18 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/08/13 23:26:18 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/08/13 23:26:18 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/08/13 23:26:18 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/08/13 23:26:17 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/08/13 23:26:17 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/08/13 23:26:17 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/08/13 23:26:17 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/08/13 23:26:17 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/08/13 23:26:16 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/08/13 23:26:16 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/08/13 23:26:16 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/08/13 23:26:16 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/08/13 23:26:15 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/08/13 23:26:15 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/08/13 23:26:15 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/08/13 23:26:14 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/08/13 23:26:14 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/08/13 23:26:14 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/08/13 23:26:13 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/08/13 23:26:13 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/08/13 23:26:12 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/08/13 23:26:12 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/08/13 23:26:12 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/08/13 23:26:12 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/08/13 23:26:12 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/08/13 23:26:12 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/08/13 23:25:24 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/08/13 23:25:24 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/08/13 23:25:24 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/08/13 23:25:24 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/08/13 23:25:23 | 01,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/08/13 23:25:23 | 00,439,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/08/13 23:25:23 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/08/13 23:25:23 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/08/13 23:24:43 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/13 23:24:42 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/13 23:24:38 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/13 23:23:46 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/13 23:23:38 | 10,628,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/13 23:23:36 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/13 23:23:36 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/13 23:23:36 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/13 23:23:36 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/13 23:23:35 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/13 23:23:27 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/13 23:23:27 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/13 23:16:14 | 00,031,586 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/13 23:15:35 | 00,031,586 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/12 10:47:07 | 00,027,050 | ---- | C] () -- C:\Users\Xu\AppData\Roaming\nvModes.001
[2009/08/12 10:43:29 | 00,027,050 | ---- | C] () -- C:\Users\Xu\AppData\Roaming\nvModes.dat
[2009/08/12 10:12:04 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009/08/12 08:32:26 | 00,000,000 | ---D | C] -- C:\Users\Xu\AppData\Local\NCSoft
[2009/08/12 01:59:19 | 00,000,000 | ---D | C] -- C:\Program Files\City of Heroes
[2009/08/06 01:57:25 | 00,000,000 | ---D | C] -- C:\Users\Xu\Documents\SimCity 4
[2009/08/06 01:47:48 | 00,000,532 | ---- | C] () -- C:\Windows\eReg.dat
[2009/08/06 01:47:38 | 00,000,000 | ---D | C] -- C:\Program Files\Maxis
[2009/08/04 18:07:50 | 00,000,000 | ---D | C] -- C:\Users\Xu\Documents\Voice Recordings
[2009/08/04 15:52:27 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/08/04 15:52:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/08/04 15:52:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/07/28 02:47:49 | 00,000,945 | ---- | C] () -- C:\Users\Xu\Desktop\Launch Internet Explorer Browser.lnk
[2009/07/27 17:04:21 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/07/27 17:03:56 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/07/27 17:03:50 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/07/26 15:17:40 | 00,000,000 | ---D | C] -- C:\Program Files\Dealio Toolbar
[2009/07/26 15:17:25 | 00,299,008 | ---- | C] (Koyote Soft - http://www.koyotesoft.com) -- C:\Windows\System32\TubeFinder.exe
[2009/07/26 15:17:22 | 00,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx
[2009/07/26 15:17:22 | 00,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb
[2009/07/26 15:17:22 | 00,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6FR.DLL
[2009/07/26 15:17:22 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6STKIT.DLL
[2009/07/26 15:17:22 | 00,084,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PICCLP32.OCX
[2009/07/26 15:17:21 | 00,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2009/07/26 15:17:21 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCFR.DLL
[2009/07/26 15:17:21 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGFR.DLL
[2009/07/26 15:17:21 | 00,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx
[2009/07/26 15:17:21 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PCCLPFR.DLL
[2009/07/26 15:17:21 | 00,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter
[2009/07/26 14:40:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/07/26 14:40:57 | 00,001,039 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2009/07/26 14:40:51 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009/07/26 14:40:45 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2009/07/26 14:40:45 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2009/07/26 14:40:44 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/07/26 14:40:44 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/07/26 14:40:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009/07/26 14:40:30 | 00,000,000 | ---D | C] -- C:\Users\Xu\AppData\Roaming\Real
[2009/07/25 18:22:14 | 00,000,000 | ---D | C] -- C:\Users\Xu\AppData\Local\temp
[2009/07/25 15:34:05 | 00,044,288 | ---- | C] () -- C:\Users\Xu\Desktop\SysProtDrv.sys
[2009/07/17 20:50:36 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/02 13:24:46 | 00,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Files - Modified Within 30 Days ==========

[2009/08/24 00:09:53 | 00,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BBF1942C-A11A-4F82-BECB-02A073B814A3}.job
[2009/08/24 00:06:22 | 00,031,586 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/08/24 00:05:04 | 00,031,586 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/08/24 00:04:48 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/24 00:04:48 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/24 00:04:44 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/24 00:04:41 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/24 00:04:39 | 37,560,64768 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/24 00:03:26 | 00,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2009/08/23 18:38:25 | 40,111,326 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/08/23 18:38:25 | 00,068,038 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/08/23 17:42:21 | 00,061,440 | ---- | M] ( ) -- C:\Users\Xu\Desktop\VEW.exe
[2009/08/23 14:09:14 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Xu\Desktop\OTL.exe
[2009/08/22 18:46:40 | 00,098,304 | ---- | M] () -- C:\Users\Xu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/21 19:47:24 | 00,001,356 | ---- | M] () -- C:\Users\Xu\AppData\Local\d3d9caps.dat
[2009/08/21 17:54:42 | 02,414,012 | -H-- | M] () -- C:\Users\Xu\AppData\Local\IconCache.db
[2009/08/21 08:20:01 | 00,000,943 | ---- | M] () -- C:\Users\Xu\Desktop\Auslogics Disk Defrag.lnk
[2009/08/19 10:35:46 | 00,001,243 | ---- | M] () -- C:\Users\Xu\Documents\instruction.rtf
[2009/08/18 05:30:17 | 00,022,729 | ---- | M] () -- C:\newkey
[2009/08/18 05:30:17 | 00,022,729 | ---- | M] () -- C:\newfile.enc
[2009/08/15 08:06:48 | 56,396,264 | ---- | M] () -- C:\Users\Xu\Desktop\Dell_multi-device_A17_R174292.exe
[2009/08/15 07:24:46 | 55,353,248 | ---- | M] () -- C:\Users\Xu\Desktop\R200183.EXE
[2009/08/13 23:51:02 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/08/13 23:32:08 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/13 23:32:08 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/13 23:32:08 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/13 23:03:13 | 00,027,050 | ---- | M] () -- C:\Users\Xu\AppData\Roaming\nvModes.001
[2009/08/12 19:12:20 | 00,027,050 | ---- | M] () -- C:\Users\Xu\AppData\Roaming\nvModes.dat
[2009/08/06 01:47:48 | 00,000,532 | ---- | M] () -- C:\Windows\eReg.dat
[2009/07/29 17:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/07/28 02:47:49 | 00,000,945 | ---- | M] () -- C:\Users\Xu\Desktop\Launch Internet Explorer Browser.lnk
[2009/07/27 17:04:21 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/07/26 14:40:57 | 00,001,039 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2009/07/26 14:40:51 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009/07/26 14:40:45 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2009/07/26 14:40:45 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2009/07/26 14:40:44 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/07/25 18:13:24 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/07/25 15:34:05 | 00,044,288 | ---- | M] () -- C:\Users\Xu\Desktop\SysProtDrv.sys
[2009/07/25 05:23:07 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/07/25 05:23:07 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/07/25 05:23:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/07/25 05:23:00 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
< End of report >




A.X.

Hello again AgentXu,

Disable resident protections (Antivirus...); re-enable them after the scan

Download ToolBar S&D < here

Double-click ToolBar S&D.exe
Choose the language, then choose Option 2 (Fix)
Wait till the end of the scan
Post the log which was created: (%SystemDrive%\TB.txt)

Here we are,

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel® Core™2 Duo CPU T5750 @ 2.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A12
USER : Xu ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:285 Go (Free:121 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:4 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 24/08/2009| 0:54 )

[ UAC => 1 ]

-----------\\ FIX

Deleted! - C:\Program Files\Mozilla Firefox\extensions\[email protected]

-----------\\ Searching for Files - Folders ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft...ie&ar=iesearch"
"Start Page"="http://go.microsoft..../?LinkId=69157"
"Start Page Redirect Cache"="http://www.msn.com/"
"Url"="http://go.microsoft..../?LinkId=44406"
"Url"="http://go.microsoft..../?LinkId=68928"
"Url"="http://go.microsoft..../?LinkId=68929"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
"Local Page"="C:\\Windows\\System32\\blank.htm"


--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\Users\Xu\AppData\Roaming\uTorrent\SimCity 4 Deluxe + Crack.torrent
C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks
C:\Users\Xu\Downloads\Games\SimCity 4 Deluxe + Crack
C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\CIV4.iso
C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\CIV4Beyond the sword.iso
C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Civ4BeyondTheSwordPatch3.13.exe
C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\CIV4Warlords.iso
C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\ReadMeFirst!! Installation Instructions - CorbeTTCajun.txt
C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Support My Efforts- CorbeTTCajun
C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Support My Efforts- CorbeTTCajun\For Health & Prosperity Click Here!.url
C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Support My Efforts- CorbeTTCajun\God's Yellow Pages.url
C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Support My Efforts- CorbeTTCajun\MannaTech.url
C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Support My Efforts- CorbeTTCajun\Work From Home!.url
C:\Users\Xu\Downloads\Games\SimCity 4 Deluxe + Crack\Crack
C:\Users\Xu\Downloads\Games\SimCity 4 Deluxe + Crack\~uTorrentPartFile_4FA359F1.dat
C:\Users\Xu\Music\iTunes\iTunes Music\Tracy Bonham\Tracy Bonham - Burdens of Being Upright\05 Brain Crack.mp3


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 24/08/2009| 0:54 - Option : [2]

-----------\\ Scan completed at 0:54:53.66

Hello AgentXu,

Cracks and kegens inevitable lead to infection.

Please run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :processes
  
  :Files
  C:\Users\Xu\AppData\Roaming\uTorrent\SimCity 4 Deluxe + Crack.torrent
  C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks
  C:\Users\Xu\Downloads\Games\SimCity 4 Deluxe + Crack
  C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\CIV4.iso
  C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\CIV4Beyond the sword.iso
  C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Civ4BeyondTheSwordPatch3.13.exe
  C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\CIV4Warlords.iso
  C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\ReadMeFirst!! Installation Instructions - CorbeTTCajun.txt
  C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Support My Efforts- CorbeTTCajun
  C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Support My Efforts- CorbeTTCajun\For Health & Prosperity Click Here!.url
  C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Support My Efforts- CorbeTTCajun\God's Yellow Pages.url
  C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Support My Efforts- CorbeTTCajun\MannaTech.url
  C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Support My Efforts- CorbeTTCajun\Work From Home!.url
  C:\Users\Xu\Downloads\Games\SimCity 4 Deluxe + Crack\Crack
  C:\Users\Xu\Downloads\Games\SimCity 4 Deluxe + Crack\~uTorrentPartFile_4FA359F1.dat
  C:\Users\Xu\Music\iTunes\iTunes Music\Tracy Bonham\Tracy Bonham - Burdens of Being Upright\05 Brain Crack.mp3
  :Commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• It will produce a log for you on reboot, please post that log in your next reply.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3. It uses Java Runtime Environment (JRE) .

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

• Read through the requirements and privacy statement and click on Accept button.
• It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Copy and paste that information in your next post.

So when you come back please post

• OTL fix results
• Kaspersky scan results
• and tell me how your computer is now

OTL Log

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Users\Xu\AppData\Roaming\uTorrent\SimCity 4 Deluxe + Crack.torrent moved successfully.
C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Support My Efforts- CorbeTTCajun moved successfully.
C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks moved successfully.
C:\Users\Xu\Downloads\Games\SimCity 4 Deluxe + Crack\Crack moved successfully.
C:\Users\Xu\Downloads\Games\SimCity 4 Deluxe + Crack moved successfully.
File\Folder C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\CIV4.iso not found.
File\Folder C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\CIV4Beyond the sword.iso not found.
File\Folder C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Civ4BeyondTheSwordPatch3.13.exe not found.
File\Folder C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\CIV4Warlords.iso not found.
File\Folder C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\ReadMeFirst!! Installation Instructions - CorbeTTCajun.txt not found.
File\Folder C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Support My Efforts- CorbeTTCajun not found.
File\Folder C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Support My Efforts- CorbeTTCajun\For Health & Prosperity Click Here!.url not found.
File\Folder C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Support My Efforts- CorbeTTCajun\God's Yellow Pages.url not found.
File\Folder C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Support My Efforts- CorbeTTCajun\MannaTech.url not found.
File\Folder C:\Users\Xu\Downloads\Games\Sid Meier's Civilization IV v1.74 + Warlords v2.13 + Beyond the Sword v3.13 + NoCD Cracks\Support My Efforts- CorbeTTCajun\Work From Home!.url not found.
File\Folder C:\Users\Xu\Downloads\Games\SimCity 4 Deluxe + Crack\Crack not found.
File\Folder C:\Users\Xu\Downloads\Games\SimCity 4 Deluxe + Crack\~uTorrentPartFile_4FA359F1.dat not found.
C:\Users\Xu\Music\iTunes\iTunes Music\Tracy Bonham\Tracy Bonham - Burdens of Being Upright\05 Brain Crack.mp3 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

User: Default User

User: Public

User: Xu
->Temp folder emptied: 181355 bytes
->Temporary Internet Files folder emptied: 247150 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29670250 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 632 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 28.71 mb


OTL by OldTimer - Version 3.0.10.7 log created on 08242009_011309

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Kaspersky Report

Monday, August 24, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, August 24, 2009 10:46:16
Records in database: 2683258
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Objects scanned 161292
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 02:19:09

No threats found. Scanned area is clean.
Selected area has been scanned.

My Report

Well, the computer went to sleep and shut down without re-starting immediately after completing these steps. There was a distinctive "CLICK" when the computer went to sleep that is not present when it the original problem is present and the computer re-starts. As for the api.mybrowserbar.com it isn't showing up after the computer went to sleep and woke up again the way it has in the past. Whether or not that means we've beaten any malware I might have had I'm not sure but whatever the case it isn't present now. I'm still reticent to say the problem (sleep/shutdown) is solved so I'll give it a few hours and then I'll give a second report.


A.X.

I'll give it a few hours and then I'll give a second report.

Good idea.

It's looking pretty clean now.

Keep away from those attractive toolbars

Look forward to hearing how you get on.

As I suspected...

I waited for a few hours, turned the computer off, and then re-started it. I waited for everything to boot up and then put the computer sleep. It didn't go to sleep, it re-started.

So unless you think there's something else malware related we might check for I guess I'll go back to the vista forum?


A.X.

Hmm... it bothers me that it seemed to be okay and then it went back to it's bad habits.

Might be a tech problem but let's just make sure nothing is regenerating there.

Please download and save SysProt AntiRootkit to your Desktop.

• double click the Zip file.
• You should now have a folder with SysProt and some other files within it on your Desktop.
• Double-click SysProt and you should see another small window with SysProt underneath it.
• Double-click this and Wizard will appear to guide you through extracting the files.
• Double-click the Sysprot folder
• SysProt will appear with a red cross on black - double-click
• a panel will appear with a number of tabs along the top
• click on the Log tab and check all boxes except the one Hidden objects only
• click the Creat Log button
• it will scan...once finished a panel will appear
• click on Scan all drives
• A log will be created and saved automatically in the same folder.
• Open the text file copy and paste the contents back here in the forum. Close any left open panels.

Next

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

So when you come back please post

• SysProt report
• ComboFix.txt

That the problem re-spawns after turning off is sort of a concern. I tried sleeping/shutting the computer down immediately after I did all of these things and it re-started the computer.


SysProtLog

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\Windows\System32\smss.exe
PID: 572
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 640
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wininit.exe
PID: 692
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 704
Hidden: No
Window Visible: No

Name: C:\Windows\System32\services.exe
PID: 736
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsass.exe
PID: 748
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsm.exe
PID: 756
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 900
Hidden: No
Window Visible: No

Name: C:\Windows\System32\nvvsvc.exe
PID: 944
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 972
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1028
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1060
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1084
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1100
Hidden: No
Window Visible: No

Name: C:\Windows\System32\audiodg.exe
PID: 1172
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1204
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SLsvc.exe
PID: 1220
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1272
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell\DellDock\DockLogin.exe
PID: 1328
Hidden: No
Window Visible: No

Name: C:\Windows\System32\winlogon.exe
PID: 1388
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1452
Hidden: No
Window Visible: No

Name: C:\Windows\System32\nvvsvc.exe
PID: 1648
Hidden: No
Window Visible: No

Name: C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
PID: 1716
Hidden: No
Window Visible: No

Name: C:\Windows\System32\WLTRYSVC.EXE
PID: 1732
Hidden: No
Window Visible: No

Name: C:\Windows\System32\BCMWLTRY.EXE
PID: 1760
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wlanext.exe
PID: 1828
Hidden: No
Window Visible: No

Name: C:\Windows\System32\spoolsv.exe
PID: 212
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 412
Hidden: No
Window Visible: No

Name: C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe
PID: 1916
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 1976
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 612
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 596
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PID: 884
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2080
Hidden: No
Window Visible: No

Name: C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
PID: 2200
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgrsx.exe
PID: 2356
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 2364
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2608
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2652
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchIndexer.exe
PID: 2692
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgemc.exe
PID: 2820
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgcsrvx.exe
PID: 2988
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 3272
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 3528
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dwm.exe
PID: 3584
Hidden: No
Window Visible: No

Name: C:\Windows\explorer.exe
PID: 3660
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell\DellDock\DellDock.exe
PID: 3676
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PID: 2600
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 1796
Hidden: No
Window Visible: No

Name: C:\Windows\OEM02Mon.exe
PID: 2728
Hidden: No
Window Visible: No

Name: C:\Windows\System32\rundll32.exe
PID: 780
Hidden: No
Window Visible: No

Name: C:\Windows\System32\rundll32.exe
PID: 2868
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PID: 808
Hidden: No
Window Visible: No

Name: C:\Windows\System32\WLTRAY.EXE
PID: 968
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgtray.exe
PID: 2732
Hidden: No
Window Visible: No

Name: C:\Program Files\DellTPad\Apoint.exe
PID: 924
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PID: 3228
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Sidebar\sidebar.exe
PID: 1712
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehtray.exe
PID: 3248
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 3288
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell\QuickSet\quickset.exe
PID: 1948
Hidden: No
Window Visible: No

Name: C:\Program Files\OpenOffice.org 3\program\soffice.exe
PID: 3616
Hidden: No
Window Visible: No

Name: C:\Program Files\Fingerprint Reader Suite\psqltray.exe
PID: 3848
Hidden: No
Window Visible: No

Name: C:\Program Files\OpenOffice.org 3\program\soffice.bin
PID: 4032
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 1640
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehmsas.exe
PID: 3444
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 4044
Hidden: No
Window Visible: No

Name: C:\Program Files\DellTPad\ApMsgFwd.exe
PID: 4072
Hidden: No
Window Visible: No

Name: C:\Program Files\DellTPad\hidfind.exe
PID: 4168
Hidden: No
Window Visible: No

Name: C:\Program Files\DellTPad\ApntEx.exe
PID: 4180
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\unsecapp.exe
PID: 4768
Hidden: No
Window Visible: No

Name: C:\Program Files\uTorrent\uTorrent.exe
PID: 2528
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 2856
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PID: 4120
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchProtocolHost.exe
PID: 3736
Hidden: No
Window Visible: No

Name: C:\Program Files\WinRAR\WinRAR.exe
PID: 4368
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunes.exe
PID: 3336
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 1408
Hidden: No
Window Visible: No

Name: C:\Users\Xu\Desktop\SysProt\SysProt.exe
PID: 5944
Hidden: No
Window Visible: Yes

Name: C:\Windows\System32\SearchFilterHost.exe
PID: 4756
Hidden: No
Window Visible: No

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Users\Xu\Desktop\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: 815A5000
Module End: 815B0000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 8221C000
Module End: 825D5000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 825D5000
Module End: 82608000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 80402000
Module End: 80409000
Hidden: No

Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll
Service Name: ---
Module Base: 80409000
Module End: 80479000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 80479000
Module End: 8048A000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 8048A000
Module End: 80492000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 80492000
Module End: 804D3000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 804D3000
Module End: 805B3000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 80608000
Module End: 80684000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 80684000
Module End: 80691000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 80691000
Module End: 806D7000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 806D7000
Module End: 806E0000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 806E0000
Module End: 806E8000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 806E8000
Module End: 8070F000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 8070F000
Module End: 8071E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\compbatt.sys
Service Name: Compbatt
Module Base: 8071E000
Module End: 80721000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: 80721000
Module End: 8072B000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 8072B000
Module End: 8073A000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 8073A000
Module End: 80784000
Hidden: No

Module Name: C:\Windows\system32\drivers\intelide.sys
Service Name: intelide
Module Base: 80784000
Module End: 8078B000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 8078B000
Module End: 80799000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 80799000
Module End: 807A9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\iaStor.sys
Service Name: iaStor
Module Base: 8B60D000
Module End: 8B6CB000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 8B6CB000
Module End: 8B6D3000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 8B6D3000
Module End: 8B6F1000
Hidden: No

Module Name: C:\Windows\system32\drivers\msahci.sys
Service Name: msahci
Module Base: 8B6F1000
Module End: 8B6FB000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 8B6FB000
Module End: 8B72D000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 8B72D000
Module End: 8B73D000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 8B73D000
Module End: 8B7AE000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 8B800000
Module End: 8B90B000
Hidden: No

Module Name: C:\Windows\system32\drivers\msrpc.sys
Service Name: MsRPC
Module Base: 8B90B000
Module End: 8B936000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 8B936000
Module End: 8B971000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 8BA02000
Module End: 8BAEA000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 8BAEA000
Module End: 8BB05000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 8BC0B000
Module End: 8BD1B000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 8BD1B000
Module End: 8BD54000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 8BD54000
Module End: 8BD5C000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 8BD5C000
Module End: 8BD6B000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 8BD6B000
Module End: 8BD92000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 8BD92000
Module End: 8BDA3000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 8BDA3000
Module End: 8BDC4000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 8BDC4000
Module End: 8BDCD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 8BDDA000
Module End: 8BDE5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 8BDE5000
Module End: 8BDEE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: 8BDEE000
Module End: 8BDFD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Service Name: nvlddmkm
Module Base: 8FA08000
Module End: 9036D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvBridge.kmd
Service Name: ---
Module Base: 9036D000
Module End: 9036F000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 9040F000
Module End: 904AE000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 904AE000
Module End: 904BA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: 904BA000
Module End: 904C5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 904C5000
Module End: 90503000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 90503000
Module End: 90512000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 90512000
Module End: 9059F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\yk60x86.sys
Service Name: yukonwlh
Module Base: 9059F000
Module End: 905EB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bcmwl6.sys
Service Name: BCM43XX
Module Base: 9080E000
Module End: 90910000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ohci1394.sys
Service Name: ohci1394
Module Base: 90910000
Module End: 90920000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: 90920000
Module End: 9092E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\sdbus.sys
Service Name: sdbus
Module Base: 9092E000
Module End: 90948000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rimmptsk.sys
Service Name: rimmptsk
Module Base: 90948000
Module End: 90959000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rimsptsk.sys
Service Name: rimsptsk
Module Base: 90959000
Module End: 9096D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rixdptsk.sys
Service Name: rismxdp
Module Base: 9096D000
Module End: 909BF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 909BF000
Module End: 909D2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\Apfiltr.sys
Service Name: ApfiltrService
Module Base: 909D2000
Module End: 909FE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 90800000
Module End: 9080B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 905EB000
Module End: 905F6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 9036F000
Module End: 90387000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: 905F6000
Module End: 90600000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: 90400000
Module End: 90404000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: 90404000
Module End: 9040D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 90387000
Module End: 903B6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 903B6000
Module End: 903F7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 8BC00000
Module End: 8BC0B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 8BBC3000
Module End: 8BBDA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 8BBDA000
Module End: 8BBE5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 8B971000
Module End: 8B994000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8BBE5000
Module End: 8BBF4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8B994000
Module End: 8B9A8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 8B9A8000
Module End: 8B9BD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8B9BD000
Module End: 8B9CD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\VClone.sys
Service Name: VClone
Module Base: 8BBF4000
Module End: 8BBFF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\SCSIPORT.SYS
Service Name: ---
Module Base: 8B9CD000
Module End: 8B9F3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 9080B000
Module End: 9080D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 8B7AE000
Module End: 8B7D8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 8B9F3000
Module End: 8B9FD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 8B7D8000
Module End: 8B7E5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 807A9000
Module End: 807DE000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 8B7E5000
Module End: 8B7F6000
Hidden: No

Module Name: C:\Windows\system32\drivers\stwrt.sys
Service Name: STHDA
Module Base: 90C04000
Module End: 90C59000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 90C59000
Module End: 90C86000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 90C86000
Module End: 90CAB000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: 90CAB000
Module End: 90CB4000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 90CB4000
Module End: 90CBB000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 90CBB000
Module End: 90CC2000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 90CC2000
Module End: 90CCE000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 90CCE000
Module End: 90CEF000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 90CEF000
Module End: 90CF7000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 90CF7000
Module End: 90CFF000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 90CFF000
Module End: 90D0A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 90D0A000
Module End: 90D18000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 90D18000
Module End: 90D21000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 90D21000
Module End: 90D37000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 90D37000
Module End: 90D4B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: 90D4B000
Module End: 90D64000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 90D64000
Module End: 90D96000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 90D96000
Module End: 90DDE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 90DDE000
Module End: 90DF4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 807DE000
Module End: 807EC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 807EC000
Module End: 807FF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 805B3000
Module End: 805EF000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 90DF4000
Module End: 90DFE000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ElbyCDIO.sys
Service Name: ElbyCDIO
Module Base: 903F7000
Module End: 903FC000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 91001000
Module End: 91018000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: 91018000
Module End: 9102F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 9102F000
Module End: 91031000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: 91031000
Module End: 91037000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: 91037000
Module End: 91088000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\OEM02Dev.sys
Service Name: OEM02Dev
Module Base: 91088000
Module End: 910C2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\OEM02Vfx.sys
Service Name: OEM02Vfx
Module Base: 910C2000
Module End: 910C4000
Hidden: No

Module Name: C:\Windows\System32\Drivers\tcusb.sys
Service Name: TcUsb
Module Base: 910C4000
Module End: 910CE000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 910CE000
Module End: 910DB000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 910DB000
Module End: 91199000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 91199000
Module End: 911A3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 911A3000
Module End: 911B2000
Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 911B2000
Module End: 911CD000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: 8BB05000
Module End: 8BBB5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 911CD000
Module End: 911DD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: 9D601000
Module End: 9D62B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 9D62B000
Module End: 9D635000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 9D635000
Module End: 9D648000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 9D648000
Module End: 9D6B3000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: 9D6B3000
Module End: 9D6D0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: 9D6D0000
Module End: 9D6E9000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: 9D6E9000
Module End: 9D6FE000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: 9D6FE000
Module End: 9D71F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 9D71F000
Module End: 9D73E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 9D73E000
Module End: 9D777000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: 9D777000
Module End: 9D78F000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: 9D78F000
Module End: 9D7B6000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: 8140F000
Module End: 8145B000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: 81473000
Module End: 81551000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: 81551000
Module End: 8155B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\fastfat.SYS
Service Name: fastfat
Module Base: 8155B000
Module End: 81583000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: 81583000
Module End: 8158F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: 8158F000
Module End: 815A5000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: PROXY.WAVECABLE.COM:52790
Remote Address: 102-234-179-213.IP.UKRTEL.NET:61768
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: SYN_SENT

Local Address: PROXY.WAVECABLE.COM:52789
Remote Address: S010600173F9CEF3D.OK.SHAWCABLE.NET:19519
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: SYN_SENT

Local Address: PROXY.WAVECABLE.COM:52788
Remote Address: 97-118-147-201.HLRN.QWEST.NET:51413
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: SYN_SENT

Local Address: PROXY.WAVECABLE.COM:52787
Remote Address: C-98-202-64-250.HSD1.UT.COMCAST.NET:10109
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: SYN_SENT

Local Address: PROXY.WAVECABLE.COM:52786
Remote Address: ADSL-99-130-144-236.DSL.WLFRCT.SBCGLOBAL.NET:39250
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: SYN_SENT

Local Address: PROXY.WAVECABLE.COM:52784
Remote Address: 92.20.31.125:53700
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52783
Remote Address: I219-167-17-73.S06.A013.AP.PLALA.OR.JP:39595
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: SYN_SENT

Local Address: PROXY.WAVECABLE.COM:52778
Remote Address: 91-115-234-22.ADSL.HIGHWAY.TELEKOM.AT:46967
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52777
Remote Address: C-98-248-150-125.HSD1.CA.COMCAST.NET:50900
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52776
Remote Address: OR-71-53-70-49.DHCP.EMBARQHSD.NET:35823
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: FIN_WAIT1

Local Address: PROXY.WAVECABLE.COM:52775
Remote Address: 5AC08A6A.BB.SKY.COM:19181
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52766
Remote Address: WATSON.MICROSOFT.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: PROXY.WAVECABLE.COM:52752
Remote Address: CPE-98-154-127-116.SOCAL.RES.RR.COM:41348
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52737
Remote Address: 70.15.106.41.RES-CMTS.EPH.PTD.NET:48559
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52715
Remote Address: 209-188-72-122-HOST.DRTEL.NET:25307
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52710
Remote Address: BSN-210-242-204.DIAL-UP.DSL.SIOL.NET:14955
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52682
Remote Address: A96-17-69-64.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52669
Remote Address: C-65-96-96-66.HSD1.MA.COMCAST.NET:39156
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52654
Remote Address: 24-139-35-250-EMPTY.FIDNET.COM:10479
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52647
Remote Address: FL-71-53-236-221.DHCP.EMBARQHSD.NET:SYSTAT
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52630
Remote Address: C-71-199-97-146.HSD1.PA.COMCAST.NET:64494
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52627
Remote Address: H238.98.21.98.DYNAMIC.IP.WINDSTREAM.NET:28158
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52613
Remote Address: OOL-18BADF89.DYN.OPTONLINE.NET:12032
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52596
Remote Address: SOFTBANK221077087075.BBTEC.NET:44043
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52565
Remote Address: A91-152-254-138.ELISA-LAAJAKAISTA.FI:2088
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: PROXY.WAVECABLE.COM:52505
Remote Address: HOST86-156-218-6.RANGE86-156.BTCENTRALPLUS.COM:35163
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52379
Remote Address: 84-50-63-245-DSL.EST.ESTPAK.EE:38993
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52365
Remote Address: HOST-145-27.TXCSMEL.CLIENTS.PAVLOVMEDIA.COM:19321
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52332
Remote Address: 81-231-92-19-NO43.TBCN.TELIA.COM:19888
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52275
Remote Address: RETAIL.DYNAMIC.SIFY.NET:20761
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:52135
Remote Address: POOL-96-233-56-37.BSTNMA.FIOS.VERIZON.NET:41981
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:51689
Remote Address: CPE-65-25-155-143.COLUMBUS.RES.RR.COM:35423
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:51449
Remote Address: C-71-206-178-85.HSD1.VA.COMCAST.NET:63890
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:50384
Remote Address: 209-94-131-3.C3-0.ABR-UBR2.SBO-ABR.MA.CABLE.RCN.COM:64765
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:50319
Remote Address: MTA-72-133-234-181.NEW.RES.RR.COM:49999
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:49345
Remote Address: HOST-202-91-151-35.MCTV.NE.JP:17702
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:49270
Remote Address: NTT1-PPP73.TOKYO.SANNET.NE.JP:26632
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: PROXY.WAVECABLE.COM:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: PROXY:52681
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\iTunes\iTunes.exe
State: ESTABLISHED

Local Address: PROXY:52680
Remote Address: LOCALHOST:5354
Type: TCP
Process: C:\Program Files\iTunes\iTunes.exe
State: ESTABLISHED

Local Address: PROXY:52679
Remote Address: LOCALHOST:5354
Type: TCP
Process: C:\Program Files\iTunes\iTunes.exe
State: ESTABLISHED

Local Address: PROXY:52678
Remote Address: LOCALHOST:5354
Type: TCP
Process: C:\Program Files\iTunes\iTunes.exe
State: ESTABLISHED

Local Address: PROXY:52677
Remote Address: LOCALHOST:5354
Type: TCP
Process: C:\Program Files\iTunes\iTunes.exe
State: ESTABLISHED

Local Address: PROXY:52676
Remote Address: LOCALHOST:5354
Type: TCP
Process: C:\Program Files\iTunes\iTunes.exe
State: ESTABLISHED

Local Address: PROXY:52674
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunes.exe
State: ESTABLISHED

Local Address: PROXY:49248
Remote Address: LOCALHOST:49247
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PROXY:49247
Remote Address: LOCALHOST:49248
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PROXY:49238
Remote Address: LOCALHOST:49237
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PROXY:49237
Remote Address: LOCALHOST:49238
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PROXY:27015
Remote Address: LOCALHOST:52674
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: PROXY:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: PROXY:18080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: PROXY:13128
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: PROXY:10110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe
State: LISTENING

Local Address: PROXY:10080
Remote Address: LOCALHOST:52681
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: PROXY:10080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: PROXY:5354
Remote Address: LOCALHOST:52680
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: ESTABLISHED

Local Address: PROXY:5354
Remote Address: LOCALHOST:52679
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: ESTABLISHED

Local Address: PROXY:5354
Remote Address: LOCALHOST:52678
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: ESTABLISHED

Local Address: PROXY:5354
Remote Address: LOCALHOST:52677
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: ESTABLISHED

Local Address: PROXY:5354
Remote Address: LOCALHOST:52676
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: ESTABLISHED

Local Address: PROXY:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: PROXY:51422
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: LISTENING

Local Address: PROXY:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: PROXY:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: PROXY:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: PROXY:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: PROXY:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: PROXY:10243
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: PROXY:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: PROXY:ICSLAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: PROXY:RTSP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Windows Media Player\wmpnetwk.exe
State: LISTENING

Local Address: PROXY:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: PROXY:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: PROXY.WAVECABLE.COM:58132
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PROXY.WAVECABLE.COM:49647
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PROXY.WAVECABLE.COM:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: PROXY.WAVECABLE.COM:SSDP
Remote Address: NA
Type: UDP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: NA

Local Address: PROXY.WAVECABLE.COM:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PROXY.WAVECABLE.COM:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: PROXY.WAVECABLE.COM:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: PROXY:61652
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Media Player\wmpnetwk.exe
State: NA

Local Address: PROXY:58133
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PROXY:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PROXY:64055
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: PROXY:51422
Remote Address: NA
Type: UDP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: NA

Local Address: PROXY:49629
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PROXY:49152
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: PROXY:6771
Remote Address: NA
Type: UDP
Process: C:\Program Files\uTorrent\uTorrent.exe
State: NA

Local Address: PROXY:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PROXY:5005
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Media Player\wmpnetwk.exe
State: NA

Local Address: PROXY:5004
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Media Player\wmpnetwk.exe
State: NA

Local Address: PROXY:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PROXY:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PROXY:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PROXY:TEREDO
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PROXY:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PROXY:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\SPP
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\{07638f46-9086-11de-b5ce-00219bee9cfb}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{1f38be44-8cec-11de-9566-00219bee9cfb}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{3df7a95f-8ed0-11de-8f89-00219bee9cfb}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{73b09712-8f91-11de-8f88-00219bee9cfb}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied



ComboFix Log

ComboFix 09-08-24.05 - Xu 24/08/2009 14:36.9.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.1799 [GMT -7:00]
Running from: c:\users\Xu\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SearchSettingsKit.exe
c:\program files\Dealio Toolbar\WidgiHelper.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.

2009-08-24 21:49 . 2009-08-24 21:50 -------- d-----w- c:\users\Xu\AppData\Local\temp
2009-08-24 07:53 . 2009-08-24 07:54 -------- d-----w- C:\ToolBar SD
2009-08-24 07:01 . 2009-08-24 07:01 -------- d-----w- C:\_OTL
2009-08-21 15:20 . 2009-08-21 15:20 -------- d-----w- c:\users\Xu\AppData\Roaming\Auslogics
2009-08-21 15:20 . 2009-08-21 15:20 -------- d-----w- c:\program files\Auslogics
2009-08-16 09:58 . 2009-08-16 09:58 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-16 09:58 . 2009-08-16 09:58 -------- d-----w- c:\windows\system32\AGEIA
2009-08-16 09:58 . 2009-08-16 09:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-15 13:17 . 2009-08-15 13:17 -------- d-----w- c:\program files\Citrix
2009-08-15 13:17 . 2009-08-15 13:17 61224 ----a-w- c:\users\Xu\GoToAssistDownloadHelper.exe
2009-08-15 12:30 . 2009-08-15 12:30 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-08-15 12:30 . 2009-08-15 12:30 746760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-08-15 12:30 . 2009-08-15 12:30 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-08-14 06:25 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-14 06:25 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-14 06:25 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-14 06:25 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-14 06:25 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 06:25 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-14 06:25 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-14 06:25 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-14 06:24 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-14 06:24 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-14 06:24 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-14 06:23 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-14 06:23 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-14 06:23 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-14 06:23 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-14 06:23 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-12 17:12 . 2009-08-16 09:55 -------- d-----w- C:\NVIDIA
2009-08-12 15:32 . 2009-08-12 15:32 -------- d-----w- c:\users\Xu\AppData\Local\NCSoft
2009-08-12 08:59 . 2009-08-12 17:45 -------- d-----w- c:\program files\City of Heroes
2009-08-06 08:47 . 2009-08-06 08:47 532 ----a-w- c:\windows\eReg.dat
2009-08-06 08:47 . 2009-08-06 08:47 -------- d-----w- c:\program files\Maxis
2009-07-28 00:03 . 2009-07-28 00:03 -------- d-----w- c:\program files\iPod
2009-07-28 00:03 . 2009-07-28 00:04 -------- d-----w- c:\program files\iTunes
2009-07-27 23:57 . 2009-07-27 23:57 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-26 22:17 . 2009-07-23 21:50 299008 ----a-w- c:\windows\system32\TubeFinder.exe
2009-07-26 22:17 . 2009-06-20 02:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-07-26 22:17 . 2009-06-20 02:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-07-26 22:17 . 2009-07-26 22:17 -------- d-----w- c:\program files\Free FLV Converter
2009-07-26 22:17 . 2009-06-20 02:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2009-07-26 22:17 . 2009-06-20 02:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2009-07-26 22:17 . 2009-06-20 02:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-07-26 21:40 . 2009-07-26 21:40 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-26 21:40 . 2009-07-26 21:40 -------- d-----w- c:\program files\Real
2009-07-26 21:40 . 2009-07-26 21:40 -------- d-----w- c:\program files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-24 21:46 . 2009-07-15 00:33 -------- d-----w- c:\users\Xu\AppData\Roaming\uTorrent
2009-08-24 19:56 . 2009-08-14 06:15 31586 ----a-w- c:\programdata\nvModes.dat
2009-08-22 02:47 . 2009-07-02 19:17 1356 ----a-w- c:\users\Xu\AppData\Local\d3d9caps.dat
2009-08-19 21:34 . 2009-07-15 05:34 1 ----a-w- c:\users\Xu\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-17 11:03 . 2009-07-02 20:41 -------- d-----w- c:\programdata\NVIDIA
2009-08-14 06:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-13 02:12 . 2009-08-12 17:43 27050 ----a-w- c:\users\Xu\AppData\Roaming\nvModes.dat
2009-08-04 22:52 . 2009-07-15 05:26 -------- d-----w- c:\program files\Java
2009-07-28 00:03 . 2009-07-04 07:17 -------- d-----w- c:\program files\Common Files\Apple
2009-07-25 19:15 . 2009-07-02 22:22 -------- d-----w- c:\programdata\avg8
2009-07-25 12:23 . 2009-07-15 05:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 20:23 . 2009-07-24 20:23 -------- d-----w- c:\programdata\Messenger Plus!
2009-07-24 10:18 . 2009-07-24 10:18 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-23 22:43 . 2009-07-23 22:43 -------- d-----w- c:\programdata\is-26900
2009-07-22 20:45 . 2009-07-15 02:56 -------- d-----w- c:\programdata\Viewpoint
2009-07-22 20:13 . 2009-07-22 20:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 21:52 . 2009-08-14 06:27 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-14 06:27 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-14 06:27 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-14 06:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 15:00 . 2009-07-21 14:57 -------- d-----w- c:\program files\ERUNT
2009-07-21 03:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-21 03:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-21 03:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-21 03:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-21 03:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-21 03:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-21 03:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-20 12:44 . 2009-07-03 13:07 76 --sh--r- c:\windows\CT4CET.bin
2009-07-20 12:42 . 2009-07-03 13:05 -------- d-----w- c:\program files\Creative Live! Cam
2009-07-20 12:42 . 2009-07-02 19:55 -------- d-----w- c:\program files\Dell
2009-07-20 12:41 . 2009-07-03 13:05 -------- d-----w- c:\program files\Creative
2009-07-19 18:15 . 2009-07-04 07:20 -------- d-----w- c:\users\Xu\AppData\Roaming\Apple Computer
2009-07-19 18:11 . 2009-07-19 18:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-19 18:10 . 2009-07-04 07:17 -------- d-----w- c:\programdata\Apple
2009-07-19 15:40 . 2009-07-02 22:22 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-19 13:38 . 2009-07-19 13:38 -------- d-----w- c:\program files\AudioConverter Studio
2009-07-19 07:18 . 2009-07-19 07:15 -------- d-----w- c:\programdata\Yahoo!
2009-07-19 07:15 . 2009-07-19 07:15 -------- d-----w- c:\program files\Yahoo!
2009-07-19 03:12 . 2009-07-19 01:37 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-19 01:19 . 2009-07-19 01:19 -------- d-----w- c:\programdata\Blizzard
2009-07-19 01:12 . 2009-07-19 01:11 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-17 07:43 . 2009-07-02 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 07:05 . 2009-07-17 07:05 -------- d-----w- c:\program files\Firaxis Games
2009-07-17 06:50 . 2009-07-17 06:50 -------- d-----w- c:\program files\Elaborate Bytes
2009-07-17 05:49 . 2009-07-17 05:49 -------- d-----w- c:\program files\Trend Micro
2009-07-15 21:14 . 2009-07-15 02:54 -------- d-----w- c:\program files\AIM6
2009-07-15 21:14 . 2009-07-15 05:27 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-15 21:14 . 2009-07-15 02:56 -------- d-----w- c:\programdata\acccore
2009-07-15 21:14 . 2009-07-15 05:33 -------- d-----w- c:\users\Xu\AppData\Roaming\OpenOffice.org
2009-07-15 21:14 . 2009-07-15 04:08 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-07-15 21:14 . 2009-07-15 02:55 -------- d-----w- c:\program files\Common Files\AOL
2009-07-15 19:41 . 2009-07-15 19:41 -------- d-----w- c:\programdata\Agnitum
2009-07-15 08:41 . 2009-07-02 19:17 52776 ----a-w- c:\users\Xu\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-15 05:27 . 2009-07-15 05:27 -------- d-----w- c:\program files\JRE
2009-07-15 02:59 . 2009-07-15 02:59 -------- d-----w- c:\users\Xu\AppData\Roaming\acccore
2009-07-15 02:58 . 2009-07-15 02:56 -------- d-----w- c:\programdata\AOL OCP
2009-07-15 02:56 . 2009-07-15 02:56 -------- d-----w- c:\programdata\AOL
2009-07-15 00:34 . 2009-07-15 00:34 -------- d-----w- c:\program files\uTorrent
2009-07-14 23:56 . 2009-07-14 23:56 -------- d-----w- c:\users\Xu\AppData\Roaming\Malwarebytes
2009-07-14 23:56 . 2009-07-14 23:56 -------- d-----w- c:\programdata\Malwarebytes
2009-07-14 22:19 . 2009-07-14 22:19 -------- dc-h--w- c:\programdata\{088731A3-EE4A-44A0-9F02-C4181FD3C640}
2009-07-13 20:36 . 2009-07-22 20:13 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2009-07-22 20:13 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-04 10:13 . 2009-07-04 10:13 -------- d-----w- c:\users\Xu\AppData\Roaming\Reallusion
2009-07-04 10:06 . 2009-07-04 10:06 -------- d-----w- c:\users\Xu\AppData\Roaming\Creative
2009-07-04 07:20 . 2009-07-04 07:20 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-04 07:20 . 2009-07-04 07:19 -------- d-----w- c:\programdata\Apple Computer
2009-07-04 07:19 . 2009-07-04 07:19 -------- d-----w- c:\program files\Bonjour
2009-07-04 07:19 . 2009-07-04 07:19 -------- d-----w- c:\program files\QuickTime
2009-07-04 07:18 . 2009-07-04 07:18 -------- d-----w- c:\program files\Apple Software Update
2009-07-04 06:32 . 2009-07-04 06:32 -------- d-----w- c:\program files\Microsoft
2009-07-04 06:31 . 2009-07-04 06:31 -------- d-----w- c:\program files\Windows Live
2009-07-04 06:31 . 2009-07-04 06:31 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-04 06:28 . 2009-07-04 06:28 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-03 13:36 . 2009-07-03 13:36 -------- d-----w- c:\program files\Fingerprint Reader Suite
2009-07-03 13:30 . 2009-07-02 22:14 -------- d-----w- c:\users\Xu\AppData\Roaming\Dell
2009-07-03 13:30 . 2009-07-03 13:30 -------- d-----w- c:\program files\Cisco
2009-07-03 13:07 . 2009-07-03 13:07 -------- d-----w- c:\program files\Common Files\Reallusion
2009-07-03 12:41 . 2009-07-02 22:12 -------- d-----w- c:\programdata\Dell
2009-07-03 12:40 . 2009-07-03 12:40 -------- d-----w- c:\programdata\SupportSoft
2009-07-03 12:40 . 2009-07-03 12:40 -------- d-----w- c:\programdata\PCDr
2009-07-03 12:40 . 2009-07-03 12:39 -------- d-----w- c:\program files\Dell Support Center
2009-07-03 12:39 . 2009-07-03 12:39 -------- d-----w- c:\program files\Common Files\supportsoft
2009-07-02 22:22 . 2009-07-02 22:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-02 22:22 . 2009-07-02 22:22 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-02 22:22 . 2009-07-02 22:22 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-02 22:22 . 2009-07-02 22:22 -------- d-----w- c:\program files\AVG
2009-07-02 21:05 . 2009-07-02 21:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-07-02 21:05 . 2009-07-02 21:05 -------- d-----w- c:\program files\DellTPad
2009-07-02 20:56 . 2009-07-02 20:56 -------- d-----w- c:\programdata\Citrix
2009-07-02 20:35 . 2009-07-02 20:19 -------- d-----w- c:\program files\Intel
2009-07-02 20:31 . 2009-07-02 20:31 -------- d-----w- c:\program files\Marvell
2009-07-02 20:31 . 2009-07-02 20:15 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-02 20:31 . 2009-07-02 20:31 -------- d-----w- c:\users\Xu\AppData\Roaming\TMP
2009-07-02 20:24 . 2009-07-02 20:24 -------- d-----w- c:\users\Xu\AppData\Roaming\InstallShield
2009-07-02 20:15 . 2009-07-02 20:15 -------- d-----w- c:\program files\SigmaTel
2009-07-02 19:55 . 2009-07-02 19:55 45056 ----a-r- c:\users\Xu\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2009-07-02 19:55 . 2009-07-02 19:55 10134 ----a-r- c:\users\Xu\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
2009-06-18 17:18 . 2009-07-14 22:19 3289008 -c--a-w- c:\programdata\{088731A3-EE4A-44A0-9F02-C4181FD3C640}\delldock.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 23:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 23:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-26 198160]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-16 405504]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-28 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-05-28 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-28 13781536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

c:\users\Xu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-16 1320288]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 06:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0a,de,69,3f,5e,07,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CD0E2211-0D9F-471F-91EA-C479951ACD3C}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{28A3367C-F217-470E-8D97-52365AB5593B}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{F7232E8B-0152-4F18-805C-4DBD818794DF}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{D7BB4A89-80BE-4943-9E55-A1BD081A940D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3D7A3567-52A0-4EEF-A442-96FB73805E6B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{91677F9A-994C-46CC-9619-3D4B56A7E3A7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E2D3D045-3858-4B71-8FF0-CC05E2A98DC9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{80FB4259-6A16-4169-BD56-36C9E75707D5}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9E651D29-4340-4126-8ED6-559C91E1CC3E}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D6E7901C-5D8B-4F6D-86E0-DC467FEDF6AF}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{5B36A557-49E6-44E7-9493-8B9718722BC0}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{9588AE9D-5F66-4B2F-A760-51246ED7C3BB}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{386C3505-786B-46B9-85DC-FF91AD3D8FF5}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{F9EBCEF8-9386-4223-BCFB-72B02C70AAB5}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{5CD7C3CD-AC47-4072-81CE-2FFC8673FFF4}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{A2F0E961-E872-4D43-80DD-5F5C86F65022}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{4199C6E7-DE5D-4506-A4FF-5B66F44858F9}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"TCP Query User{9533DF72-AE9E-4FD2-B9A3-851D1F39AD5E}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{D89C3B8E-EE7E-4AAA-AC15-0770701D0136}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{968F4FB2-0E14-448F-B1CE-B311E2D14530}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EEA3330D-359D-4E12-81A0-227CAD814330}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E51C0B8B-83E5-48E4-A87A-229C5246DC94}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A2CEFD08-D84A-432D-8D2B-1F322DBCB8EB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{504283CF-60BA-483E-B45F-C2534D612FC4}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{740FF58F-5F23-4B00-BB82-D17846C79F83}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{15588F69-CE40-465E-BA73-0F704442844B}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{20024B39-9FA1-4E31-8170-CFF794FB633F}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [02/07/2009 3:22 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [02/07/2009 3:22 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02/07/2009 3:22 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/07/2009 3:22 PM 298776]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [09/06/2009 7:11 AM 155648]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [02/07/2009 1:22 PM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [02/07/2009 1:22 PM 7424]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe [03/07/2009 6:12 AM 73728]

--- Other Services/Drivers In Memory ---

*Deregistered* - SysProtDrv.sys

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-24 c:\windows\Tasks\User_Feed_Synchronization-{BBF1942C-A11A-4F82-BECB-02A073B814A3}.job
- c:\windows\system32\msfeedssync.exe [2009-08-14 20:13]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Xu\AppData\Roaming\Mozilla\Firefox\Profiles\9icj02pf.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 14:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Xu\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3053924517-2714169248-3537610253-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE60B8D0-5E4F-7B9E-C4A0-5A5A4FDF0C7D}*]
"haigpokojlgddobc"=hex:6a,61,66,66,6d,66,6a,6d,64,65,6c,67,6f,67,6d,70,65,66,
6d,70,00,00
"iaggfheembngkcmfke"=hex:6a,61,66,66,6d,66,69,6d,6c,65,62,6b,6c,62,65,65,62,61,
6b,64,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2009-08-24 14:54
ComboFix-quarantined-files.txt 2009-08-24 21:54

Pre-Run: 128,028,147,712 bytes free
Post-Run: 128,068,534,272 bytes free

375 --- E O F --- 2009-08-20 23:45


A.X.

Edited by AgentXu, 24 August 2009 - 04:50 PM.

Hello AgentXu,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Folder::
c:\programdata\Viewpoint

REGLOCK::
[HKEY_USERS\S-1-5-21-3053924517-2714169248-3537610253-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE60B8D0-5E4F-7B9E-C4A0-5A5A4FDF0C7D}*]

Registry::
[-HKEY_USERS\S-1-5-21-3053924517-2714169248-3537610253-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE60B8D0-5E4F-7B9E-C4A0-5A5A4FDF0C7D}*]

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

Alright. Again, sleep/shut down was restored. I shut down and re-started. It's still working but of course I don't know for how long.


ComboFix Report

ComboFix 09-08-24.05 - Xu 24/08/2009 17:25.10.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2437 [GMT -7:00]
Running from: c:\users\Xu\Desktop\ComboFix.exe
Command switches used :: c:\users\Xu\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Viewpoint

.
((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))
.

2009-08-25 00:35 . 2009-08-25 00:38 -------- d-----w- c:\users\Xu\AppData\Local\temp
2009-08-25 00:35 . 2009-08-25 00:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-25 00:35 . 2009-08-25 00:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-24 22:16 . 2009-08-24 22:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-24 22:15 . 2009-02-12 09:35 38208 ----a-w- c:\users\Xu\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-24 22:15 . 2009-08-24 22:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-24 22:14 . 2009-08-24 22:17 -------- d-----w- c:\users\Xu\AppData\Local\Adobe
2009-08-24 22:14 . 2009-08-24 22:14 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-08-24 22:14 . 2009-08-25 00:18 -------- d-----w- c:\programdata\NOS
2009-08-24 07:53 . 2009-08-24 07:54 -------- d-----w- C:\ToolBar SD
2009-08-24 07:01 . 2009-08-24 07:01 -------- d-----w- C:\_OTL
2009-08-21 15:20 . 2009-08-21 15:20 -------- d-----w- c:\users\Xu\AppData\Roaming\Auslogics
2009-08-21 15:20 . 2009-08-21 15:20 -------- d-----w- c:\program files\Auslogics
2009-08-16 09:58 . 2009-08-16 09:58 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-16 09:58 . 2009-08-16 09:58 -------- d-----w- c:\windows\system32\AGEIA
2009-08-16 09:58 . 2009-08-16 09:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-15 13:17 . 2009-08-15 13:17 -------- d-----w- c:\program files\Citrix
2009-08-15 13:17 . 2009-08-15 13:17 61224 ----a-w- c:\users\Xu\GoToAssistDownloadHelper.exe
2009-08-15 12:30 . 2009-08-15 12:30 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-08-15 12:30 . 2009-08-15 12:30 746760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-08-15 12:30 . 2009-08-15 12:30 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-08-14 06:25 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-14 06:25 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-14 06:25 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-14 06:25 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-14 06:25 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 06:25 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-14 06:25 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-14 06:25 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-14 06:24 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-14 06:24 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-14 06:24 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-14 06:23 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-14 06:23 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-14 06:23 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-14 06:23 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-14 06:23 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-12 17:12 . 2009-08-16 09:55 -------- d-----w- C:\NVIDIA
2009-08-12 15:32 . 2009-08-12 15:32 -------- d-----w- c:\users\Xu\AppData\Local\NCSoft
2009-08-12 08:59 . 2009-08-12 17:45 -------- d-----w- c:\program files\City of Heroes
2009-08-06 08:47 . 2009-08-06 08:47 532 ----a-w- c:\windows\eReg.dat
2009-08-06 08:47 . 2009-08-06 08:47 -------- d-----w- c:\program files\Maxis
2009-07-28 00:03 . 2009-07-28 00:03 -------- d-----w- c:\program files\iPod
2009-07-28 00:03 . 2009-07-28 00:04 -------- d-----w- c:\program files\iTunes
2009-07-27 23:57 . 2009-07-27 23:57 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-26 22:17 . 2009-07-23 21:50 299008 ----a-w- c:\windows\system32\TubeFinder.exe
2009-07-26 22:17 . 2009-06-20 02:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-07-26 22:17 . 2009-06-20 02:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-07-26 22:17 . 2009-07-26 22:17 -------- d-----w- c:\program files\Free FLV Converter
2009-07-26 22:17 . 2009-06-20 02:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2009-07-26 22:17 . 2009-06-20 02:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2009-07-26 22:17 . 2009-06-20 02:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-07-26 21:40 . 2009-07-26 21:40 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-26 21:40 . 2009-07-26 21:40 -------- d-----w- c:\program files\Real
2009-07-26 21:40 . 2009-07-26 21:40 -------- d-----w- c:\program files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 00:36 . 2009-08-14 06:15 31586 ----a-w- c:\programdata\nvModes.dat
2009-08-24 23:07 . 2009-07-15 00:33 -------- d-----w- c:\users\Xu\AppData\Roaming\uTorrent
2009-08-22 02:47 . 2009-07-02 19:17 1356 ----a-w- c:\users\Xu\AppData\Local\d3d9caps.dat
2009-08-19 21:34 . 2009-07-15 05:34 1 ----a-w- c:\users\Xu\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-17 11:03 . 2009-07-02 20:41 -------- d-----w- c:\programdata\NVIDIA
2009-08-14 06:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-13 02:12 . 2009-08-12 17:43 27050 ----a-w- c:\users\Xu\AppData\Roaming\nvModes.dat
2009-08-04 22:52 . 2009-07-15 05:26 -------- d-----w- c:\program files\Java
2009-07-28 00:03 . 2009-07-04 07:17 -------- d-----w- c:\program files\Common Files\Apple
2009-07-25 19:15 . 2009-07-02 22:22 -------- d-----w- c:\programdata\avg8
2009-07-25 12:23 . 2009-07-15 05:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 20:23 . 2009-07-24 20:23 -------- d-----w- c:\programdata\Messenger Plus!
2009-07-24 10:18 . 2009-07-24 10:18 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-23 22:43 . 2009-07-23 22:43 -------- d-----w- c:\programdata\is-26900
2009-07-22 20:13 . 2009-07-22 20:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 21:52 . 2009-08-14 06:27 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-14 06:27 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-14 06:27 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-14 06:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 15:00 . 2009-07-21 14:57 -------- d-----w- c:\program files\ERUNT
2009-07-21 03:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-21 03:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-21 03:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-21 03:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-21 03:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-21 03:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-21 03:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-20 12:44 . 2009-07-03 13:07 76 --sh--r- c:\windows\CT4CET.bin
2009-07-20 12:42 . 2009-07-03 13:05 -------- d-----w- c:\program files\Creative Live! Cam
2009-07-20 12:42 . 2009-07-02 19:55 -------- d-----w- c:\program files\Dell
2009-07-20 12:41 . 2009-07-03 13:05 -------- d-----w- c:\program files\Creative
2009-07-19 18:15 . 2009-07-04 07:20 -------- d-----w- c:\users\Xu\AppData\Roaming\Apple Computer
2009-07-19 18:11 . 2009-07-19 18:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-19 18:10 . 2009-07-04 07:17 -------- d-----w- c:\programdata\Apple
2009-07-19 15:40 . 2009-07-02 22:22 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-19 13:38 . 2009-07-19 13:38 -------- d-----w- c:\program files\AudioConverter Studio
2009-07-19 07:18 . 2009-07-19 07:15 -------- d-----w- c:\programdata\Yahoo!
2009-07-19 07:15 . 2009-07-19 07:15 -------- d-----w- c:\program files\Yahoo!
2009-07-19 03:12 . 2009-07-19 01:37 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-19 01:19 . 2009-07-19 01:19 -------- d-----w- c:\programdata\Blizzard
2009-07-19 01:12 . 2009-07-19 01:11 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-17 07:43 . 2009-07-02 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 07:05 . 2009-07-17 07:05 -------- d-----w- c:\program files\Firaxis Games
2009-07-17 06:50 . 2009-07-17 06:50 -------- d-----w- c:\program files\Elaborate Bytes
2009-07-17 05:49 . 2009-07-17 05:49 -------- d-----w- c:\program files\Trend Micro
2009-07-15 21:14 . 2009-07-15 02:54 -------- d-----w- c:\program files\AIM6
2009-07-15 21:14 . 2009-07-15 05:27 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-15 21:14 . 2009-07-15 02:56 -------- d-----w- c:\programdata\acccore
2009-07-15 21:14 . 2009-07-15 05:33 -------- d-----w- c:\users\Xu\AppData\Roaming\OpenOffice.org
2009-07-15 21:14 . 2009-07-15 04:08 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-07-15 21:14 . 2009-07-15 02:55 -------- d-----w- c:\program files\Common Files\AOL
2009-07-15 19:41 . 2009-07-15 19:41 -------- d-----w- c:\programdata\Agnitum
2009-07-15 08:41 . 2009-07-02 19:17 52776 ----a-w- c:\users\Xu\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-15 05:27 . 2009-07-15 05:27 -------- d-----w- c:\program files\JRE
2009-07-15 02:59 . 2009-07-15 02:59 -------- d-----w- c:\users\Xu\AppData\Roaming\acccore
2009-07-15 02:58 . 2009-07-15 02:56 -------- d-----w- c:\programdata\AOL OCP
2009-07-15 02:56 . 2009-07-15 02:56 -------- d-----w- c:\programdata\AOL
2009-07-15 00:34 . 2009-07-15 00:34 -------- d-----w- c:\program files\uTorrent
2009-07-14 23:56 . 2009-07-14 23:56 -------- d-----w- c:\users\Xu\AppData\Roaming\Malwarebytes
2009-07-14 23:56 . 2009-07-14 23:56 -------- d-----w- c:\programdata\Malwarebytes
2009-07-14 22:19 . 2009-07-14 22:19 -------- dc-h--w- c:\programdata\{088731A3-EE4A-44A0-9F02-C4181FD3C640}
2009-07-13 20:36 . 2009-07-22 20:13 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2009-07-22 20:13 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-04 10:13 . 2009-07-04 10:13 -------- d-----w- c:\users\Xu\AppData\Roaming\Reallusion
2009-07-04 10:06 . 2009-07-04 10:06 -------- d-----w- c:\users\Xu\AppData\Roaming\Creative
2009-07-04 07:20 . 2009-07-04 07:20 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-04 07:20 . 2009-07-04 07:19 -------- d-----w- c:\programdata\Apple Computer
2009-07-04 07:19 . 2009-07-04 07:19 -------- d-----w- c:\program files\Bonjour
2009-07-04 07:19 . 2009-07-04 07:19 -------- d-----w- c:\program files\QuickTime
2009-07-04 07:18 . 2009-07-04 07:18 -------- d-----w- c:\program files\Apple Software Update
2009-07-04 06:32 . 2009-07-04 06:32 -------- d-----w- c:\program files\Microsoft
2009-07-04 06:31 . 2009-07-04 06:31 -------- d-----w- c:\program files\Windows Live
2009-07-04 06:31 . 2009-07-04 06:31 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-04 06:28 . 2009-07-04 06:28 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-03 13:36 . 2009-07-03 13:36 -------- d-----w- c:\program files\Fingerprint Reader Suite
2009-07-03 13:30 . 2009-07-02 22:14 -------- d-----w- c:\users\Xu\AppData\Roaming\Dell
2009-07-03 13:30 . 2009-07-03 13:30 -------- d-----w- c:\program files\Cisco
2009-07-03 13:07 . 2009-07-03 13:07 -------- d-----w- c:\program files\Common Files\Reallusion
2009-07-03 12:41 . 2009-07-02 22:12 -------- d-----w- c:\programdata\Dell
2009-07-03 12:40 . 2009-07-03 12:40 -------- d-----w- c:\programdata\SupportSoft
2009-07-03 12:40 . 2009-07-03 12:40 -------- d-----w- c:\programdata\PCDr
2009-07-03 12:40 . 2009-07-03 12:39 -------- d-----w- c:\program files\Dell Support Center
2009-07-03 12:39 . 2009-07-03 12:39 -------- d-----w- c:\program files\Common Files\supportsoft
2009-07-02 22:22 . 2009-07-02 22:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-02 22:22 . 2009-07-02 22:22 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-02 22:22 . 2009-07-02 22:22 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-02 22:22 . 2009-07-02 22:22 -------- d-----w- c:\program files\AVG
2009-07-02 21:05 . 2009-07-02 21:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-07-02 21:05 . 2009-07-02 21:05 -------- d-----w- c:\program files\DellTPad
2009-07-02 20:56 . 2009-07-02 20:56 -------- d-----w- c:\programdata\Citrix
2009-07-02 20:35 . 2009-07-02 20:19 -------- d-----w- c:\program files\Intel
2009-07-02 20:31 . 2009-07-02 20:31 -------- d-----w- c:\program files\Marvell
2009-07-02 20:31 . 2009-07-02 20:15 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-02 20:31 . 2009-07-02 20:31 -------- d-----w- c:\users\Xu\AppData\Roaming\TMP
2009-07-02 20:24 . 2009-07-02 20:24 -------- d-----w- c:\users\Xu\AppData\Roaming\InstallShield
2009-07-02 20:15 . 2009-07-02 20:15 -------- d-----w- c:\program files\SigmaTel
2009-07-02 19:55 . 2009-07-02 19:55 45056 ----a-r- c:\users\Xu\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2009-07-02 19:55 . 2009-07-02 19:55 10134 ----a-r- c:\users\Xu\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
2009-06-18 17:18 . 2009-07-14 22:19 3289008 -c--a-w- c:\programdata\{088731A3-EE4A-44A0-9F02-C4181FD3C640}\delldock.exe
2009-06-15 14:53 . 2009-07-14 21:37 156672 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-24_21.50.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2009-08-24 22:06 75318 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-08-24 19:58 75318 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-02 19:14 . 2009-08-24 22:06 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-02 19:14 . 2009-08-24 21:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-02 19:14 . 2009-08-24 22:06 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-02 19:14 . 2009-08-24 21:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-02 19:14 . 2009-08-24 21:26 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-02 19:14 . 2009-08-24 22:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-24 22:15 . 2009-08-24 22:15 20480 c:\windows\Installer\b048d.msi
+ 2009-08-24 22:15 . 2009-08-24 22:15 26624 c:\windows\Installer\b0487.msi
- 2009-07-02 21:45 . 2009-08-24 07:03 4154 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-07-02 21:45 . 2009-08-25 00:35 4154 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-07-02 19:19 . 2009-08-24 22:06 9376 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3053924517-2714169248-3537610253-1000_UserData.bin
- 2009-07-02 19:19 . 2009-08-24 19:58 9376 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3053924517-2714169248-3537610253-1000_UserData.bin
- 2009-08-24 19:50 . 2009-08-24 19:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-25 00:36 . 2009-08-25 00:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-24 19:50 . 2009-08-24 19:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-25 00:36 . 2009-08-25 00:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-24 22:17 . 2009-08-24 22:17 3938816 c:\windows\Installer\b0493.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 23:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 23:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-26 198160]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-16 405504]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-28 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-05-28 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-28 13781536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

c:\users\Xu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-16 1320288]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 06:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0a,de,69,3f,5e,07,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CD0E2211-0D9F-471F-91EA-C479951ACD3C}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{28A3367C-F217-470E-8D97-52365AB5593B}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{F7232E8B-0152-4F18-805C-4DBD818794DF}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{D7BB4A89-80BE-4943-9E55-A1BD081A940D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3D7A3567-52A0-4EEF-A442-96FB73805E6B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{91677F9A-994C-46CC-9619-3D4B56A7E3A7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E2D3D045-3858-4B71-8FF0-CC05E2A98DC9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{80FB4259-6A16-4169-BD56-36C9E75707D5}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9E651D29-4340-4126-8ED6-559C91E1CC3E}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D6E7901C-5D8B-4F6D-86E0-DC467FEDF6AF}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{5B36A557-49E6-44E7-9493-8B9718722BC0}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{9588AE9D-5F66-4B2F-A760-51246ED7C3BB}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{386C3505-786B-46B9-85DC-FF91AD3D8FF5}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{F9EBCEF8-9386-4223-BCFB-72B02C70AAB5}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{5CD7C3CD-AC47-4072-81CE-2FFC8673FFF4}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{A2F0E961-E872-4D43-80DD-5F5C86F65022}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{4199C6E7-DE5D-4506-A4FF-5B66F44858F9}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"TCP Query User{9533DF72-AE9E-4FD2-B9A3-851D1F39AD5E}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{D89C3B8E-EE7E-4AAA-AC15-0770701D0136}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{968F4FB2-0E14-448F-B1CE-B311E2D14530}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EEA3330D-359D-4E12-81A0-227CAD814330}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E51C0B8B-83E5-48E4-A87A-229C5246DC94}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A2CEFD08-D84A-432D-8D2B-1F322DBCB8EB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{504283CF-60BA-483E-B45F-C2534D612FC4}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{740FF58F-5F23-4B00-BB82-D17846C79F83}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{15588F69-CE40-465E-BA73-0F704442844B}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{20024B39-9FA1-4E31-8170-CFF794FB633F}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [02/07/2009 3:22 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [02/07/2009 3:22 PM 108552]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe [03/07/2009 6:12 AM 73728]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02/07/2009 3:22 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/07/2009 3:22 PM 298776]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [09/06/2009 7:11 AM 155648]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [02/07/2009 1:22 PM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [02/07/2009 1:22 PM 7424]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-24 c:\windows\Tasks\User_Feed_Synchronization-{BBF1942C-A11A-4F82-BECB-02A073B814A3}.job
- c:\windows\system32\msfeedssync.exe [2009-08-14 20:13]
.
.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Xu\AppData\Roaming\Mozilla\Firefox\Profiles\9icj02pf.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3053924517-2714169248-3537610253-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE60B8D0-5E4F-7B9E-C4A0-5A5A4FDF0C7D}*]
"haigpokojlgddobc"=hex:6a,61,66,66,6d,66,6a,6d,64,65,6c,67,6f,67,6d,70,65,66,
6d,70,00,00
"iaggfheembngkcmfke"=hex:6a,61,66,66,6d,66,69,6d,6c,65,62,6b,6c,62,65,65,62,61,
6b,64,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll

- - - - - - - > 'Explorer.exe'(3492)
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\nvvsvc.exe
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-08-25 17:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-25 00:44
ComboFix2.txt 2009-08-24 21:54

Pre-Run: 132,697,726,976 bytes free
Post-Run: 132,655,411,200 bytes free

400 --- E O F --- 2009-08-20 23:45



A.X.

Hello AgentXu,

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  

  :regfind
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE60B8D0-5E4F-7B9E-C4A0-5A5A4FDF0C7D}*]
  [HKEY_CLASSES_ROOT\CLSID\{BE60B8D0-5E4F-7B9E-C4A0-5A5A4FDF0C7D}

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

As of right now the sleep/shutdown function remains in tact.


SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 19:50 on 24/08/2009 by Xu (Administrator - Elevation successful)

No Context: regfind

No Context: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE60B8D0-5E4F-7B9E-C4A0-5A5A4FDF0C7D}*]

No Context: [HKEY_CLASSES_ROOT\CLSID\{BE60B8D0-5E4F-7B9E-C4A0-5A5A4FDF0C7D}

-=End Of File=-


Edit

I gave it a few hours, hit sleep, and it caused the computer to re-start. It's 11:50 pm PST.

A.X.

Edited by AgentXu, 25 August 2009 - 12:50 AM.