Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect Virus [Closed]


  • This topic is locked This topic is locked

#1
fullofsmerch

fullofsmerch

    Member

  • Member
  • PipPip
  • 16 posts
Hi, my computer has recently been infected by the google redirect virus. Below is the MBAM log and the OTL log. I tried to run gmer but my computer blue screened on me. Help would be greatly appreciated, thanks in advance!

www.malwarebytes.org

Database version: 4221

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/21/2010 5:44:21 PM
mbam-log-2010-06-21 (17-44-21).txt

Scan type: Quick scan
Objects scanned: 137625
Time elapsed: 8 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by fullofsmerch, 21 June 2010 - 09:51 PM.

  • 0

Advertisements


#2
fullofsmerch

fullofsmerch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL logfile created on: 6/21/2010 7:09:41 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Frances Huang\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

734.00 Mb Total Physical Memory | 234.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 56.44 Gb Free Space | 50.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRANCESHUANG
Current User Name: Frances Huang
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/21 17:41:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frances Huang\Desktop\OTL.exe
PRC - [2010/04/01 01:41:05 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010/03/24 20:31:00 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/06/17 15:17:06 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/09/18 18:11:19 | 001,529,856 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/02/19 02:15:38 | 000,106,496 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/02/19 02:13:28 | 000,438,272 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2007/05/03 13:12:14 | 002,061,816 | ---- | M] (AT&T) -- C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2005/09/21 20:14:09 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/07/30 08:33:44 | 000,286,720 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
PRC - [2004/05/26 10:15:42 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/05/22 19:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\hphmon05.exe
PRC - [2002/12/17 11:40:22 | 000,049,152 | R--- | M] () -- C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe


========== Modules (SafeList) ==========

MOD - [2010/06/21 17:41:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frances Huang\Desktop\OTL.exe
MOD - [2008/09/19 08:28:44 | 000,198,144 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/05/26 10:15:36 | 000,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Moypl94cces)
SRV - [2010/05/15 22:16:54 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc -- (MSDTC)
SRV - [2010/03/24 20:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Security 360\IS360srv.exe -- (IS360service)
SRV - [2009/06/17 15:17:06 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/02/19 02:15:38 | 000,106,496 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2007/11/15 22:36:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\epfwtdi.sys -- (epfwtdi)
DRV - [2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\Epfwndis.sys -- (Epfwndis)
DRV - [2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\epfw.sys -- (epfw)
DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon)
DRV - [2009/06/17 15:02:04 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vpnva.sys -- (vpnva)
DRV - [2008/07/28 15:26:30 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - [2008/07/28 15:26:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - [2006/06/11 18:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2006/04/21 00:36:10 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/04/21 00:31:15 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2004/08/04 01:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\fsvga.sys -- (FsVga)
DRV - [2004/06/28 10:06:26 | 000,061,840 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\GTwinUSB.sys -- (GTwinUSB)
DRV - [2004/05/26 10:10:36 | 000,182,720 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP)
DRV - [2004/04/29 07:10:00 | 000,274,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/04/29 07:09:00 | 000,292,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/04/27 08:03:00 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys -- (RTL8023)
DRV - [2004/04/14 08:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\EABFiltr.sys -- (eabfiltr)
DRV - [2004/03/22 09:27:30 | 001,657,344 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\w22n51.sys -- (w22n51) Intel®
DRV - [2004/03/10 04:40:00 | 000,199,552 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/03/10 04:37:00 | 000,682,624 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2004/03/10 04:35:00 | 001,041,536 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/12/18 21:14:52 | 000,360,832 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\tnet1130.sys -- (TNET1130)
DRV - [2003/11/07 03:45:52 | 000,033,847 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wA301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2003/06/06 12:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\eabusb.sys -- (eabusb)
DRV - [2001/08/17 08:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 00:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA)
DRV - [2001/01/22 15:23:36 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\System32\zntport.sys -- (zntport)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.live.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:2.6.0.15


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/26 14:17:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/01 01:41:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/05/29 18:39:24 | 000,000,000 | ---D | M]

[2008/09/07 18:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Mozilla\Extensions
[2010/06/20 20:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Mozilla\Firefox\Profiles\46eexu6j.default\extensions
[2010/05/04 21:30:26 | 000,000,000 | ---D | M] (Swag Bucks Toolbar) -- C:\Documents and Settings\Frances Huang\Application Data\Mozilla\Firefox\Profiles\46eexu6j.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2009/11/15 21:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Mozilla\Firefox\Profiles\46eexu6j.default\extensions\[email protected]
[2010/04/21 12:07:48 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Application Data\Mozilla\FireFox\Profiles\46eexu6j.default\searchplugins\conduit.xml
[2010/06/20 20:45:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/05/06 09:42:04 | 007,260,160 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\libvlc.dll

O1 HOSTS File: ([2004/08/04 01:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe ()
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [ISW.exe] C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish....fishActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Frances Huang\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Frances Huang\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{165c8160-6c2e-11dd-ad18-00c09f6d43eb}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{69365450-28b1-11de-ae3d-00c09f6d43eb}\Shell\AutoRun\command - "" = G:\wd_windows_tools\WDEULA.exe -- File not found
O33 - MountPoints2\{75014390-e854-11dd-adc8-00c09f6d43eb}\Shell - "" = AutoRun
O33 - MountPoints2\{75014390-e854-11dd-adc8-00c09f6d43eb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{75014390-e854-11dd-adc8-00c09f6d43eb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9e570350-ad43-11dd-ad85-00c09f6d43eb}\Shell - "" = AutoRun
O33 - MountPoints2\{9e570350-ad43-11dd-ad85-00c09f6d43eb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e570350-ad43-11dd-ad85-00c09f6d43eb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b68939e0-e76e-11dd-adc7-00c09f6d43eb}\Shell\AutoRun\command - "" = WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2003/05/03 21:10:03 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/06/21 18:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frances Huang\Desktop\SysRestorePoint_v13
[2010/06/21 17:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frances Huang\Desktop\gmer
[2010/06/21 17:41:20 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Frances Huang\Desktop\OTL.exe
[2010/06/21 17:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/21 17:24:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/21 16:58:17 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Frances Huang\Desktop\TFC.exe
[2010/06/21 11:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frances Huang\Application Data\Malwarebytes
[2010/06/21 11:03:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/21 11:02:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/21 11:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/21 11:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/29 18:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frances Huang\Local Settings\Application Data\ESET
[2010/05/29 18:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frances Huang\Application Data\ESET
[2010/05/29 18:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/05/29 18:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/29 18:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/05/27 00:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/05/27 00:18:10 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/05/27 00:17:20 | 000,098,304 | ---- | C] (Hewlett Packard Company) -- C:\WINDOWS\System32\hpzjsn01.dll
[2010/05/16 12:01:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/16 11:15:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/05/16 11:15:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/05/16 11:15:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/05/16 11:15:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/05/16 11:11:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/05/16 11:02:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/05/16 10:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/05/15 22:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/05/15 22:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frances Huang\Application Data\IObit
[2010/04/21 21:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frances Huang\.CAS
[2010/04/11 14:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frances Huang\Desktop\tutor
[2010/04/09 23:04:21 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Frances Huang\My Documents\My Data Sources
[2010/04/04 11:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/03/24 20:33:50 | 000,055,232 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010/03/24 20:33:50 | 000,032,584 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwndis.sys
[2010/03/24 20:33:46 | 000,134,488 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfw.sys
[2010/03/24 20:31:06 | 000,114,984 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010/03/24 20:23:52 | 000,139,192 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys

========== Files - Modified Within 90 Days ==========

[2010/06/21 18:31:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/21 18:30:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/21 18:30:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/21 18:30:26 | 770,166,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/21 17:41:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frances Huang\Desktop\OTL.exe
[2010/06/21 17:27:39 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\NTREGOPT.lnk
[2010/06/21 17:27:39 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\ERUNT.lnk
[2010/06/21 17:24:07 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Frances Huang\NTUSER.DAT
[2010/06/21 17:00:37 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Frances Huang\ntuser.ini
[2010/06/21 16:58:29 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frances Huang\Desktop\TFC.exe
[2010/06/21 11:33:00 | 013,359,466 | -H-- | M] () -- C:\Documents and Settings\Frances Huang\Local Settings\Application Data\IconCache.db
[2010/06/21 11:03:04 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/17 15:47:46 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/12 22:50:55 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\partinggift.doc
[2010/06/12 18:35:56 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word (2).lnk
[2010/06/12 10:25:10 | 001,673,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 03:19:58 | 000,000,765 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/12 03:18:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 22:24:46 | 366,767,106 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\glee1_22.avi
[2010/05/29 19:28:34 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/05/29 17:50:17 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2010/05/29 17:28:37 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2010/05/27 00:18:49 | 000,110,421 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2010/05/25 13:14:15 | 000,419,840 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\Doc1.doc
[2010/05/21 11:30:00 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\ClerkIISupplementalQues.doc
[2010/05/16 12:04:02 | 000,443,380 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/16 12:04:02 | 000,383,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/16 12:04:02 | 000,053,806 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/16 12:00:07 | 000,096,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd3613.sys
[2010/05/16 11:11:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/16 11:08:38 | 000,044,055 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/05/16 10:40:43 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/05/15 22:02:45 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/05/10 22:16:04 | 000,263,680 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\CM2006 Carbonyl Lec8.doc
[2010/05/09 22:17:11 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\Microsoft Word.lnk
[2010/05/02 00:45:34 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/01 17:47:14 | 000,181,510 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\volunteer-application-503HI08.pdf
[2010/05/01 17:47:05 | 000,079,360 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\hepbvolunteer.doc
[2010/05/01 17:20:53 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\Hep-TEV_Training_Application_2010.doc
[2010/05/01 16:19:05 | 002,646,235 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\lancet1965.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/06 01:28:49 | 000,395,855 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\download.pdf
[2010/03/26 18:19:03 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\apts.doc
[2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwndis.sys
[2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfw.sys
[2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys

========== Files Created - No Company Name ==========

[2010/06/21 17:27:39 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\NTREGOPT.lnk
[2010/06/21 17:27:39 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\ERUNT.lnk
[2010/06/21 11:03:04 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/12 22:50:53 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\partinggift.doc
[2010/06/12 16:17:33 | 366,767,106 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\glee1_22.avi
[2010/05/29 19:28:34 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/05/29 17:28:37 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2010/05/27 00:17:41 | 000,000,234 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/05/27 00:17:34 | 000,110,421 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/05/27 00:17:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/05/27 00:17:09 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2010/05/25 13:14:15 | 000,419,840 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\Doc1.doc
[2010/05/21 11:26:27 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\ClerkIISupplementalQues.doc
[2010/05/16 11:09:21 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/16 11:06:12 | 000,044,055 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/05/16 10:40:43 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/05/15 22:02:45 | 000,000,881 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/05/10 22:16:03 | 000,263,680 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\CM2006 Carbonyl Lec8.doc
[2010/05/01 17:47:14 | 000,181,510 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\volunteer-application-503HI08.pdf
[2010/05/01 17:20:53 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\Hep-TEV_Training_Application_2010.doc
[2010/05/01 16:19:05 | 002,646,235 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\lancet1965.pdf
[2010/04/06 22:44:44 | 000,079,360 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\hepbvolunteer.doc
[2010/04/06 01:28:49 | 000,395,855 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\download.pdf
[2010/03/26 18:19:02 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\apts.doc
[2009/03/29 04:17:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/09/01 18:00:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SM2570CI.dll
[2008/09/01 17:59:45 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ml2570ci.dll
[2007/03/09 19:16:18 | 000,333,824 | ---- | C] () -- C:\WINDOWS\System32\dcrawlib.dll
[2007/03/04 04:40:43 | 000,000,752 | ---- | C] () -- C:\WINDOWS\AnimatorDV.INI
[2007/01/06 00:10:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2006/11/17 12:34:40 | 000,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/07/29 14:40:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/29 14:40:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/29 14:40:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/29 14:40:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/29 14:40:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/29 14:40:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/07/05 15:29:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/04/22 15:28:34 | 000,000,129 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2006/04/21 00:36:10 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/04/21 00:31:15 | 000,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/04/21 00:31:15 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd3613.sys
[2006/03/17 17:21:01 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005/09/09 17:30:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/09/09 17:26:49 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2005/09/04 22:53:06 | 000,002,686 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/09/03 22:09:02 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/07/15 11:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 11:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/15 11:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/04 11:59:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2004/08/07 06:39:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:30:20 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/09 04:22:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/05/03 23:28:08 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/05/03 23:21:40 | 000,000,894 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/05/03 23:09:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/03 23:00:00 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2008/12/20 19:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/07/01 23:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2010/05/29 22:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2008/04/23 21:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/05/24 21:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2009/11/18 23:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2010/05/29 18:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/05/16 10:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2007/06/16 17:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NannyMania
[2010/05/16 11:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/20 20:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/07 21:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/12/20 19:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\acccore
[2005/06/16 23:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Aim
[2009/07/01 23:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\AT&T
[2009/07/05 19:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\ATTToolbar
[2007/06/23 18:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Audacity
[2010/05/15 22:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Azureus
[2009/05/24 21:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\blg
[2009/11/18 23:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\DC++
[2010/05/29 18:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\ESET
[2007/10/06 23:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\fltk.org
[2010/06/17 13:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Fomyu
[2007/08/15 22:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Gamelab
[2005/07/10 21:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\InterVideo
[2010/05/29 17:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\IObit
[2006/03/27 20:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Netscape
[2006/12/25 14:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\NJStar
[2006/01/10 04:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Snapfish
[2008/10/13 02:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Template
[2007/10/06 23:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Third Wish Software and Animation
[2010/05/15 22:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\uTorrent
[2010/06/16 19:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Zyab
[2010/05/29 19:28:34 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/08/15 23:28:16 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2007/01/09 16:41:39 | 000,000,076 | ---- | M] () -- C:\DVDPATH.TXT
[2005/08/13 21:55:12 | 000,000,509 | ---- | M] () -- C:\graaace.lnk
[2010/06/21 18:30:26 | 770,166,784 | -HS- | M] () -- C:\hiberfil.sys
[2005/04/04 11:49:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/10/14 00:56:33 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2008/12/20 19:01:35 | 000,001,466 | -H-- | M] () -- C:\IPH.PH
[2006/06/20 17:19:48 | 001,556,480 | ---- | M] () -- C:\Loader.exe
[2007/04/19 01:42:44 | 000,000,000 | ---- | M] () -- C:\MediaSent.mpg
[2005/04/04 11:49:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 01:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2010/05/16 11:11:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/21 18:30:25 | 352,321,536 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2003/04/20 22:00:00 | 000,016,384 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD58.DLL
[2003/04/20 22:00:00 | 000,048,128 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP58.DLL
[2006/04/10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/06 23:05:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/06 23:05:54 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/06 23:05:54 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"RescheduleWaitTime" = 15
"NoAutoRebootWithLoggedOnUsers" = 1
"NoAutoUpdate" = 0
"AUOptions" = 4
"ScheduledInstallDay" = 0
"ScheduledInstallTime" = 3

========== Alternate Data Streams ==========

@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5EADA0D
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
  • 0

#3
fullofsmerch

fullofsmerch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL Extras logfile created on: 6/21/2010 7:09:41 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Frances Huang\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

734.00 Mb Total Physical Memory | 234.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 56.44 Gb Free Space | 50.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRANCESHUANG
Current User Name: Frances Huang
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"8224:TCP" = 8224:TCP:*:Enabled:Services
"8225:TCP" = 8225:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3612:TCP" = 3612:TCP:*:Enabled:Services
"5724:TCP" = 5724:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery
"10383:TCP" = 10383:TCP:*:Enabled:Foxy (169.254.174.206:10383) 10383 TCP
"10383:UDP" = 10383:UDP:*:Enabled:Foxy (169.254.174.206:10383) 10383 UDP
"139:TCP" = 139:TCP:128.32.30.64/255.255.255.224:Enabled:@xpsp2res.dll,-22004
"137:TCP" = 137:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-137:TCP
"445:TCP" = 445:TCP:128.32.30.64/255.255.255.224:Enabled:@xpsp2res.dll,-22005
"23:TCP" = 23:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-23:TCP
"25:TCP" = 25:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-25:TCP
"80:TCP" = 80:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-80:TCP
"20:TCP" = 20:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-20:TCP
"21:TCP" = 21:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-21:TCP
"113:TCP" = 113:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-113:TCP
"443:TCP" = 443:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-443:TCP
"1025:TCP" = 1025:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-1025:TCP
"135:UDP" = 135:UDP:128.32.30.64/255.255.255.224:Enabled:SNS-135:UDP
"137:UDP" = 137:UDP:128.32.30.64/255.255.255.224:Enabled:@xpsp2res.dll,-22001
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"8224:TCP" = 8224:TCP:*:Enabled:Services
"8225:TCP" = 8225:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3612:TCP" = 3612:TCP:*:Enabled:Services
"5724:TCP" = 5724:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\InterVideo\DVD7\WinDVD.exe" = C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Iometer.org\Iometer 2006.07.27\Iometer.exe" = C:\Program Files\Iometer.org\Iometer 2006.07.27\Iometer.exe:*:Enabled:Iometer Control/GUI -- (Intel Corporation)
"C:\Program Files\Iometer.org\Iometer 2006.07.27\Dynamo.exe" = C:\Program Files\Iometer.org\Iometer 2006.07.27\Dynamo.exe:*:Enabled:Iometer Workload Generator -- (Intel Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Frances Huang\Desktop\games\[ PC Games ] - Age of Empires II(FULL)(3)\age2_x1.exe" = C:\Documents and Settings\Frances Huang\Desktop\games\[ PC Games ] - Age of Empires II(FULL)(3)\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Camera Window
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5F64E152-51C1-47B4-BEA8-007D73C7460F}" = Cisco AnyConnect VPN Client
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FA269F8-38CB-4DF7-AA0D-36E3CE789485}" = HP Software Update
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9516A4F3-A620-4C4B-B17C-750C6B87AF4B}" = ESET Smart Security
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}" = Adobe Premiere Pro 1.5
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 B3
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E600A3D5-3552-48A4-9F99-C75E4C4065F9}" = MacGAMUT 6
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F2E6CAF1-D651-4A74-8CC6-D92FE81FDBCC}" = WD Drive Manager (x86)
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AMA" = AutoCAD 2000 Migration Assistance
"AOL Instant Messenger" = AOL Instant Messenger
"ATT-HSI" = ATT-HSI
"ATT-SST" = AT&T Self Support Tool
"ATTToolbar" = AT&T Toolbar
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"AutoCAD 2000 Uninstall" = AutoCAD 2000
"Be Secure 2008" = Be Secure 2008
"CANONBJ_Deinstall_CNMCP58.DLL" = Canon i560
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_3080103C" = SoftV92 Data Fax Modem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Conexant PCI Audio" = Conexant AC-Link Audio
"DC++" = DC++ 0.750
"[email protected]" = [email protected] 1.2.3.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ERUNT_is1" = ERUNT 1.1j
"Final Fantasy VII" = Final Fantasy VII
"Final Fantasy VII XP Patch" = Final Fantasy VII XP Patch
"Focus on Fundamentals_is1" = Focus on Fundamentals 9e
"ie8" = Windows Internet Explorer 8
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Canon Camera Window for ZoomBrowser EX
"InterActual Player" = InterActual Player
"IObit Security 360_is1" = IObit Security 360
"MagpiePro2_is1" = Magpie Pro
"Mah Jong Tiles Deluxe" = Mah Jong Tiles Deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MavisBeacon9" = Mavis Beacon Teaches Typing 9.0.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NJStar Chinese WP" = NJStar Chinese WP
"PCFriendly" = PCFriendly
"PhotoRecord" = Canon PhotoRecord
"RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Samsung ML-2570 Series" = Samsung ML-2570 Series
"Skype_is1" = Skype 2.0
"Smart Defrag_is1" = Smart Defrag
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"Stop Motion Pro v5.1 Educational/Junior_is1" = Stop Motion Pro v5.1 Educational/Junior
"Stop Motion Pro v5.1 Trial_is1" = Stop Motion Pro v5.1 Trial
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/16/2010 2:06:12 PM | Computer Name = FRANCESHUANG | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 5/16/2010 2:06:12 PM | Computer Name = FRANCESHUANG | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 5/16/2010 2:07:19 PM | Computer Name = FRANCESHUANG | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 5/16/2010 2:07:19 PM | Computer Name = FRANCESHUANG | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 5/16/2010 2:09:27 PM | Computer Name = FRANCESHUANG | Source = pctsSvc.exe | ID = 0
Description =

Error - 5/16/2010 3:03:46 PM | Computer Name = FRANCESHUANG | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 5/16/2010 3:03:46 PM | Computer Name = FRANCESHUANG | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 5/16/2010 3:03:46 PM | Computer Name = FRANCESHUANG | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 5/16/2010 3:03:46 PM | Computer Name = FRANCESHUANG | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 6/21/2010 9:29:29 PM | Computer Name = FRANCESHUANG | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0000c4b1.

[ Cisco AnyConnect VPN Client Events ]
Error - 5/4/2010 8:23:55 PM | Computer Name = FRANCESHUANG | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 5/9/2010 4:20:12 AM | Computer Name = FRANCESHUANG | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 5/9/2010 2:50:45 PM | Computer Name = FRANCESHUANG | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 5/9/2010 2:50:45 PM | Computer Name = FRANCESHUANG | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service

Error - 5/15/2010 6:41:15 AM | Computer Name = FRANCESHUANG | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 5/17/2010 4:20:24 AM | Computer Name = FRANCESHUANG | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 5/19/2010 4:11:27 AM | Computer Name = FRANCESHUANG | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 6/5/2010 5:38:22 AM | Computer Name = FRANCESHUANG | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 6/5/2010 5:38:22 AM | Computer Name = FRANCESHUANG | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service

Error - 6/17/2010 3:35:10 AM | Computer Name = FRANCESHUANG | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

[ System Events ]
Error - 6/21/2010 9:30:45 PM | Computer Name = FRANCESHUANG | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 6/21/2010 9:30:45 PM | Computer Name = FRANCESHUANG | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 6/21/2010 9:30:45 PM | Computer Name = FRANCESHUANG | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Western Digital\WD
Drive Manager\MFC80.DLL. Reference error message: The operation completed successfully.
.

Error - 6/21/2010 9:30:52 PM | Computer Name = FRANCESHUANG | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 6/21/2010 9:30:52 PM | Computer Name = FRANCESHUANG | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 6/21/2010 9:30:52 PM | Computer Name = FRANCESHUANG | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Western Digital\WD
Drive Manager\MFC80.DLL. Reference error message: The operation completed successfully.
.

Error - 6/21/2010 9:31:01 PM | Computer Name = FRANCESHUANG | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 6/21/2010 9:31:01 PM | Computer Name = FRANCESHUANG | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 6/21/2010 10:10:01 PM | Computer Name = FRANCESHUANG | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 6/21/2010 10:10:01 PM | Computer Name = FRANCESHUANG | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >
  • 0

#4
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi fullofsmerch,

Welcome to Geeks To Go!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

  • 0

#5
fullofsmerch

fullofsmerch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thank you for your help!

21:53:11:173 3796 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
21:53:11:173 3796 ================================================================================
21:53:11:173 3796 SystemInfo:

21:53:11:173 3796 OS Version: 5.1.2600 ServicePack: 3.0
21:53:11:173 3796 Product type: Workstation
21:53:11:173 3796 ComputerName: FRANCESHUANG
21:53:11:173 3796 UserName: Frances Huang
21:53:11:173 3796 Windows directory: C:\WINDOWS
21:53:11:173 3796 Processor architecture: Intel x86
21:53:11:173 3796 Number of processors: 1
21:53:11:173 3796 Page size: 0x1000
21:53:11:183 3796 Boot type: Normal boot
21:53:11:183 3796 ================================================================================
21:53:12:175 3796 Initialize success
21:53:12:175 3796
21:53:12:175 3796 Scanning Services ...
21:53:12:685 3796 Raw services enum returned 349 services
21:53:12:695 3796
21:53:12:695 3796 Scanning Drivers ...
21:53:13:446 3796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:53:13:486 3796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:53:13:536 3796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:53:13:607 3796 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
21:53:13:637 3796 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:53:13:697 3796 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:53:13:727 3796 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:53:13:787 3796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:53:13:807 3796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:53:13:837 3796 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:53:13:877 3796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:53:13:897 3796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:53:13:967 3796 CAMCAUD (5a94e9d6e2716e38183959d8f4c2a5a9) C:\WINDOWS\system32\drivers\camcaud.sys
21:53:13:997 3796 CAMCHALA (e7e737bc125d6beb50669ff4b61ced19) C:\WINDOWS\system32\drivers\camchal.sys
21:53:14:037 3796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:53:14:077 3796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:53:14:097 3796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:53:14:117 3796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:53:14:157 3796 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:53:14:187 3796 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:53:14:288 3796 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
21:53:14:308 3796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:53:14:358 3796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:53:14:448 3796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:53:14:478 3796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:53:14:518 3796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:53:14:548 3796 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:53:14:598 3796 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
21:53:14:598 3796 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d
21:53:14:648 3796 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
21:53:14:678 3796 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
21:53:14:728 3796 eamon (b7b3fbc5591358b89955c4189970269e) C:\WINDOWS\system32\DRIVERS\eamon.sys
21:53:14:788 3796 ehdrv (a6823c79f80c1a76ab7f3f1f425e524c) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
21:53:14:818 3796 epfw (c5c747ba9de4a5e3505e55cf1a1691d6) C:\WINDOWS\system32\DRIVERS\epfw.sys
21:53:14:838 3796 Epfwndis (032ee036530a5cfb2c403ab42107f9e1) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
21:53:14:868 3796 epfwtdi (93adbe06d968e885bfe0cc0ba5ac113d) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
21:53:14:908 3796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:53:14:949 3796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:53:14:979 3796 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:53:14:999 3796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:53:15:029 3796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:53:15:059 3796 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
21:53:15:089 3796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:53:15:109 3796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:53:15:169 3796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:53:15:209 3796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:53:15:229 3796 GTwinUSB (5758a9441e23fb1e6b45f1855848e6a0) C:\WINDOWS\system32\Drivers\GTwinUSB.sys
21:53:15:259 3796 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:53:15:319 3796 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:53:15:379 3796 HSFHWICH (eecf0c3b62040f26c62b6579794c702e) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
21:53:15:439 3796 HSF_DP (4683b5d9566b8653d4580c407c8d0fbc) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
21:53:15:529 3796 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:53:15:650 3796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:53:15:700 3796 ialm (20d7e1e0a3c3ce12769428d4236b1ba1) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:53:15:720 3796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:53:15:760 3796 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:53:15:800 3796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:53:15:820 3796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:53:15:840 3796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:53:15:870 3796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:53:15:900 3796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:53:15:940 3796 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:53:15:980 3796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:53:16:000 3796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:53:16:010 3796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:53:16:030 3796 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:53:16:080 3796 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
21:53:16:120 3796 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:53:16:160 3796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:53:16:230 3796 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:53:16:250 3796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:53:16:280 3796 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:53:16:300 3796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:53:16:351 3796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:53:16:371 3796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:53:16:681 3796 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:53:17:031 3796 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:53:17:062 3796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:53:17:152 3796 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:53:17:172 3796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:53:17:202 3796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:53:17:222 3796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:53:17:252 3796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:53:17:302 3796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:53:17:322 3796 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:53:17:342 3796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:53:17:402 3796 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:53:17:462 3796 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:53:17:502 3796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:53:17:542 3796 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:53:17:552 3796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:53:17:602 3796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:53:17:662 3796 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:53:17:682 3796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:53:17:722 3796 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:53:17:773 3796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:53:17:793 3796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:53:17:803 3796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:53:17:823 3796 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:53:17:843 3796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:53:17:863 3796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:53:17:903 3796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:53:17:933 3796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:53:17:963 3796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:53:17:993 3796 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:53:18:233 3796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:53:18:253 3796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:53:18:273 3796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:53:18:313 3796 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
21:53:18:403 3796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:53:18:444 3796 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:53:18:494 3796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:53:18:514 3796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:53:18:534 3796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:53:18:564 3796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:53:18:574 3796 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:53:18:634 3796 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:53:18:664 3796 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:53:18:724 3796 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
21:53:18:774 3796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:53:18:804 3796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:53:18:834 3796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:53:18:874 3796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
21:53:18:914 3796 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
21:53:18:954 3796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:53:19:024 3796 sptd (dffe1bfebe8debb3a693c13e58debc62) C:\WINDOWS\system32\Drivers\sptd.sys
21:53:19:024 3796 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: dffe1bfebe8debb3a693c13e58debc62
21:53:19:064 3796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:53:19:104 3796 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
21:53:19:145 3796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:53:19:165 3796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:53:19:355 3796 SynTP (46f01e6abdb16bd643d35242f7f71ca9) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:53:19:405 3796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:53:19:465 3796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:53:19:505 3796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:53:19:545 3796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:53:19:585 3796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:53:19:655 3796 TNET1130 (09ffbc2aa3988f155b4ab700b81070cd) C:\WINDOWS\system32\DRIVERS\tnet1130.sys
21:53:19:715 3796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:53:19:785 3796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:53:19:826 3796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:53:19:886 3796 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:53:19:906 3796 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:53:19:946 3796 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:53:19:986 3796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:53:20:006 3796 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:53:20:026 3796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:53:20:046 3796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:53:20:076 3796 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:53:20:096 3796 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:53:20:146 3796 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\WINDOWS\system32\DRIVERS\vpnva.sys
21:53:20:226 3796 w22n51 (b6cb2cce557ce57c72c3d31e701e6e39) C:\WINDOWS\system32\DRIVERS\w22n51.sys
21:53:20:346 3796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:53:20:396 3796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:53:20:476 3796 winachsf (2a8c145e9e9e63b0071da4f35544ab9d) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:53:20:527 3796 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:53:20:597 3796 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:53:20:637 3796 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:53:20:677 3796 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:53:20:727 3796 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\zntport.sys
21:53:20:817 3796 {6080A529-897E-4629-A488-ABA0C29B635E} (887d6363d9d8de694e4b66f0186952d4) C:\WINDOWS\system32\drivers\ialmsbw.sys
21:53:20:847 3796 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (9acbcba2a6d11fb9ada56996b9586752) C:\WINDOWS\system32\drivers\ialmkchw.sys
21:53:20:907 3796 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} (dfedb24618117e72d5b5c8f95d877b0b) C:\WINDOWS\system32\drivers\wA301a.sys
21:53:20:907 3796
21:53:20:907 3796 Completed
21:53:20:907 3796
21:53:20:907 3796 Results:
21:53:20:907 3796 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:53:20:907 3796 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:53:20:907 3796
21:53:20:917 3796 KLMD(ARK) unloaded successfully
  • 0

#6
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
  • 0

#7
fullofsmerch

fullofsmerch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ComboFix 10-06-22.02 - Frances Huang 06/22/2010 18:20:13.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.734.340 [GMT -7:00]
Running from: c:\documents and settings\Frances Huang\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Frances Huang\jre-6u13-windows-i586-p.exe
c:\windows\system32\drivers\OCA_LOG.TXT
c:\windows\system32\ndisapi.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-22 00:27 . 2010-06-22 00:27 -------- d-----w- c:\program files\ERUNT
2010-06-21 18:03 . 2010-06-21 18:03 -------- d-----w- c:\documents and settings\Frances Huang\Application Data\Malwarebytes
2010-06-21 18:03 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-21 18:02 . 2010-06-21 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-21 18:02 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-21 18:02 . 2010-06-21 18:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-19 00:19 . 2010-06-19 00:19 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-06-19 00:19 . 2009-04-10 22:52 13195 ----a-w- c:\documents and settings\HelpAssistant\ZGUICFGW.DAT
2010-06-19 00:19 . 2010-06-19 00:19 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-06-19 00:05 . 2010-06-23 01:19 -------- d-----w- c:\documents and settings\HelpAssistant
2010-06-11 19:03 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-30 01:40 . 2010-05-30 01:40 -------- d-----w- c:\documents and settings\Frances Huang\Local Settings\Application Data\ESET
2010-05-30 01:40 . 2010-05-30 01:40 -------- d-----w- c:\documents and settings\Frances Huang\Application Data\ESET
2010-05-30 01:40 . 2010-05-30 01:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-05-30 01:39 . 2010-05-30 01:39 -------- d-----w- c:\program files\ESET
2010-05-30 01:39 . 2010-05-30 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-05-27 07:20 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-05-27 07:20 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-05-27 07:19 . 2006-03-04 04:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2010-05-27 07:19 . 2006-03-04 04:03 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-05-27 07:19 . 2006-03-04 04:02 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-05-27 07:19 . 2006-03-04 04:02 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-05-27 07:19 . 2006-03-04 04:02 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-05-27 07:19 . 2006-03-04 04:03 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2010-05-27 07:18 . 2010-05-27 07:18 -------- d-----w- c:\program files\HP
2010-05-27 07:17 . 2010-05-27 07:18 110421 ----a-w- c:\windows\hpoins11.dat
2010-05-27 07:17 . 2006-04-13 00:04 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-05-27 07:17 . 2006-01-04 08:12 77824 ----a-w- c:\windows\system32\HPZIDS01.dll
2010-05-27 07:17 . 2005-07-19 01:39 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2010-05-27 07:17 . 2006-04-13 00:04 282624 ----a-w- c:\windows\system32\HPZc3212.dll
2010-05-27 07:17 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll
2010-05-27 07:17 . 2006-04-13 00:02 827392 ----a-w- c:\windows\system32\hpotiop2.dll
2010-05-27 07:17 . 2006-04-13 00:02 254026 ----a-w- c:\windows\system32\hpovst09.dll
2010-05-27 07:17 . 2006-05-06 02:52 6947 ----a-w- c:\windows\hpomdl11.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 02:56 . 2007-11-16 05:55 -------- d-----w- c:\program files\Bonjour
2010-06-22 02:56 . 2008-08-25 17:14 -------- d-----w- c:\program files\Be Secure 2008
2010-06-19 08:08 . 2008-11-08 03:16 -------- d-----w- c:\documents and settings\Frances Huang\Application Data\U3
2010-06-17 20:52 . 2009-10-18 22:23 -------- d-----w- c:\documents and settings\Frances Huang\Application Data\Fomyu
2010-06-17 02:02 . 2007-12-03 02:51 -------- d-----w- c:\documents and settings\Frances Huang\Application Data\Zyab
2010-06-12 08:15 . 2010-04-14 01:49 439816 ----a-w- c:\documents and settings\Frances Huang\Application Data\Real\Update\setup3.10\setup.exe
2010-06-05 00:43 . 2009-07-30 06:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 05:03 . 2009-07-02 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar
2010-05-30 00:50 . 2003-05-04 06:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-30 00:50 . 2008-08-25 17:16 -------- d-----w- c:\program files\Symantec Client Security
2010-05-30 00:50 . 2003-05-04 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-30 00:50 . 2008-08-25 17:18 40 ----a-w- c:\windows\system32\profile.dat
2010-05-30 00:28 . 2010-05-16 05:02 -------- d-----w- c:\documents and settings\Frances Huang\Application Data\IObit
2010-05-30 00:28 . 2010-05-16 05:02 -------- d-----w- c:\program files\IObit
2010-05-27 07:18 . 2003-05-04 06:32 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-16 19:00 . 2006-04-21 07:31 96384 ----a-w- c:\windows\system32\drivers\sptd3613.sys
2010-05-16 18:17 . 2004-08-07 13:30 82763 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-16 18:10 . 2007-06-17 00:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-16 17:43 . 2005-08-14 04:12 -------- d-----w- c:\program files\LimeWire
2010-05-16 17:40 . 2010-05-16 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-05-16 05:16 . 2006-02-26 06:41 -------- d-----w- c:\documents and settings\Frances Huang\Application Data\Azureus
2010-05-16 05:16 . 2009-07-02 06:30 -------- d-----w- c:\program files\ATT
2010-05-16 05:16 . 2008-06-28 06:44 -------- d-----w- c:\documents and settings\Frances Huang\Application Data\uTorrent
2010-05-06 10:41 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 08:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-21 19:07 . 2010-05-05 04:30 52224 ----a-w- c:\documents and settings\Frances Huang\Application Data\Mozilla\Firefox\Profiles\46eexu6j.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
2010-04-21 19:07 . 2010-05-05 04:30 101376 ----a-w- c:\documents and settings\Frances Huang\Application Data\Mozilla\Firefox\Profiles\46eexu6j.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
2010-04-20 05:30 . 2004-08-04 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-03-25 03:33 . 2010-03-25 03:33 55232 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2010-03-25 03:33 . 2010-03-25 03:33 32584 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-03-25 03:33 . 2010-03-25 03:33 134488 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-03-25 03:31 . 2010-03-25 03:31 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-25 03:23 . 2010-03-25 03:23 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2006-05-06 16:42 . 2006-07-29 06:48 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-30 118784]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 536576]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-23 483328]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-04-30 208958]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 286720]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 438272]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-22 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-25 1280272]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-25 2145000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-6-14 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\foxy
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysldtray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 04:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 09:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-06-30 18:00 2836376 ----a-w- c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2008-02-23 12:24 536576 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-09-22 03:14 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Iometer.org\\Iometer 2006.07.27\\Iometer.exe"=
"c:\\Program Files\\Iometer.org\\Iometer 2006.07.27\\Dynamo.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Frances Huang\\Desktop\\games\\[ PC Games ] - Age of Empires II(FULL)(3)\\age2_x1.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"10383:TCP"= 10383:TCP:Foxy (169.254.174.206:10383) 10383 TCP
"10383:UDP"= 10383:UDP:Foxy (169.254.174.206:10383) 10383 UDP
"139:TCP"= 139:TCP:128.32.30.64/255.255.255.224:Enabled:@xpsp2res.dll,-22004
"137:TCP"= 137:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-137:TCP
"445:TCP"= 445:TCP:128.32.30.64/255.255.255.224:Enabled:@xpsp2res.dll,-22005
"23:TCP"= 23:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-23:TCP
"25:TCP"= 25:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-25:TCP
"20:TCP"= 20:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-20:TCP
"21:TCP"= 21:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-21:TCP
"113:TCP"= 113:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-113:TCP
"443:TCP"= 443:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-443:TCP
"1025:TCP"= 1025:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-1025:TCP
"135:UDP"= 135:UDP:128.32.30.64/255.255.255.224:Enabled:SNS-135:UDP
"137:UDP"= 137:UDP:128.32.30.64/255.255.255.224:Enabled:@xpsp2res.dll,-22001
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"8224:TCP"= 8224:TCP:Services
"8225:TCP"= 8225:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"3612:TCP"= 3612:TCP:Services
"5724:TCP"= 5724:TCP:Services

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/24/2010 8:31 PM 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [3/24/2010 8:31 PM 810120]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [5/16/2010 10:40 AM 311568]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [6/17/2009 3:17 PM 434864]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2/19/2008 2:15 AM 106496]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [6/23/2007 6:32 PM 61840]
S3 TNET1130;IEEE 802.11g Wireless Cardbus/PCI Adapter;c:\windows\system32\drivers\TNET1130.sys [4/4/2005 11:02 AM 360832]
S4 Moypl94cces;Moypl94cces; [x]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/21/2006 12:31 AM 642560]
.
Contents of the 'Scheduled Tasks' folder

2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-05-30 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-05-30 19:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Foxy ?? - c:\program files\Foxy\Foxy.exe/download.htm
IE: Foxy ?? - c:\program files\Foxy\Foxy.exe/download.htm
IE: Foxy ?? - c:\program files\Foxy\Foxy.exe/search.htm
Trusted Zone: motive.com\patttbc.att
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\documents and settings\Frances Huang\Application Data\Mozilla\Firefox\Profiles\46eexu6j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://berkeley.edu/
FF - component: c:\documents and settings\Frances Huang\Application Data\Mozilla\Firefox\Profiles\46eexu6j.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Frances Huang\Application Data\Mozilla\Firefox\Profiles\46eexu6j.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Frances Huang\Application Data\Move Networks\plugins\npqmp071502000008.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.external.foxy", true);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.warn-external.foxy", false);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.expose.foxy", true);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("general.useragent.extra.foxy1", "Foxy/1");
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
Notify-NavLogon - (no file)
AddRemove-Final Fantasy VII - c:\program files\Square Soft
AddRemove-Final Fantasy VII XP Patch - c:\program files\Square Soft
AddRemove-WinAce Archiver - c:\program files\WinAce\SXUNINST.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-22 18:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?9?5?8??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8328478A]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7bc7f28
\Driver\ACPI -> ACPI.sys @ 0xf7b3acb8
\Driver\atapi -> ntoskrnl.exe @ 0x805c7abe
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> 0x832eab00
PacketIndicateHandler -> NDIS.sys @ 0xf79eda21
SendHandler -> NDIS.sys @ 0xf79e1d44
copy of MBR has been found in sector 0x0DF937C1
malicious code @ sector 0x0DF937C4 !
PE file found in sector at 0x0DF937DA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1669914770-2036995825-895406279-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4C7EA454-73CE-95BD-B2D5-74AF5596AA2B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iafkanneejlagjiboj"=hex:63,61,69,64,6f,6c,00,7c

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C7EA454-73CE-95BD-B2D5-74AF5596AA2B}\InProcServer32*]
"mahiglckngfjfgpcfccpgffflg"=hex:6f,62,63,65,64,6d,6a,6f,62,6b,63,69,6b,70,66,
6b,66,6c,65,63,6e,62,62,62,65,70,6c,6b,6d,63,70,65,62,65,61,6d,6b,68,68,6f,\
"mahielhgihhphlifeogmefflaf"=hex:67,61,69,69,65,66,68,6b,6c,66,64,64,6a,6a,00,
6b
"mahielhgihhphlifeogmeffldf"=hex:67,61,65,65,70,67,62,61,6c,67,6b,67,6b,6b,00,
6b
"iahijlcjjoapoceocb"=hex:6b,63,67,69,6c,69,6d,65,6a,69,6c,6e,69,6b,65,64,67,6b,
69,62,6e,64,68,62,6d,66,6a,6b,6f,70,6a,67,64,68,6f,6d,70,69,61,61,68,6b,62,\
"mahiflagofbflmafpanjhpakhe"=hex:62,61,66,65,00,69
.
Completion time: 2010-06-22 18:49:06
ComboFix-quarantined-files.txt 2010-06-23 01:49

Pre-Run: 60,584,161,280 bytes free
Post-Run: 60,560,736,256 bytes free

- - End Of File - - 1F1564B942A19B41623403E716EEE8AC
  • 0

#8
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

Close any open browsers, and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

MBR::
  • Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#9
fullofsmerch

fullofsmerch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hello, here's the log file as requested. Thanks again for all the help!

ComboFix 10-06-23.02 - Frances Huang 06/23/2010 20:15:18.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.734.452 [GMT -7:00]
Running from: c:\documents and settings\Frances Huang\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Frances Huang\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.

2010-06-22 00:27 . 2010-06-22 00:27 -------- d-----w- c:\program files\ERUNT
2010-06-21 18:03 . 2010-06-21 18:03 -------- d-----w- c:\documents and settings\Frances Huang\Application Data\Malwarebytes
2010-06-21 18:03 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-21 18:02 . 2010-06-21 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-21 18:02 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-21 18:02 . 2010-06-21 18:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-19 00:19 . 2010-06-19 00:19 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-06-19 00:19 . 2009-04-10 22:52 13195 ----a-w- c:\documents and settings\HelpAssistant\ZGUICFGW.DAT
2010-06-19 00:19 . 2010-06-19 00:19 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-06-19 00:05 . 2010-06-23 01:19 -------- d-----w- c:\documents and settings\HelpAssistant
2010-06-11 19:03 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-30 01:40 . 2010-05-30 01:40 -------- d-----w- c:\documents and settings\Frances Huang\Local Settings\Application Data\ESET
2010-05-30 01:40 . 2010-05-30 01:40 -------- d-----w- c:\documents and settings\Frances Huang\Application Data\ESET
2010-05-30 01:40 . 2010-05-30 01:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-05-30 01:39 . 2010-05-30 01:39 -------- d-----w- c:\program files\ESET
2010-05-30 01:39 . 2010-05-30 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-05-27 07:20 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-05-27 07:20 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-05-27 07:19 . 2006-03-04 04:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2010-05-27 07:19 . 2006-03-04 04:03 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-05-27 07:19 . 2006-03-04 04:02 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-05-27 07:19 . 2006-03-04 04:02 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-05-27 07:19 . 2006-03-04 04:02 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-05-27 07:19 . 2006-03-04 04:03 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2010-05-27 07:18 . 2010-05-27 07:18 -------- d-----w- c:\program files\HP
2010-05-27 07:17 . 2010-05-27 07:18 110421 ----a-w- c:\windows\hpoins11.dat
2010-05-27 07:17 . 2006-04-13 00:04 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-05-27 07:17 . 2006-01-04 08:12 77824 ----a-w- c:\windows\system32\HPZIDS01.dll
2010-05-27 07:17 . 2005-07-19 01:39 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2010-05-27 07:17 . 2006-04-13 00:04 282624 ----a-w- c:\windows\system32\HPZc3212.dll
2010-05-27 07:17 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll
2010-05-27 07:17 . 2006-04-13 00:02 827392 ----a-w- c:\windows\system32\hpotiop2.dll
2010-05-27 07:17 . 2006-04-13 00:02 254026 ----a-w- c:\windows\system32\hpovst09.dll
2010-05-27 07:17 . 2006-05-06 02:52 6947 ----a-w- c:\windows\hpomdl11.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 08:06 . 2009-07-02 06:47 -------- d-----w- c:\program files\ATTToolbar
2010-06-22 02:56 . 2007-11-16 05:55 -------- d-----w- c:\program files\Bonjour
2010-06-22 02:56 . 2008-08-25 17:14 -------- d-----w- c:\program files\Be Secure 2008
2010-06-19 08:08 . 2008-11-08 03:16 -------- d-----w- c:\documents and settings\Frances Huang\Application Data\U3
2010-06-17 20:52 . 2009-10-18 22:23 -------- d-----w- c:\documents and settings\Frances Huang\Application Data\Fomyu
2010-06-17 02:02 . 2007-12-03 02:51 -------- d-----w- c:\documents and settings\Frances Huang\Application Data\Zyab
2010-06-12 08:15 . 2010-04-14 01:49 439816 ----a-w- c:\documents and settings\Frances Huang\Application Data\Real\Update\setup3.10\setup.exe
2010-06-05 00:43 . 2009-07-30 06:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 00:50 . 2003-05-04 06:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-30 00:50 . 2008-08-25 17:16 -------- d-----w- c:\program files\Symantec Client Security
2010-05-30 00:50 . 2003-05-04 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-30 00:50 . 2008-08-25 17:18 40 ----a-w- c:\windows\system32\profile.dat
2010-05-30 00:28 . 2010-05-16 05:02 -------- d-----w- c:\documents and settings\Frances Huang\Application Data\IObit
2010-05-30 00:28 . 2010-05-16 05:02 -------- d-----w- c:\program files\IObit
2010-05-27 07:18 . 2003-05-04 06:32 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-16 19:00 . 2006-04-21 07:31 96384 ----a-w- c:\windows\system32\drivers\sptd3613.sys
2010-05-16 18:17 . 2004-08-07 13:30 82763 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-16 18:10 . 2007-06-17 00:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-16 17:43 . 2005-08-14 04:12 -------- d-----w- c:\program files\LimeWire
2010-05-16 17:40 . 2010-05-16 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-05-16 05:16 . 2006-02-26 06:41 -------- d-----w- c:\documents and settings\Frances Huang\Application Data\Azureus
2010-05-16 05:16 . 2009-07-02 06:30 -------- d-----w- c:\program files\ATT
2010-05-16 05:16 . 2008-06-28 06:44 -------- d-----w- c:\documents and settings\Frances Huang\Application Data\uTorrent
2010-05-06 10:41 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 08:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-21 19:07 . 2010-05-05 04:30 52224 ----a-w- c:\documents and settings\Frances Huang\Application Data\Mozilla\Firefox\Profiles\46eexu6j.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
2010-04-21 19:07 . 2010-05-05 04:30 101376 ----a-w- c:\documents and settings\Frances Huang\Application Data\Mozilla\Firefox\Profiles\46eexu6j.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
2010-04-20 05:30 . 2004-08-04 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2006-05-06 16:42 . 2006-07-29 06:48 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-30 118784]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 536576]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-23 483328]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-04-30 208958]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 286720]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 438272]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-22 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-25 1280272]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-25 2145000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-6-14 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 04:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 09:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-06-30 18:00 2836376 ----a-w- c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2008-02-23 12:24 536576 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-09-22 03:14 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Iometer.org\\Iometer 2006.07.27\\Iometer.exe"=
"c:\\Program Files\\Iometer.org\\Iometer 2006.07.27\\Dynamo.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Frances Huang\\Desktop\\games\\[ PC Games ] - Age of Empires II(FULL)(3)\\age2_x1.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"10383:TCP"= 10383:TCP:Foxy (169.254.174.206:10383) 10383 TCP
"10383:UDP"= 10383:UDP:Foxy (169.254.174.206:10383) 10383 UDP
"139:TCP"= 139:TCP:128.32.30.64/255.255.255.224:Enabled:@xpsp2res.dll,-22004
"137:TCP"= 137:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-137:TCP
"445:TCP"= 445:TCP:128.32.30.64/255.255.255.224:Enabled:@xpsp2res.dll,-22005
"23:TCP"= 23:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-23:TCP
"25:TCP"= 25:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-25:TCP
"20:TCP"= 20:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-20:TCP
"21:TCP"= 21:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-21:TCP
"113:TCP"= 113:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-113:TCP
"443:TCP"= 443:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-443:TCP
"1025:TCP"= 1025:TCP:128.32.30.64/255.255.255.224:Enabled:SNS-1025:TCP
"135:UDP"= 135:UDP:128.32.30.64/255.255.255.224:Enabled:SNS-135:UDP
"137:UDP"= 137:UDP:128.32.30.64/255.255.255.224:Enabled:@xpsp2res.dll,-22001
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"8224:TCP"= 8224:TCP:Services
"8225:TCP"= 8225:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"3612:TCP"= 3612:TCP:Services
"5724:TCP"= 5724:TCP:Services
"4079:TCP"= 4079:TCP:Services
"6658:TCP"= 6658:TCP:Services

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/24/2010 8:31 PM 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [3/24/2010 8:31 PM 810120]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [6/17/2009 3:17 PM 434864]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2/19/2008 2:15 AM 106496]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [5/16/2010 10:40 AM 311568]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [6/23/2007 6:32 PM 61840]
S3 TNET1130;IEEE 802.11g Wireless Cardbus/PCI Adapter;c:\windows\system32\drivers\TNET1130.sys [4/4/2005 11:02 AM 360832]
S4 Moypl94cces;Moypl94cces; [x]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/21/2006 12:31 AM 642560]
.
Contents of the 'Scheduled Tasks' folder

2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Foxy ?? - c:\program files\Foxy\Foxy.exe/download.htm
IE: Foxy ?? - c:\program files\Foxy\Foxy.exe/download.htm
IE: Foxy ?? - c:\program files\Foxy\Foxy.exe/search.htm
Trusted Zone: motive.com\patttbc.att
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\documents and settings\Frances Huang\Application Data\Mozilla\Firefox\Profiles\46eexu6j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://berkeley.edu/
FF - component: c:\documents and settings\Frances Huang\Application Data\Mozilla\Firefox\Profiles\46eexu6j.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Frances Huang\Application Data\Mozilla\Firefox\Profiles\46eexu6j.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Frances Huang\Application Data\Move Networks\plugins\npqmp071502000008.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.external.foxy", true);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.warn-external.foxy", false);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.expose.foxy", true);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("general.useragent.extra.foxy1", "Foxy/1");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 20:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????:?F????P???? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1669914770-2036995825-895406279-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4C7EA454-73CE-95BD-B2D5-74AF5596AA2B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iafkanneejlagjiboj"=hex:63,61,69,64,6f,6c,00,7c

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C7EA454-73CE-95BD-B2D5-74AF5596AA2B}\InProcServer32*]
"mahiglckngfjfgpcfccpgffflg"=hex:6f,62,63,65,64,6d,6a,6f,62,6b,63,69,6b,70,66,
6b,66,6c,65,63,6e,62,62,62,65,70,6c,6b,6d,63,70,65,62,65,61,6d,6b,68,68,6f,\
"mahielhgihhphlifeogmefflaf"=hex:67,61,69,69,65,66,68,6b,6c,66,64,64,6a,6a,00,
6b
"mahielhgihhphlifeogmeffldf"=hex:67,61,65,65,70,67,62,61,6c,67,6b,67,6b,6b,00,
6b
"iahijlcjjoapoceocb"=hex:6b,63,67,69,6c,69,6d,65,6a,69,6c,6e,69,6b,65,64,67,6b,
69,62,6e,64,68,62,6d,66,6a,6b,6f,70,6a,67,64,68,6f,6d,70,69,61,61,68,6b,62,\
"mahiflagofbflmafpanjhpakhe"=hex:62,61,66,65,00,69
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3176)
c:\windows\system32\WININET.dll
c:\windows\system32\SynTPFcs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-06-23 20:32:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-24 03:32
ComboFix2.txt 2010-06-23 01:49

Pre-Run: 60,543,070,208 bytes free
Post-Run: 60,536,008,704 bytes free

- - End Of File - - 722CF735FED85E91C67819C0551E12E9
  • 0

#10
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

Try searching and see if you get redirects now.

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

  • 0

Advertisements


#11
fullofsmerch

fullofsmerch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi mpascal,

I have been using google for the past few days, and it hasn't been redirecting me. Below are the kasp and mbam logs. Thank you so much for all your help!! I will be very hesitant to download anything shady in the future.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, June 25, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, June 24, 2010 15:01:27
Records in database: 4308930
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 136179
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 04:07:34

No threats found. Scanned area is clean.

Selected area has been scanned.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4232

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/23/2010 10:52:56 PM
mbam-log-2010-06-23 (22-52-56).txt

Scan type: Quick scan
Objects scanned: 137289
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#12
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Open up OTL and push the Quickscan button. Post the resulting log here.
  • 0

#13
fullofsmerch

fullofsmerch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL logfile created on: 6/26/2010 12:52:14 AM - Run 2
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Frances Huang\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

734.00 Mb Total Physical Memory | 163.00 Mb Available Physical Memory | 22.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 56.25 Gb Free Space | 50.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRANCESHUANG
Current User Name: Frances Huang
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/21 17:41:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frances Huang\Desktop\OTL.exe
PRC - [2010/06/14 05:16:44 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/14 05:16:35 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/26 11:03:40 | 002,346,192 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010/03/24 20:31:00 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2010/01/28 21:22:16 | 003,427,160 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360.exe
PRC - [2009/12/24 17:02:32 | 001,280,272 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/06/17 15:17:06 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/09/18 18:11:19 | 001,529,856 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/19 02:15:38 | 000,106,496 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/02/19 02:13:28 | 000,438,272 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2007/05/03 13:12:14 | 002,061,816 | ---- | M] (AT&T) -- C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/09/21 20:14:09 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/07/30 08:33:44 | 000,286,720 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/05/26 10:15:42 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/05/22 19:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2002/12/17 11:40:22 | 000,049,152 | R--- | M] () -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe


========== Modules (SafeList) ==========

MOD - [2010/06/21 17:41:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frances Huang\Desktop\OTL.exe
MOD - [2009/12/24 17:02:28 | 000,237,840 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll
MOD - [2008/09/19 08:28:44 | 000,198,144 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/05/26 10:15:36 | 000,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Moypl94cces)
SRV - [2010/03/24 20:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/06/17 15:17:06 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/02/19 02:15:38 | 000,106,496 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2007/11/15 22:36:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/06/17 15:02:04 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/07/28 15:26:30 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/07/28 15:26:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2006/06/11 18:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006/04/21 00:36:10 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/04/21 00:31:15 | 000,642,560 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2004/08/04 01:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/06/28 10:06:26 | 000,061,840 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GTwinUSB.sys -- (GTwinUSB)
DRV - [2004/05/26 10:10:36 | 000,182,720 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/04/29 07:10:00 | 000,274,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/04/29 07:09:00 | 000,292,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/04/27 08:03:00 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2004/04/14 08:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/22 09:27:30 | 001,657,344 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel®
DRV - [2004/03/10 04:40:00 | 000,199,552 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/03/10 04:37:00 | 000,682,624 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/03/10 04:35:00 | 001,041,536 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/12/18 21:14:52 | 000,360,832 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TNET1130.sys -- (TNET1130)
DRV - [2003/11/07 03:45:52 | 000,033,847 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wa301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2003/06/06 12:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 08:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 00:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/01/22 15:23:36 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\zntport.sys -- (zntport)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://berkeley.edu/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:2.6.0.15


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 00:01:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/23 00:25:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/05/29 18:39:24 | 000,000,000 | ---D | M]

[2008/09/07 18:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Mozilla\Extensions
[2010/06/24 23:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Mozilla\Firefox\Profiles\46eexu6j.default\extensions
[2010/05/04 21:30:26 | 000,000,000 | ---D | M] (Swag Bucks Toolbar) -- C:\Documents and Settings\Frances Huang\Application Data\Mozilla\Firefox\Profiles\46eexu6j.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2009/11/15 21:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Mozilla\Firefox\Profiles\46eexu6j.default\extensions\[email protected]
[2010/04/21 12:07:48 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Application Data\Mozilla\Firefox\Profiles\46eexu6j.default\searchplugins\conduit.xml
[2010/06/24 23:17:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/05/06 09:42:04 | 007,260,160 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\libvlc.dll

O1 HOSTS File: ([2010/06/23 20:25:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe ()
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [ISW.exe] C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish....fishActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Frances Huang\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Frances Huang\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/23 22:42:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/22 17:25:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/22 17:20:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/22 17:20:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/22 17:20:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/22 17:20:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/22 17:14:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/21 21:51:26 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Frances Huang\Desktop\TDSSKiller.exe
[2010/06/21 17:41:20 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Frances Huang\Desktop\OTL.exe
[2010/06/21 17:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/21 17:24:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/21 16:58:17 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Frances Huang\Desktop\TFC.exe
[2010/06/21 11:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frances Huang\Application Data\Malwarebytes
[2010/06/21 11:03:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/21 11:02:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/21 11:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/21 11:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/29 18:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frances Huang\Local Settings\Application Data\ESET
[2010/05/29 18:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frances Huang\Application Data\ESET
[2010/05/29 18:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/05/29 18:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/29 18:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/05/27 00:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/05/27 00:18:10 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/27 00:17:20 | 000,098,304 | ---- | C] (Hewlett Packard Company) -- C:\WINDOWS\System32\hpzjsn01.dll
[2010/05/16 12:01:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/16 11:15:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/05/16 11:15:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/05/16 11:15:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/05/16 11:15:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/05/16 11:11:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/05/16 11:02:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/05/16 10:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/05/15 22:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/05/15 22:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frances Huang\Application Data\IObit
[2010/04/21 21:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frances Huang\.CAS
[2010/04/11 14:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frances Huang\Desktop\tutor
[2010/04/09 23:04:21 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Frances Huang\My Documents\My Data Sources
[2010/04/04 11:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

========== Files - Modified Within 90 Days ==========

[2010/06/26 00:29:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/26 00:28:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/26 00:28:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/26 00:28:50 | 770,166,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/25 11:18:35 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Frances Huang\NTUSER.DAT
[2010/06/25 11:18:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Frances Huang\ntuser.ini
[2010/06/23 22:53:13 | 014,421,742 | -H-- | M] () -- C:\Documents and Settings\Frances Huang\Local Settings\Application Data\IconCache.db
[2010/06/23 22:40:42 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\STEP 1.doc
[2010/06/23 22:40:25 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word (2).lnk
[2010/06/23 20:25:35 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/23 20:25:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/23 20:08:24 | 003,719,180 | R--- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\ComboFix.exe
[2010/06/23 00:25:50 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/23 00:25:50 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/22 17:25:59 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/21 21:51:37 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Frances Huang\Desktop\TDSSKiller.exe
[2010/06/21 18:14:00 | 000,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Frances Huang\Desktop\SysRestorePoint.exe
[2010/06/21 17:59:49 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\gmer.exe
[2010/06/21 17:41:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frances Huang\Desktop\OTL.exe
[2010/06/21 17:27:39 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\NTREGOPT.lnk
[2010/06/21 17:27:39 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\ERUNT.lnk
[2010/06/21 16:58:29 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frances Huang\Desktop\TFC.exe
[2010/06/21 11:03:04 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/17 15:47:46 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/12 22:50:55 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\partinggift.doc
[2010/06/12 10:25:10 | 001,673,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 03:19:58 | 000,000,765 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/12 03:18:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 22:24:46 | 366,767,106 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\glee1_22.avi
[2010/05/29 17:50:17 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2010/05/29 17:28:37 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2010/05/27 00:18:49 | 000,110,421 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2010/05/25 13:14:15 | 000,419,840 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\Doc1.doc
[2010/05/21 11:30:00 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\ClerkIISupplementalQues.doc
[2010/05/16 12:04:02 | 000,443,380 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/16 12:04:02 | 000,383,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/16 12:04:02 | 000,053,806 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/16 11:11:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/16 11:08:38 | 000,044,055 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/05/16 10:40:43 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/05/15 22:02:45 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/05/10 22:16:04 | 000,263,680 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\CM2006 Carbonyl Lec8.doc
[2010/05/09 22:17:11 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\Microsoft Word.lnk
[2010/05/02 00:45:34 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/01 17:47:14 | 000,181,510 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\volunteer-application-503HI08.pdf
[2010/05/01 17:47:05 | 000,079,360 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\hepbvolunteer.doc
[2010/05/01 17:20:53 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\Hep-TEV_Training_Application_2010.doc
[2010/05/01 16:19:05 | 002,646,235 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\lancet1965.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/06 01:28:49 | 000,395,855 | ---- | M] () -- C:\Documents and Settings\Frances Huang\Desktop\download.pdf

========== Files Created - No Company Name ==========

[2010/06/23 22:40:41 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\STEP 1.doc
[2010/06/22 17:25:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/22 17:25:53 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/22 17:20:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/22 17:20:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/22 17:20:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/22 17:20:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/22 17:20:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/22 16:57:32 | 003,719,180 | R--- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\ComboFix.exe
[2010/06/21 17:27:39 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\NTREGOPT.lnk
[2010/06/21 17:27:39 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\ERUNT.lnk
[2010/06/21 11:03:04 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/12 22:50:53 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\partinggift.doc
[2010/06/12 16:17:33 | 366,767,106 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\glee1_22.avi
[2010/05/29 17:28:37 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2010/05/27 00:17:41 | 000,000,234 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/05/27 00:17:34 | 000,110,421 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/05/27 00:17:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/05/27 00:17:09 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2010/05/25 13:14:15 | 000,419,840 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\Doc1.doc
[2010/05/21 11:26:27 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\ClerkIISupplementalQues.doc
[2010/05/16 11:09:21 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/16 11:06:12 | 000,044,055 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/05/16 10:40:43 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/05/15 22:02:45 | 000,000,881 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/05/10 22:16:03 | 000,263,680 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\CM2006 Carbonyl Lec8.doc
[2010/05/01 17:47:14 | 000,181,510 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\volunteer-application-503HI08.pdf
[2010/05/01 17:20:53 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\Hep-TEV_Training_Application_2010.doc
[2010/05/01 16:19:05 | 002,646,235 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\lancet1965.pdf
[2010/04/06 22:44:44 | 000,079,360 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\hepbvolunteer.doc
[2010/04/06 01:28:49 | 000,395,855 | ---- | C] () -- C:\Documents and Settings\Frances Huang\Desktop\download.pdf
[2009/03/29 04:17:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/09/01 18:00:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SM2570CI.dll
[2008/09/01 17:59:45 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ml2570ci.dll
[2007/03/09 19:16:18 | 000,333,824 | ---- | C] () -- C:\WINDOWS\System32\dcrawlib.dll
[2007/03/04 04:40:43 | 000,000,752 | ---- | C] () -- C:\WINDOWS\AnimatorDV.INI
[2007/01/06 00:10:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2006/11/17 12:34:40 | 000,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/07/29 14:40:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/29 14:40:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/29 14:40:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/29 14:40:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/29 14:40:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/29 14:40:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/07/05 15:29:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/04/22 15:28:34 | 000,000,129 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2006/03/17 17:21:01 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005/09/09 17:30:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/09/09 17:26:49 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2005/09/04 22:53:06 | 000,002,686 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/09/03 22:09:02 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/07/15 11:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 11:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/15 11:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/04 11:59:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2004/08/07 06:39:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:30:20 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/09 04:22:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/05/03 23:28:08 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/05/03 23:21:40 | 000,000,894 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/05/03 23:09:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/03 23:00:00 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2008/12/20 19:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/07/01 23:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2008/04/23 21:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/05/24 21:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2009/11/18 23:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2010/05/29 18:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/05/16 10:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2007/06/16 17:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NannyMania
[2010/05/16 11:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/20 20:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/07 21:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/12/20 19:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\acccore
[2005/06/16 23:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Aim
[2009/07/01 23:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\AT&T
[2007/06/23 18:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Audacity
[2010/05/15 22:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Azureus
[2009/05/24 21:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\blg
[2009/11/18 23:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\DC++
[2010/05/29 18:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\ESET
[2007/10/06 23:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\fltk.org
[2010/06/17 13:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Fomyu
[2007/08/15 22:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Gamelab
[2005/07/10 21:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\InterVideo
[2010/05/29 17:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\IObit
[2006/03/27 20:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Netscape
[2006/12/25 14:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\NJStar
[2006/01/10 04:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Snapfish
[2008/10/13 02:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Template
[2007/10/06 23:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Third Wish Software and Animation
[2010/05/15 22:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\uTorrent
[2010/06/16 19:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frances Huang\Application Data\Zyab

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5EADA0D
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
  • 0

#14
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Everything looks good, are you having any other problems?
  • 0

#15
fullofsmerch

fullofsmerch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
No, everything seems good! Thanks again for all your help! :)

And just a final question, what is the typical memory usage of Firefox? Say I had a few tabs open, would 100,000 K be reasonable?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP