Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

rundll32.exe not functioning after removing a trojan malware [Solved]

Started by hyshi , Feb 28 2010 05:52 PM

  • This topic is locked This topic is locked

#1
hyshi
Posted 28 February 2010 - 05:52 PM

hyshi

    Member

  • Member
  • PipPip
  • 56 posts
Hello,

My laptop got infected by a malware popping up faked windows security alert. Then I found out my McAfee is outdated. So I unloaded the old one and installed the latest version from my institute. It deleted 5 items. I thought the machine was cleaned. However now it cannot run any exe file, not even the command window. Only windows explorer can come up. So I can't run OTJ to generate a log file.

I wonder if there's a way to fix it. I don't even know whether this is the right place to post this problem.
Any suggestion is appreciated.

Thank you.
  • 0

Advertisements

#2
mpascal
Posted 05 March 2010 - 10:49 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi hyshi,

Welcome to Geeks To Go!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
Please follow the instructions found in the Malware and Spyware Cleaning Guide, and post back with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log
If you find you can't do one of the steps listed, simply make note of it and move on to the next one.
  • 0

#3
hyshi
Posted 05 March 2010 - 12:48 PM

hyshi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hi mpascal,

Thank you for helping me.

As I said earlier, the windows system cannot run any executable file. Even I have an installation program or the program itself, I cannot run it. Now I cannot get those logs since it requires running three programs.

My question is if it's possible to use recovery disks to fix that problem. Once programs can at least run I'll be able to install all those removal programs. If it can't be fixed, I guest my only choice is to restore it to the factory condition.

Thank you.

hyshi
  • 0

#4
mpascal
Posted 05 March 2010 - 01:43 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Try renaming OTL.exe to OTL.com
  • 0

#5
hyshi
Posted 07 March 2010 - 05:27 PM

hyshi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hi mpascal,

Your trick is working. I've been able to get mbam log and removed some spyware. Still trying to get the GMER log. Failed once because I left it running and the laptop cannot wake up when I came back. I need to keep an eye on it. Will report it back soon.

hyshi
  • 0

#6
mpascal
Posted 07 March 2010 - 07:27 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Sounds good, thanks for the update. :)
  • 0

#7
hyshi
Posted 10 March 2010 - 06:33 PM

hyshi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hi mpascal,

I couldn't get the GMER log since the machine was stuck after running GMER. Here are the other logs

1) MBAM log -----------------------
Malwarebytes' Anti-Malware 1.44
Database version: 3830
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/6/2010 6:00:31 PM
mbam-log-2010-03-06 (18-00-31).txt

Scan type: Quick Scan
Objects scanned: 145792
Time elapsed: 18 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PiratePoppers.1.0.0.39.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{38d97cce-7243-4b6e-b6a8-dd872ad3eb33} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6868afe5-f258-47dc-bc37-0821f96dc1d2} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{49e67060-2c0d-415e-94c7-52a49f73b2f1} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{49e67060-2c0d-415e-94c7-52a49f73b2f1} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\PiratePoppers.1.0.0.39.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\PiratePoppers.1.0.0.39.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\PiratePoppers.1.0.0.39.inf (Trojan.Agent) -> Quarantined and deleted successfully.

2) OTL.txt -----------------------
OTL logfile created on: 3/10/2010 6:56:14 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\SW\malware
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.15 Gb Total Space | 10.50 Gb Free Space | 12.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CDTMOBILE
Current User Name: hshi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/28 18:42:03 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\SW\malware\OTL.com
PRC - [2010/02/20 00:20:22 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Programs\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/04/29 20:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009/04/29 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/04/29 20:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009/04/29 20:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/04/29 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/04/29 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/02/21 12:20:40 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/21 12:20:40 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/02/20 13:22:34 | 000,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/01/16 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/01/16 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/01/16 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 12:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 12:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2007/05/20 17:17:17 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/03/08 00:26:00 | 000,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/02/28 17:29:54 | 000,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2006/02/28 17:25:48 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/02/28 17:25:20 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/02/28 17:18:10 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/02/28 17:16:08 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/02/28 17:15:30 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/02/22 20:10:16 | 001,354,240 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\menusw.exe
PRC - [2006/01/26 05:28:04 | 000,212,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006/01/07 04:36:10 | 000,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
PRC - [2005/12/01 04:20:02 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
PRC - [2005/11/28 17:39:32 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/11/28 17:39:30 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/11/28 17:39:22 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/11/11 10:00:04 | 000,659,456 | ---- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2005/11/11 09:49:50 | 000,204,800 | ---- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2005/11/11 09:46:58 | 000,053,248 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lktsrv.exe
PRC - [2005/11/11 09:46:56 | 000,045,056 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkads.exe
PRC - [2005/10/12 00:36:38 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2005/10/10 13:08:32 | 000,049,152 | ---- | M] (National Instruments Corp.) -- C:\WINDOWS\system32\nisvcloc.exe
PRC - [2005/10/03 21:52:40 | 000,005,728 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
PRC - [2005/09/22 16:16:08 | 000,005,728 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nipalsm.exe
PRC - [2005/08/25 12:43:14 | 000,688,190 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe
PRC - [2005/05/20 20:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2004/11/21 20:42:38 | 000,163,840 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\WINDOWS\system32\MSTMON_Q.EXE
PRC - [2004/11/17 22:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 11:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/05/14 16:53:26 | 000,520,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Programs\HP\Digital Imaging\bin\hpqgalry.exe
PRC - [2004/05/12 14:18:56 | 000,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2004/02/20 17:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2004/02/12 12:38:56 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Programs\HP\HP Software Update\hpwuSchd2.exe


========== Modules (SafeList) ==========

MOD - [2010/02/28 18:42:03 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\SW\malware\OTL.com
MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2007/04/19 13:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2009/04/29 20:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009/04/29 20:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2009/04/29 20:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/04/29 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/02/21 12:20:40 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/12/23 23:48:36 | 000,137,200 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/09/26 12:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/03/08 00:26:00 | 000,143,428 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/02/28 17:18:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/02/28 17:16:08 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/02/28 17:15:30 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/01/16 12:25:02 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/01/07 00:25:12 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/12/21 12:06:28 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/11/28 17:39:32 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 17:39:30 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/28 17:39:22 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/25 17:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/11/24 20:03:22 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/11/24 19:57:44 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/24 19:47:30 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/11/11 10:00:04 | 000,659,456 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2005/11/11 09:49:50 | 000,204,800 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2005/11/11 09:46:58 | 000,053,248 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)
SRV - [2005/11/11 09:46:56 | 000,045,056 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)
SRV - [2005/11/02 12:56:48 | 000,913,408 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2005/10/11 14:07:50 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/10/11 14:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/10/10 13:08:32 | 000,049,152 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\WINDOWS\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2005/10/03 21:52:40 | 000,005,728 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2005/09/22 16:16:08 | 000,005,728 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nipxirmu)
SRV - [2005/09/22 16:16:08 | 000,005,728 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nidevldu)
SRV - [2005/08/25 12:43:14 | 000,688,190 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2005/07/14 21:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/05/20 20:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2004/10/22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=NET_mmhpset
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Comcast Search"
FF - prefs.js..extensions.enabledItems: {4E77EDAD-9566-4089-88D1-C81498CEE770}:3.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..network.proxy.autoconfig_url: "http://www.stevens.e...du/proxies.pac"


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/28 14:57:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/20 00:20:30 | 000,000,000 | ---D | M]

[2008/08/25 21:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hshi.GORANMOBILE\Application Data\Mozilla\Extensions
[2010/02/27 23:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hshi.GORANMOBILE\Application Data\Mozilla\Firefox\Profiles\qk1m1p2b.default\extensions
[2010/03/10 18:54:48 | 000,000,000 | ---D | M] (Comcast Toolbar) -- C:\Documents and Settings\hshi.GORANMOBILE\Application Data\Mozilla\Firefox\Profiles\qk1m1p2b.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770}
[2009/09/11 23:19:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\hshi.GORANMOBILE\Application Data\Mozilla\Firefox\Profiles\qk1m1p2b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/01/29 22:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hshi.GORANMOBILE\Application Data\Mozilla\Firefox\Profiles\qk1m1p2b.default\extensions\[email protected]
[2008/12/22 23:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hshi.GORANMOBILE\Application Data\Mozilla\Firefox\Profiles\qk1m1p2b.default\extensions\[email protected]
[2010/02/27 23:36:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/29 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2009/07/02 10:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2008/12/01 11:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\comcast.xml

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Biomenu] C:\Program Files\Protector Suite QL\menusw.exe (UPEK Inc.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Programs\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Programs\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\system32\MSTMON_Q.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Programs\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Programs\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4773AC35-5EC9-4C86-82AA-78F3BE563194} http://playgames.com...de/aquacade.cab (AtlBoxWordCtlAttrib Class)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} file:///C:/Documents%20and%20Settings/hshi.GORANMOBILE/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2.1.0.0.68.cab (CPlayFirstDinerDash2Control Object)
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} http://dl.uc.sina.co.../downloader.cab (DLoader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {A219C6A1-B503-42A9-95DC-A84B2CC1231F} http://playgames.com...ta/asianata.cab (AtlAsianataCtlAttrib Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://playgames.com...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} http://playgames.com...pt.1.0.0.21.cab (CPlayFirstSandScriptControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 155.246.1.21 155.246.1.20
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - fusstub.dll - C:\WINDOWS\System32\fusstub.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/22 11:25:36 | 000,000,078 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7dba3514-f55d-11de-a04e-0013a92b9577}\Shell - "" = AutoRun
O33 - MountPoints2\{7dba3514-f55d-11de-a04e-0013a92b9577}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7dba3514-f55d-11de-a04e-0013a92b9577}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8cb9820a-a761-11dc-9d57-0013a92b9577}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{8cb9820d-a761-11dc-9d57-0013a92b9577}\Shell\AutoRun\command - "" = G:\wd_windows_tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/03/22 14:11:30 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173310768939008)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/08 16:27:26 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/03/06 18:04:40 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\hshi.GORANMOBILE\My Documents\My Safe
[2010/03/06 17:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hshi.GORANMOBILE\Application Data\Malwarebytes
[2010/03/06 17:39:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/06 17:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/06 17:39:52 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/06 17:38:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/28 14:57:24 | 000,342,128 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/02/28 14:57:24 | 000,091,640 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/02/28 14:57:24 | 000,075,704 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/02/28 14:57:24 | 000,065,224 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/02/28 14:57:24 | 000,063,696 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys
[2010/02/28 14:57:24 | 000,043,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/02/28 14:57:23 | 000,070,216 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2010/02/28 14:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/02/28 14:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/02/28 14:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/07/21 22:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/03/22 14:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/03/22 14:11:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/03/22 14:11:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/03/10 18:45:21 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/03/10 18:44:31 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/10 18:44:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/10 18:43:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/10 18:43:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/10 18:43:38 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/08 17:03:11 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\hshi.GORANMOBILE\NTUSER.DAT
[2010/03/06 18:01:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\hshi.GORANMOBILE\ntuser.ini
[2010/03/06 17:37:26 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\hshi.GORANMOBILE\Desktop\NTREGOPT.lnk
[2010/03/06 17:37:26 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\hshi.GORANMOBILE\Desktop\ERUNT.lnk
[2010/02/28 17:22:29 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/02/28 15:04:23 | 000,013,836 | -HS- | M] () -- C:\Documents and Settings\hshi.GORANMOBILE\Local Settings\Application Data\MVkXhU7
[2010/02/27 23:42:31 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd

========== Files Created - No Company Name ==========

[2010/03/06 17:37:26 | 000,000,570 | ---- | C] () -- C:\Documents and Settings\hshi.GORANMOBILE\Desktop\NTREGOPT.lnk
[2010/03/06 17:37:26 | 000,000,551 | ---- | C] () -- C:\Documents and Settings\hshi.GORANMOBILE\Desktop\ERUNT.lnk
[2010/03/02 18:13:33 | 2145,439,744 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/27 23:31:54 | 000,013,836 | -HS- | C] () -- C:\Documents and Settings\hshi.GORANMOBILE\Local Settings\Application Data\MVkXhU7
[2010/01/13 15:06:31 | 000,048,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030a.dtd
[2010/01/13 12:46:05 | 000,000,184 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/20 19:31:36 | 000,000,386 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/02/16 12:25:49 | 000,000,204 | ---- | C] () -- C:\WINDOWS\struct~.ini
[2009/02/04 04:50:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsis_loader.dll
[2008/03/28 22:27:42 | 000,000,013 | ---- | C] () -- C:\WINDOWS\msgtn.ini
[2008/03/06 00:26:47 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/03/06 00:26:46 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/05/24 21:11:34 | 000,000,225 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2007/03/16 13:27:47 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2007/02/22 15:10:37 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\hshi.GORANMOBILE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/17 13:23:58 | 000,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2006/12/27 18:26:41 | 000,023,148 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/23 22:56:30 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini
[2006/10/28 06:37:07 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\hshi.GORANMOBILE\Local Settings\Application Data\fusioncache.dat
[2006/09/13 06:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2006/09/05 15:08:17 | 000,000,056 | ---- | C] () -- C:\WINDOWS\hpdj500.ini
[2006/07/20 15:08:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/20 15:08:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/20 15:08:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/20 15:08:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/20 15:08:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/20 15:08:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/07/20 15:07:51 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/07/20 14:57:23 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/07/20 14:56:11 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/07/20 14:46:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/22 19:18:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/22 18:53:33 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2006/03/22 18:37:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/03/22 17:21:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/03/22 14:28:59 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/22 12:56:50 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/22 12:56:43 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/01 20:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/13 09:28:18 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\nipxiini.dll
[2005/10/13 09:11:44 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\niidaqlv.dll
[2005/10/08 00:03:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nispdu.dll
[2005/10/06 11:07:18 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\nispdk.dll
[2005/10/06 11:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\niscdrau.dll
[2005/09/28 15:26:34 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
[2005/09/22 20:11:56 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll
[2005/09/21 10:46:16 | 000,007,377 | ---- | C] () -- C:\WINDOWS\System32\gpib.ini
[2005/09/19 15:42:38 | 000,012,653 | ---- | C] () -- C:\WINDOWS\System32\GPIB.DLL
[2005/09/02 16:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 23:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/07/18 00:18:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gpib-vdd.dll
[2005/06/10 09:00:00 | 000,007,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2004/11/18 20:10:42 | 000,014,740 | ---- | C] () -- C:\WINDOWS\MSTMON_Q.INI
[2004/11/18 20:10:42 | 000,011,521 | ---- | C] () -- C:\WINDOWS\MSUMLT_Q.INI
[2004/07/26 09:00:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\cviUSI.dll
[2004/07/20 19:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 16:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 14:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[1999/11/04 10:00:38 | 000,001,840 | ---- | C] () -- C:\WINDOWS\System32\niidaqs.dll

========== LOP Check ==========

[2008/03/02 22:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grid
[2010/02/12 23:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2007/11/21 16:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/02/18 22:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2009/08/30 16:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/12/24 15:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/08 22:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2009/10/12 22:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/12/07 22:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/27 23:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hshi.GORANMOBILE\Application Data\CallingID
[2010/02/18 22:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hshi.GORANMOBILE\Application Data\comcasttb
[2006/10/28 06:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hshi.GORANMOBILE\Application Data\InterVideo
[2006/10/29 19:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hshi.GORANMOBILE\Application Data\Leadertech
[2008/04/24 21:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hshi.GORANMOBILE\Application Data\PlayFirst
[2010/02/18 22:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hshi.GORANMOBILE\Application Data\PPLive
[2008/10/14 21:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hshi.GORANMOBILE\Application Data\ppstream
[2006/10/28 06:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hshi.GORANMOBILE\Application Data\Protector Suite
[2009/07/27 21:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hshi.GORANMOBILE\Application Data\SPlayer

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/24 18:11:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/08/24 18:11:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/24 18:11:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/08/24 18:11:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2007/01/23 16:22:16 | 000,032,890 | ---- | M] () MD5=4FA5D1120762802A741F374F8B391E69 -- C:\Program Files\MATLAB\R2008a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:53 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/03/22 06:01:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/03/22 06:01:57 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/03/22 06:01:57 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Files - Unicode (All) ==========
[2009/05/21 20:30:55 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\hshi.GORANMOBILE\My Documents\??.doc) -- C:\Documents and Settings\hshi.GORANMOBILE\My Documents\七妹.doc
[2009/05/21 20:30:54 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\hshi.GORANMOBILE\My Documents\??.doc) -- C:\Documents and Settings\hshi.GORANMOBILE\My Documents\七妹.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D10517E
< End of report >

3) Extra.txt ------------------------------------
OTL Extras logfile created on: 3/10/2010 6:56:14 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\SW\malware
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.15 Gb Total Space | 10.50 Gb Free Space | 12.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CDTMOBILE
Current User Name: hshi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\National Instruments\LabVIEW 8.0\LabVIEW.exe" = C:\Program Files\National Instruments\LabVIEW 8.0\LabVIEW.exe:*:Enabled:LabVIEW 8.0 Development System -- ()
"C:\Program Files\GridService\peer.exe" = C:\Program Files\GridService\peer.exe:*:Enabled:muse peer -- File not found
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\PPLive\PPLive.exe" = C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive -- File not found
"C:\Program\PPStream\PPStream.exe" = C:\Program\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- File not found
"C:\Program\PPStream\PPSAP.exe" = C:\Program\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- File not found
"C:\Programs\TVAnts\Tvants.exe" = C:\Programs\TVAnts\Tvants.exe:*:Enabled:TVAnts -- File not found
"C:\Programs\SopCast\adv\SopAdver.exe" = C:\Programs\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- File not found
"C:\Programs\SopCast\SopCast.exe" = C:\Programs\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- File not found
"C:\Program Files\sina\SAP\SAPlatform.exe" = C:\Program Files\sina\SAP\SAPlatform.exe:*:Enabled:SAPlatform.exe -- (北京新浪网络技术服务有限公司)
"C:\Programs\uusee\UUSeePlayer.exe" = C:\Programs\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- File not found
"C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe" = C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe:*:Enabled:MediaCenter -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Programs\iTunes\iTunes.exe" = C:\Programs\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Thunder Network\Xmp\kankan\XMPBoot.exe" = C:\Program Files\Thunder Network\Xmp\kankan\XMPBoot.exe:*:Enabled:??????? -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programs\PPLive\PPVA\PPLiveVA.exe" = C:\Programs\PPLive\PPVA\PPLiveVA.exe:*:Enabled:PPLiveVA -- File not found
"C:\Programs\PPLive\PPVA\PPLiveVA_U.exe" = C:\Programs\PPLive\PPVA\PPLiveVA_U.exe:*:Enabled:PPLiveVA -- File not found
"C:\Programs\PPLive\PPVA\FlvPick.exe" = C:\Programs\PPLive\PPVA\FlvPick.exe:*:Enabled:FlvPick -- File not found
"C:\Programs\PPLive\PPVA\crashreporter.exe" = C:\Programs\PPLive\PPVA\crashreporter.exe:*:Enabled:CrashUpload -- File not found
"C:\Programs\PPLive\PPVA\PPVADownload.exe" = C:\Programs\PPLive\PPVA\PPVADownload.exe:*:Enabled:Download -- File not found
"C:\Programs\PPLive\PPVA\DownloadProgress.exe" = C:\Programs\PPLive\PPVA\DownloadProgress.exe:*:Enabled:DownloadProgress -- File not found
"C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" = C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe:*:Enabled:PPLive -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01610E8F-5F6A-4D9A-AFC4-3FE1AC19C488}" = NI-653x Support
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{028814FB-D05F-495E-81D7-636A87321025}" = CreativeProjectsTemplates
"{061AE98B-178A-4143-A52A-68ED9279644D}" = NI Legacy DAQmxRF
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{11680998-6792-4DE9-8DE1-D6D041418B26}" = SkinsHP1
"{11AE3814-BE69-4934-B256-E918F574340F}" = NI-488.2 2.43
"{12E5279E-4828-48EC-9ED1-CD344787F50F}" = NI LabVIEW 8.0 Examples
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{16850024-A6D4-41AC-905D-0D73EADCBBA0}" = NI LabVIEW 8.0 User.lib
"{1AD77A05-76EC-44CF-940F-799FFFE6C731}" = NI Assistant Framework
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1CD22E87-2EAF-43E9-AB88-362B75FBEE02}" = NI LabVIEW 8.0 MeasAppChm File
"{1D51A29C-475D-43A7-A6E8-5592FF6E343D}" = NI LabVIEW 8.0 Simulation
"{1E37767B-1A94-4FEA-9120-15B3360B6D3A}" = NI-DAQmx OPC Support
"{1E85A47B-4150-4003-8283-8B2EB94AF5C9}" = NI-RPC 3.2.1f0
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2146CF1A-5ACD-4A50-8B36-6A7DD095B08C}" = NI-DAQ INF Files
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{221861B8-D133-4377-803D-F005EB2B733C}" = NI LVBrokerAux1071
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A17C05-776A-41A2-900A-ECF81DC14852}" = NI LabVIEW 8.0 iMath
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{255D87CE-1E45-4795-9731-454EF5371B02}" = NI USI 1.2.0
"{265E79C6-B5E9-4556-8F72-518CC2511D26}" = NI-VISA 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{26F4D5DD-865B-4A2B-9A36-EE22ACA97331}" = NI-MXDF 1.4.0f0
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{28C59BDD-55F3-4454-BF17-37AC537F894B}" = NI MDF Support
"{29814AC5-F1CA-45FE-A5C6-5C93A3E9D9B2}" = NI Registration Wizard
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2BD1A5B5-8E98-4E2D-9BE5-D68C57C2FDBE}" = NI Assistant Framework LabVIEW Code Generator 7.0
"{2D7B1642-931E-47C5-9B55-A4E83A9548FD}" = NI-RPC 3.2.1f0 for Phar Lap ETS
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{32117214-B9F1-4EAC-8EC3-417161EC388D}" = NI LabVIEW MAX XML
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3662AF19-6E4B-4F6D-A61C-F3CB6D67097D}" = QuickProjects
"{36DC540B-3062-4538-B1D1-E367BC9F47FC}" = NI LVBrokerAux71
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C216C29-D74B-4ACF-852A-82C4F3EED2F7}" = Copy
"{3C7B88E1-2C72-44CA-A883-62679DBBA36B}" = NI-DAQmx MAX Support 1.4.0
"{3CD9E7BB-6347-479A-BB0C-0093C1AE6944}" = NI Software Provider for MAX
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3DFF45F7-C12C-4A3A-BA9E-1946A4E92424}" = NI LabVIEW Real-Time Error Dialog
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{45A380B1-4EBC-489F-9A86-689F5BB5E1E8}" = NI DAQ Assistant 1.5.0
"{45F0CC81-BFA7-4E00-8682-8595BA27C114}" = NI Assistant Framework LabVIEW Code Generator 7.1
"{461BB471-0B29-4A85-8B8E-AD0D96F9BD12}" = NI SCXI 1.2.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{4960B043-C25F-4C85-B5DF-817448F4D31E}" = NI LabVIEW Deployable License 8.0
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{567DE038-00EF-4C42-8492-3C53B81351BC}" = NI-488.2 Provider for MAX
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{5A4A9B77-F0D5-4DF6-9BF9-9BB96562A10D}" = NI LabVIEW 8.0 gMath
"{5A4AC082-8D61-442A-8A86-68869CB9BC80}" = NI MXS 4.0
"{5BCB370B-F341-45DF-BDEF-29E1F1291C2C}" = NI PXI Platform Services for Windows 1.5.1
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5DC9049B-DEEB-429F-8B52-FEC48FC1E9FF}" = NI Remote Provider for MAX
"{5F5E7797-67A8-432C-8319-2D2B2A687AE6}" = NI-DAQmx Documentation
"{60BC5454-0DC9-413a-9241-BAE4231FCD26}" = HP Scanjet 4600
"{60FC2242-9CF5-4264-B02A-A4A86447F560}" = NI EULA Depot
"{6134FECC-3207-42A8-BE11-76F80260E416}" = NI Measurements eXtensions for PAL 1.3.0
"{62DBBC58-6C51-4793-BA66-45012F8BA32C}" = NI LabVIEW Run-Time Engine 7.1.1
"{633A8D0D-46B4-4161-9CFD-BFBE0FF08894}" = NI LabVIEW 8.0 Menus
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{66679848-5EFD-41E7-B06E-179D9ED70040}" = NI-DAQmx - LabVIEW shared documentation
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{696C94BC-44BC-4B8E-ABAA-6FFC0F11A6D3}" = PhotoGallery
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E06C016-09D6-492A-8804-A6CC41224599}" = NI LabVIEW 8.0 Project
"{6EF3B8BD-7ED2-4E4E-A05F-8F5B2F285A16}" = NI LabVIEW 8.0 VI.lib
"{6F99A160-EF05-4523-94EA-91853B9734FF}" = HP Designjet 500 - 800 series
"{6FC644ED-B118-4837-AE96-1828FC400E56}" = NI OPC Support
"{7107A761-B2F7-4BB0-84DA-CD90B562A72D}" = Director
"{722AA6BA-DDCD-4D6B-A153-4F14F8EFE8AF}" = NI-VISA Runtime 3.4.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7413D055-3B56-4C73-99C8-47F741C69CA9}" = NI-VISA MAX Provider 3.4.1
"{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}" = McAfee Agent
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774892EA-B255-4ED8-9678-16578B63E6AE}" = NI LabVIEW 8.0 Help File
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7C11F7B1-C286-4FA0-AD3D-1FB38BAA8986}" = NI LabVIEW 8.0
"{7E6ADD85-305E-43AC-9ADA-E9A931D59A33}" = NI Spy 2.3.2
"{7F7E92E4-A60C-4A6C-9D57-D04E577B8B20}" = NI LabVIEW 8.0 Help
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{827ECAB7-3F8E-4A66-A663-67A8F678536C}" = CreativeProjects
"{85BA7798-BFDB-4A26-99E1-1D685DD70D6C}" = NI Variable Engine
"{8601B1C8-3A99-4E70-A9AE-0F08E657D687}" = NI Logos LabVIEW 8.0 Support
"{8769A3F3-6CD2-4C87-AEF3-F4D016EE7D56}" = NI LabVIEW 8.0 Resource
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87C45EA9-AD01-4F41-BAED-FA34DBFDF602}" = NI LabVIEW 8.0 CINtools
"{87F64F82-D571-4F51-A8FA-A36C273BA3C7}" = NI-PAL 1.10.0f0
"{88BBB9A9-C034-466E-BB83-8197AFD1669C}" = NI LVBrokerAux8.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A78D7F3-6D9F-4616-B813-4A7BF5495809}" = NI-DAQmx support for LabVIEW
"{8AB1D901-D67B-4827-B7BD-CA048D2E4769}" = NI Fusion Standard Library
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BAAFEB7-7DFD-47CE-978A-2B64E66F0C32}" = NI Example Finder 8.0
"{8C271AA1-EABD-4057-84D6-302C86A95E1A}" = NI DataSocket 4.3.0
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DF4C627-4AF3-4245-9F13-3518FC8584DC}" = Protector Suite QL 5.3
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92E160E5-0C7A-4DDA-9285-4B307547766D}" = NI-DAQmx Switch Core 1.6.0
"{92E975F4-D3C2-4F27-8CF8-5510D02AAEEF}" = NI Assistant Framework LabVIEW Code Generator 6.1
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B114692-442E-46C7-8F01-797BF434024B}" = NI STC 1.2.0
"{9C3C2CC1-94E5-469E-98B7-A74125CC5827}" = NI Common Digital 1.2.0
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9DE980C5-926C-4BE0-B3CA-F18A3455FF1A}" = NI Timing 1.5.0
"{9E0AE153-88DC-428B-99EB-6A3D984230B8}" = NI LabWindows/CVI 7.1.1 Run Time Engine
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9F6D6471-32F4-4583-960D-4FC956D0A04B}" = NI Portable Configuration
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{9FFBB61F-4B1B-421C-8F34-7340458ED6B7}" = NI Assistant Framework LabVIEW Code Generator 8.0
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.4
"{A0F8DADB-5454-477E-A2A2-5725ACE22AD2}" = NI Variable Engine LabVIEW 8.0 Support
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A10A14F5-DF18-4151-9EB0-B79ABBFE6863}" = WebReg
"{A17F7304-F24C-4401-9B73-C0957C13AF14}" = NI LabVIEW 8.0 Applibs
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2AA1890-14B4-4252-A17E-7A338BC42D88}" = NI-DIM 1.3.0f0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5D1EA23-CEE5-4B72-A0C3-8BCEDFC6F94C}" = NI LabVIEW Run-Time Engine 8.0
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{A9A281C2-EF84-4EB5-8D3D-0E23DDDFC3D7}" = NI LabVIEW 8.0 WWW
"{A9C61320-FA84-4B54-AEAA-3BEFE95B6FA8}" = NI LabWindows/CVI 7.0 Code Generator
"{AA8D8A7B-4606-420E-9FE9-E4C77B200857}" = NI Measurement & Automation Explorer 4.0
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{AB7F05AC-F4CF-4355-8BB8-C3D443E1D2AF}" = NI Calibration Provider for MAX
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.7
"{ADF6F323-5E7A-4EE5-A86F-136A2BF5474B}" = NI Variable Manager
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B1AA8556-7F80-4F7B-8F6B-2E69D0C96298}" = Traditional NI-DAQ Documentation
"{B1F27A23-B6D1-4397-BA2F-25F348DF135F}" = NI Uninstaller
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3428FFA-367B-46B6-AFAF-34A63C77BAEE}" = NI-DAQ C and VB6 API
"{B3A667C2-66F2-41FA-94CA-B5DD9A6F3380}" = Traditional NI-DAQ 7.4.1 (Legacy)
"{B3A77A42-DCF7-4830-AE0E-8CEE34A76200}" = CueTour
"{B43543B0-1B58-45DF-94E2-669B1EF9D251}" = NI-ORB 1.3.0f2
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{B6D4C963-742C-46BF-BC7A-16ADD39FF3B7}" = Destinations
"{B8666F62-DA19-4F46-AF6E-723CF9C58EB7}" = NI LabVIEW 8.0 Manuals
"{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"{BBD2F68D-97FD-48CF-93BC-9E9C24B2B016}" = NI Logos 4.6
"{BCBFC045-973F-4318-9607-B089E226AFF8}" = NI LabVIEW 8.0 Templates
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BCD6D492-DB6C-4582-8AE3-8EE9D4EAF74A}" = NI LabVIEW Broker
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BEA0A9C5-C1D9-40AF-A52D-C2D816ADE1D5}" = NI-MDBG 1.3.0f0
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C3502B86-FAC7-43AA-82D8-AB30EC51596A}" = PrintScreen
"{C5078C26-8B75-411D-9806-27E2BBD61DF6}" = NI Remote PXI Provider for MAX
"{C518C7BF-A345-4019-815B-FFDF32EBCAD9}" = VAIO HDD Protection
"{C73A0FC7-FFDC-4BAD-912A-C5791FF9EAC6}" = NI Service Locator
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-in 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDA8101D-ED9E-4C41-BF54-48F12908CA3A}" = NI-VISA Server 3.4.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}" = NI Web Pipeline
"{D53330AD-A8BF-44D8-A955-C28753057FA8}" = NI LabVIEW 8.0 Activity
"{D573DEA6-782D-4032-998D-18DA272DA38F}" = NI LabVIEW Run-Time Engine 7.0
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D75DA63A-6403-4268-AB34-90134DDF65D5}" = NI MIO Device Drivers 1.7.0
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D92D5431-B36E-498A-9E7B-521E53C8825A}" = NI-DAQmx 8.0
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DB4663C6-2E47-4B46-AD39-52F546D53809}" = NI-MRU 2.4.0f0
"{DCC0C029-6D20-4243-A9A9-8EFE451DF5F9}" = NI_Acquisition_4_6_2_8
"{DEBA0D04-418C-4791-BF2D-046ED28B13D0}" = NI-DAQmx DSA Support 1.5.0
"{DEF321A1-6E28-49A1-A5EC-DB79E647E51F}" = NI-DAQ Document Set
"{DFC7D9F7-892A-489C-9B15-0211D63EAC44}" = NI LabVIEW 8.0 Instr.lib
"{E09FA6F2-FC66-4AA5-AE52-F37C6EAACC81}" = hpg4600
"{E3AD8913-0BF6-455C-92E3-5CDCD8C7D266}" = NI Instrument IO Assistant for LabVIEW 8.0
"{E7CDB32A-128D-49DB-BF7F-1E96EA636D88}" = NI PXI Platform Services Provider for MAX 1.5.1
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.20
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E889F95A-B9E3-4580-B3D7-43DBC9C9CD43}" = TrayApp
"{ED1617B8-98F7-412A-9502-BB9607CE17C3}" = NI Instrument I/O Assistant
"{ED318768-B5F9-4102-9852-B2AAB68819B2}" = NI LabVIEW 8.0 Device Detection and Deployment Support
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{EF7BB06C-5D95-4C7C-8B9B-E1B1E37E8692}" = Fingerprint Tutorial
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2FC4CA5-BC77-4118-BC84-1542BF2EE06B}" = NI-DAQ Provider for MAX
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6D24DE1-6894-452D-A714-FDA0929714EC}" = TPM Tutorial
"{F80E2443-811E-4864-9AC7-0C6DDBED3186}" = NI LabVIEW C Interface
"{FB6DF036-C3A7-4A89-92DA-B4364A8E9373}" = NI License Manager
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"comcasttb" = Comcast Toolbar 3.0
"CSCLIB" = Canon Camera Support Core Library
"ERUNT_is1" = ERUNT 1.1j
"FFdshow_is1" = FFdshow [2006-08-03 | rev 2546]
"HP Photo & Imaging" = HP Image Zone 4.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"KONICA MINOLTA PagePro 1350W" = KONICA MINOLTA PagePro 1350W
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2008a" = MATLAB R2008a
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.6" = MiKTeX 2.6
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MTI ModelSim XE III 6.2c Deinstall Key" = ModelSim XE III 6.2c
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NI Uninstaller" = National Instruments Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Product_Name" = XSTOOLs
"ProInst" = Intel® PROSet/Wireless Software
"R for Windows 2.7.1_is1" = R for Windows 2.7.1
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Sina Web TV" = Sina Web TV
"Sony Ericsson Wireless Modem" = Sony Ericsson Wireless Modem
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VSFilter" = VSFilter 2.39
"Web Games Player Plugin" = Web Games Player Plugin
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilinx ISE 9.2i" = Xilinx ISE 9.2i
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2010 5:27:31 PM | Computer Name = CDTMOBILE | Source = McLogEvent | ID = 5059
Description = Exception in ShStat.Exe Exception details follow : Crash address 0x001b0f43
Code
0xc0000005 Flags 0x00000000 2 Parameters : 0x00000000 0x001b0f43 Thread = UpdateStats


Error - 3/8/2010 5:27:33 PM | Computer Name = CDTMOBILE | Source = McLogEvent | ID = 5059
Description = Exception in ShStat.Exe Exception details follow : Crash address 0x001b0f43
Code
0xc0000005 Flags 0x00000000 2 Parameters : 0x00000000 0x001b0f43 Thread = UpdateStats


Error - 3/8/2010 5:27:35 PM | Computer Name = CDTMOBILE | Source = McLogEvent | ID = 5059
Description = Exception in ShStat.Exe Exception details follow : Crash address 0x001b0f43
Code
0xc0000005 Flags 0x00000000 2 Parameters : 0x00000000 0x001b0f43 Thread = UpdateStats


Error - 3/8/2010 5:42:24 PM | Computer Name = CDTMOBILE | Source = Application Hang | ID = 1002
Description = Hanging application realplay.exe, version 6.0.12.1741, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2010 6:02:38 PM | Computer Name = CDTMOBILE | Source = McLogEvent | ID = 5059
Description = Exception in ShStat.Exe Exception details follow : Crash address 0x00c80f1f
Code
0xc0000005 Flags 0x00000000 2 Parameters : 0x00000000 0x00c80f1f Thread = UpdateStats


Error - 3/8/2010 6:02:40 PM | Computer Name = CDTMOBILE | Source = McLogEvent | ID = 5059
Description = Exception in ShStat.Exe Exception details follow : Crash address 0x00da0109
Code
0xc0000005 Flags 0x00000000 2 Parameters : 0x00000000 0x00da0109 Thread = UpdateStats


Error - 3/8/2010 6:02:42 PM | Computer Name = CDTMOBILE | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 3/8/2010 6:02:42 PM | Computer Name = CDTMOBILE | Source = McLogEvent | ID = 5059
Description = Exception in ShStat.Exe Exception details follow : Crash address 0x027800ed
Code
0xc0000005 Flags 0x00000000 2 Parameters : 0x00000000 0x027800ed Thread = UpdateStats


Error - 3/8/2010 6:02:44 PM | Computer Name = CDTMOBILE | Source = McLogEvent | ID = 5059
Description = Exception in ShStat.Exe Exception details follow : Crash address 0x027800ed
Code
0xc0000005 Flags 0x00000000 2 Parameters : 0x00000000 0x027800ed Thread = UpdateStats


Error - 3/8/2010 6:02:46 PM | Computer Name = CDTMOBILE | Source = McLogEvent | ID = 5059
Description = Exception in ShStat.Exe Exception details follow : Crash address 0x027800ed
Code
0xc0000005 Flags 0x00000000 2 Parameters : 0x00000000 0x027800ed Thread = UpdateStats


[ System Events ]
Error - 2/28/2010 7:21:11 PM | Computer Name = CDTMOBILE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/1/2010 2:34:47 PM | Computer Name = CDTMOBILE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/1/2010 2:35:20 PM | Computer Name = CDTMOBILE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 3/1/2010 2:36:30 PM | Computer Name = CDTMOBILE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/1/2010 2:36:30 PM | Computer Name = CDTMOBILE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/1/2010 2:38:45 PM | Computer Name = CDTMOBILE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 3/1/2010 2:42:48 PM | Computer Name = CDTMOBILE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/7/2010 7:26:29 PM | Computer Name = CDTMOBILE | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3
00000001, parameter4 87935814.

Error - 3/8/2010 12:18:53 PM | Computer Name = CDTMOBILE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 155.246.250.202
on the Network Card with network address 0013A92B9577.

Error - 3/9/2010 11:30:26 AM | Computer Name = CDTMOBILE | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3
00000001, parameter4 f904f00c.


< End of report >
  • 0

#8
mpascal
Posted 11 March 2010 - 01:01 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi hyshi,

STEP 1 - OTL Fix

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :OTL
O33 - MountPoints2\{7dba3514-f55d-11de-a04e-0013a92b9577}\Shell - "" = AutoRun
O33 - MountPoints2\{7dba3514-f55d-11de-a04e-0013a92b9577}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7dba3514-f55d-11de-a04e-0013a92b9577}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8cb9820a-a761-11dc-9d57-0013a92b9577}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{8cb9820d-a761-11dc-9d57-0013a92b9577}\Shell\AutoRun\command - "" = G:\wd_windows_tools\setup.exe -- File not found
[2010/02/28 15:04:23 | 000,013,836 | -HS- | M] () -- C:\Documents and Settings\hshi.GORANMOBILE\Local Settings\Application Data\MVkXhU7


:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • Kaspersky Log

  • 0

#9
hyshi
Posted 12 March 2010 - 03:05 PM

hyshi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hi mpascal,

After running the code for OTL, MBAM and kaspersky didn't find any malware. Here are the logs.

1) MBAM log --------------------------------
Malwarebytes' Anti-Malware 1.44
Database version: 3859
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/12/2010 10:53:28 AM
mbam-log-2010-03-12 (10-53-28).txt

Scan type: Quick Scan
Objects scanned: 147946
Time elapsed: 17 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

2) Kaspersky log---------------------------------------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, March 12, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, March 12, 2010 11:28:18
Records in database: 3777294
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 270901
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 04:22:12

No threats found. Scanned area is clean.

Selected area has been scanned.
  • 0

#10
mpascal
Posted 12 March 2010 - 03:07 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Are you still getting the rundll error?
  • 0

Advertisements

#11
hyshi
Posted 14 March 2010 - 01:06 AM

hyshi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
No, at least the utility that gave me that error is working now.
  • 0

#12
mpascal
Posted 14 March 2010 - 07:27 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi hyshi,

Congratulations! Your system appears to be malware free once again!

We just have a couple of things to take care of, then you should be good to go. :)

STEP 1 - Clear Restore Points

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
[CLEARALLRESTOREPOINTS]
  • Then click the Run Fix button at the top.
STEP 2 - Remove Tools

Run OTL
  • Click Clean Up in the upper right corner.
  • This will remove most if not all the tools we used while we were fixing your computer. Feel free to delete any others it leaves behind.
Now that you have a clean system, I would like to share with you some advice to help reduce the risk of future infection.

+++++++++++++++++++++++++++++++++++++++++++++++

I recommend that you install both of the following free programs if you haven''t already, as they can greatly increase the security of your system. It is not essential that you have these programs installed, but they do a very good job at preventing infection if your system is scanned regularly.+++++++++++++++++++++++++++++++++++++++++++++++

A good firewall is also useful for keeping a system infection free. You should only have ONE firewall installed on your computer - having more than one will not increase the security of your system. Here is a small list of some free firewallsAn antivirus program is also a program that should be installed on all computers. These will help reduce the risk that your computer gets infected by viruses or trojans in the future. Keep in mind that you only need ONE antivirus program installed on your computer. If you have more than one installed, they can often conflict and leave your system unprotected.Having up to date Antivirus and Firewall software is vital to keeping a healthy, infection free system

+++++++++++++++++++++++++++++++++++++++++++++++

To find out more information on how your system got infected, or how to protect yourself on the internet in the future, this article by Tony Klein provides some great information.

Good luck and safe surfing!

-mpascal
  • 0

#13
hyshi
Posted 14 March 2010 - 01:09 PM

hyshi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hi mpascal,

That's good news.

Just to verify, the first step appears to be blank for OTL. Is that what you want me to run?

Thanks a lot.
  • 0

#14
mpascal
Posted 14 March 2010 - 01:10 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Just those two lines are all you need to run.
  • 0

#15
hyshi
Posted 14 March 2010 - 06:41 PM

hyshi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Some how firefox didn't show the two lines. I switched to IE and it shows. Now after those two steps, firefox can show those lines again. Interesting.

Thank you very much for helping me. :)
I'll follow your suggestions, and remember to update McAfee once in a while.

hyshi
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP