Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect Virus


  • Please log in to reply

#1
0blivion

0blivion

    New Member

  • Member
  • Pip
  • 4 posts
Hi, I've had this virus for around a month. Its symptoms include redirecting search results from Google to other pages, and redirecting the Google search results page itself, to various pages (ie. I would search for "asdf", the search results would come up, and a few seconds later, the page would automatically, with no input from me, go to a different page).

I've tried a range of fixes including:

Malware Bytes Anti-Malware
HitmanPro35 64-bit
SUPERAntiSpyware
Dr Web anti-virus scanner
IceSword (but this could not run for some reason)
TDSSKiller
Microsoft Essentials
AntiPuper
HiJackThis
KillBox

Note that I have *not* tried defaulting my router DNS settings, as I didn't want to mess with something that my whole household used, when only I was being affected by the virus.

The OTL Log is pasted below:

OTL logfile created on: 4/03/2011 11:39:28 AM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = Z:\000
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 41.25 Gb Free Space | 41.25% Space Free | Partition Type: NTFS
Drive Z: | 831.41 Gb Total Space | 527.85 Gb Free Space | 63.49% Space Free | Partition Type: NTFS

Computer Name: DYLANZHU-PC | User Name: Dylan Zhu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/04 11:38:16 | 000,581,120 | ---- | M] (OldTimer Tools) -- Z:\000\OTL.exe
PRC - [2010/10/09 01:15:18 | 001,541,360 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2010/10/09 01:15:13 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2010/09/22 01:16:17 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/09/22 01:16:17 | 000,230,640 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2010/07/13 01:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/06/04 20:23:16 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/04/22 16:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
PRC - [2009/11/20 22:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/13 17:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2009/09/30 23:02:50 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 23:02:48 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/06 16:51:20 | 000,065,536 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009/08/04 18:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 18:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/06/17 17:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe


========== Modules (SafeList) ==========

MOD - [2011/03/04 11:38:16 | 000,581,120 | ---- | M] (OldTimer Tools) -- Z:\000\OTL.exe
MOD - [2011/01/15 08:09:25 | 000,234,408 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll
MOD - [2010/08/21 16:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/10/28 21:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/10/27 02:51:38 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/30 04:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 12:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/26 15:56:50 | 000,119,296 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2010/10/09 01:15:18 | 001,541,360 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2010/10/09 01:15:13 | 000,163,056 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/09/22 01:16:17 | 000,230,640 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010/07/22 17:45:00 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/04 20:23:16 | 000,097,520 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/13 17:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/09/30 23:02:50 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 23:02:48 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/08/06 16:51:20 | 000,065,536 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009/08/04 18:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/17 17:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/08 20:28:11 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/10/27 04:00:16 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/27 02:14:24 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/10/09 01:15:06 | 000,142,328 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2010/08/25 04:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010/08/25 04:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/25 04:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/07/09 14:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/05/06 20:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/27 12:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/03/22 20:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/26 15:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010/02/26 15:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/02/26 15:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/02/26 15:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010/02/18 05:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/18 05:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/12/22 02:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)
DRV:64bit: - [2009/12/22 02:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV:64bit: - [2009/11/20 22:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 22:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/29 19:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/20 13:27:34 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009/07/14 12:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 12:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 11:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/11 07:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/09 21:06:31 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/05/16 17:54:56 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam.sys -- (WDC_SAM)
DRV:64bit: - [2007/12/03 13:20:54 | 000,024,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN) Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)
DRV:64bit: - [2007/12/03 13:20:54 | 000,024,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)
DRV - [2011/03/04 09:48:41 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/07/13 19:23:22 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010/07/13 19:21:59 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2007/02/08 05:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 7D 70 7B BD BF CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A8 68 DF 01 84 32 AB 4C A3 99 88 E1 FE 53 F2 F9 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/10/12 18:46:11 | 000,421,699 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14539 more lines...
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2 - BHO: (8ab9bc50) - {366D3EC4-734A-CFBA-4289-C50CB5EF8FF7} - File not found
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (8ab9bc50) - {8A6DD9E4-7018-2350-C63C-A82CBB693C5C} - File not found
O2 - BHO: (8ab9bc50) - {9735A4A7-A520-122A-E208-3F51E7F2DAB5} - File not found
O2 - BHO: (8ab9bc50) - {9F418480-11F5-F016-D730-A8A7A14169C5} - File not found
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (8ab9bc50) - {E615221D-4166-4A0B-A773-D125D6EB9E5C} - File not found
O2 - BHO: (8ab9bc50) - {E88E171D-B2CD-4DF4-16AF-B905138703F3} - File not found
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [ares] File not found
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SmartRecovery2_x64\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/03 18:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos Web Intelligence
[2011/03/03 18:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/03/03 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems
[2011/03/03 18:55:12 | 000,035,568 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\SophosBootTasks.exe
[2011/03/03 18:54:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/03 18:53:35 | 000,142,328 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2011/03/03 18:53:35 | 000,025,608 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys
[2011/02/28 21:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/02/28 21:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/02/28 21:23:53 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
[2011/02/28 21:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/02/28 21:21:01 | 000,193,592 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppdcompio.dll
[2011/02/28 21:21:01 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysWow64\hppccompio.dll
[2011/02/28 21:20:59 | 000,318,264 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpbcoins64.dll
[2011/02/28 21:20:59 | 000,245,048 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpbcoins32.dll
[2011/02/28 21:20:55 | 000,000,000 | ---D | C] -- C:\CP1020_Series_Full_Solution
[2011/02/23 14:07:22 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/23 14:07:22 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/23 14:07:21 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/23 14:07:21 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/19 04:46:37 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\Library
[2011/02/19 04:46:37 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\AppData\Roaming\Apple Computer
[2011/02/19 04:46:37 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\AppData\Local\Apple Computer
[2011/02/19 04:46:34 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\Documents\My Books
[2011/02/19 04:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\kinoma
[2011/02/19 04:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reader
[2011/02/19 04:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2011/02/19 04:45:03 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\AppData\Local\Sony Corporation
[2011/02/19 04:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2011/02/19 04:23:56 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\AppData\Local\kinoma
[2011/02/19 03:51:05 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/02/19 02:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\A-PDF
[2011/02/19 02:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A-PDF Image to PDF
[2011/02/19 02:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\A-PDF Image to PDF
[2011/02/17 18:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/02/15 13:57:58 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\AppData\Roaming\Leadertech
[2011/02/15 13:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2011/02/15 13:57:25 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2011/02/15 13:56:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2011/02/15 13:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011/02/15 13:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2011/02/15 13:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/02/15 13:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2011/02/15 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\AppData\Roaming\Logitech
[2011/02/15 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\AppData\Roaming\Logishrd
[2011/02/11 01:00:35 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/02/11 01:00:34 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/02/11 01:00:33 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/02/11 01:00:33 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/02/11 01:00:33 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/02/11 01:00:33 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/02/11 01:00:33 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/02/11 01:00:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/02/11 01:00:33 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/02/11 01:00:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/02/11 01:00:33 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/02/11 01:00:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/11 01:00:19 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/02/11 01:00:18 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/02/11 01:00:18 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/02/11 01:00:18 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/02/11 01:00:12 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011/02/11 01:00:12 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011/02/11 01:00:11 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/02/11 01:00:11 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/02/11 01:00:10 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011/02/11 01:00:10 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/02/11 01:00:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011/02/11 01:00:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/02/11 01:00:08 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/02/11 01:00:07 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/02/11 01:00:07 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/11 00:59:30 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/02/11 00:59:30 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/02/11 00:59:30 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/02/11 00:59:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/02/11 00:59:27 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/11 00:59:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/11 00:59:27 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/07 20:27:27 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\Documents\StarCraft II Public Test
[2010/10/12 19:22:20 | 000,580,096 | ---- | C] (Indigo Rose Corporation) -- C:\Program Files (x86)\uninstall.exe
[2010/05/26 14:33:33 | 003,126,384 | ---- | C] (Uniblue Systems Ltd ) -- C:\Program Files (x86)\registrybooster.exe

========== Files - Modified Within 30 Days ==========

[2011/03/04 11:20:40 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/04 11:20:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/04 11:20:35 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-846594931-988123819-3990201064-1001UA.job
[2011/03/04 11:20:35 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/04 09:55:56 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/04 09:55:56 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/04 09:48:41 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2011/03/04 09:48:22 | 3192,512,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/02 19:54:35 | 000,002,420 | ---- | M] () -- C:\Users\Dylan Zhu\Desktop\Google Chrome.lnk
[2011/03/02 16:47:35 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/02 16:47:35 | 000,630,124 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/02 16:47:35 | 000,111,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/02 15:54:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-846594931-988123819-3990201064-1001Core.job
[2011/02/28 21:23:53 | 000,000,193 | ---- | M] () -- C:\Windows\SysNative\AddPort.ini
[2011/02/20 00:49:05 | 000,417,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/19 04:45:07 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Reader Library.lnk
[2011/02/19 04:43:38 | 032,226,156 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 11.pdf
[2011/02/19 04:42:11 | 030,164,153 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 14.pdf
[2011/02/19 04:39:17 | 031,295,993 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 15.pdf
[2011/02/19 04:37:15 | 028,141,070 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 16.pdf
[2011/02/19 04:34:36 | 037,107,506 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 18.pdf
[2011/02/19 04:30:59 | 033,085,485 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 17.pdf
[2011/02/19 04:29:08 | 022,910,677 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 19.pdf
[2011/02/19 04:26:54 | 054,221,673 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 13.pdf
[2011/02/19 04:26:46 | 030,310,186 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 12.pdf
[2011/02/19 04:26:34 | 036,310,094 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 10.pdf
[2011/02/19 04:26:27 | 031,267,543 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 09.pdf
[2011/02/19 04:26:19 | 032,431,456 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 08.pdf
[2011/02/19 04:26:10 | 034,855,199 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 07.pdf
[2011/02/19 04:26:00 | 031,447,708 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 06.pdf
[2011/02/19 04:25:50 | 031,788,488 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 05.pdf
[2011/02/19 04:25:39 | 037,747,261 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 04.pdf
[2011/02/19 04:25:01 | 091,465,369 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 03.pdf
[2011/02/19 04:24:51 | 090,928,304 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 02.pdf
[2011/02/19 04:24:36 | 048,558,316 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 01.pdf
[2011/02/19 02:43:06 | 048,403,604 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\X-1999 Volume 1 - CLAMP.pdf
[2011/02/15 13:57:25 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2011/02/11 01:10:13 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/02/28 21:23:53 | 000,000,193 | ---- | C] () -- C:\Windows\SysNative\AddPort.ini
[2011/02/28 21:21:00 | 000,129,024 | ---- | C] () -- C:\Windows\SysNative\HPCP1020LM.dll
[2011/02/19 04:45:07 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Reader Library.lnk
[2011/02/19 04:28:43 | 037,107,506 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 18.pdf
[2011/02/19 04:18:03 | 022,910,677 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 19.pdf
[2011/02/19 03:37:24 | 033,085,485 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 17.pdf
[2011/02/19 03:35:48 | 028,141,070 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 16.pdf
[2011/02/19 03:34:11 | 031,295,993 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 15.pdf
[2011/02/19 03:31:42 | 030,164,153 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 14.pdf
[2011/02/19 03:27:12 | 054,221,673 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 13.pdf
[2011/02/19 03:25:11 | 030,310,186 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 12.pdf
[2011/02/19 03:22:59 | 032,226,156 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 11.pdf
[2011/02/19 03:22:17 | 036,310,094 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 10.pdf
[2011/02/19 03:21:20 | 031,267,543 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 09.pdf
[2011/02/19 03:20:22 | 032,431,456 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 08.pdf
[2011/02/19 03:18:56 | 034,855,199 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 07.pdf
[2011/02/19 03:17:34 | 031,447,708 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 06.pdf
[2011/02/19 03:11:24 | 031,788,488 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 05.pdf
[2011/02/19 02:57:10 | 037,747,261 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 04.pdf
[2011/02/19 02:56:11 | 091,465,369 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 03.pdf
[2011/02/19 02:54:31 | 090,928,304 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 02.pdf
[2011/02/19 02:44:42 | 048,558,316 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 01.pdf
[2011/02/19 02:43:05 | 048,403,604 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\X-1999 Volume 1 - CLAMP.pdf
[2011/01/04 02:06:44 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/30 00:04:46 | 000,000,156 | -HS- | C] () -- C:\ProgramData\714783829
[2010/12/30 00:04:44 | 000,001,185 | ---- | C] () -- C:\ProgramData\179345273
[2010/12/30 00:04:10 | 000,000,165 | ---- | C] () -- C:\ProgramData\sl1266364103
[2010/12/30 00:03:54 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/17 18:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/07/29 22:59:15 | 000,000,556 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/07/13 04:45:16 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010/07/13 02:59:37 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\CommCmd.dll
[2010/07/13 02:54:06 | 000,065,536 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2010/07/13 02:20:13 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/07/13 02:12:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/08/27 18:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 16:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 13:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 13:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 11:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

The OTL Extra Logfile is as follows:

OTL Extras logfile created on: 4/03/2011 11:39:28 AM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = Z:\000
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 41.25 Gb Free Space | 41.25% Space Free | Partition Type: NTFS
Drive Z: | 831.41 Gb Total Space | 527.85 Gb Free Space | 63.49% Space Free | Partition Type: NTFS

Computer Name: DYLANZHU-PC | User Name: Dylan Zhu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0915-000001000000}" = 7-Zip 9.15 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B55F339-396E-29A9-B6D0-24B6D251C90A}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4FBB2E98-1A3B-396A-A662-73E17009C076}" = ATI Catalyst Install Manager
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0012-0000-1000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D2CBDAE4-0D71-4A61-A565-CA8A26026C6C}" = WD Drive Manager (x64)
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{ED066E02-C49A-D5D9-7ACD-1014EB7571D1}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.STANDARD" = Microsoft Office Standard 2010
"sp6" = Logitech SetPoint 6.20
"WinRAR archiver" = WinRAR 4.00 beta 4 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 23
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.0422.1
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0528.1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B681A3B-C924-23F9-AAD0-9FB1715C763A}" = Catalyst Control Center InstallProxy
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{96ED9087-7A6A-22A9-135F-901AF77474AC}" = ccc-core-static
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan LiDE 500F
"{BC1FA5CF-A36F-4C61-9638-09D0B431B006}" = Smart Recovery 2 B10.0708.1 (x64)
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6E6B1D1-EC88-7270-3819-AA924908CFDA}" = Catalyst Control Center Graphics Previews Vista
"{C7027BD9-C90F-79C7-8CFF-8F32E2806631}" = CCC Help English
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B09.1119.01
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}" = HP LaserJet Professional CP1020 Series
"{F5F1B66A-F117-427C-98C7-D4732F49BEBF}" = NavDesk 2009
"{F8365857-3233-E29E-65C6-6C0AB4F99622}" = Catalyst Control Center Graphics Previews Common
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"A-PDF Image to PDF_is1" = A-PDF Image Converter Pro
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Foxit PDF Editor" = Foxit PDF Editor
"Free Download Manager_is1" = Free Download Manager 3.0
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.12
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.2
"Messenger Plus! Live" = Messenger Plus! Live
"Nokia PC Suite" = Nokia PC Suite
"quicktime_lite_is1" = QT Lite 4.0.0
"RealAlt_is1" = Real Alternative 2.0.2 Lite
"Revo Uninstaller" = Revo Uninstaller 1.91
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/02/2011 5:31:43 AM | Computer Name = DylanZhu-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 1/03/2011 11:48:55 PM | Computer Name = DylanZhu-PC | Source = VSS | ID = 8194
Description =

Error - 2/03/2011 3:47:24 AM | Computer Name = DylanZhu-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/03/2011 3:48:00 AM | Computer Name = DylanZhu-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/03/2011 3:53:54 AM | Computer Name = DylanZhu-PC | Source = Sophos Anti-Virus | ID = 131073
Description = No versions of component 'MessageResDSFactory' are registered. MessageResDSFactory
cannot be returned.

Error - 3/03/2011 3:53:54 AM | Computer Name = DylanZhu-PC | Source = Sophos Anti-Virus | ID = 131073
Description = No versions of component 'MessageResDSFactory' are registered. MessageResDSFactory
cannot be returned.

Error - 3/03/2011 4:21:18 AM | Computer Name = DylanZhu-PC | Source = VSS | ID = 8194
Description =

Error - 3/03/2011 7:18:44 PM | Computer Name = DylanZhu-PC | Source = VSS | ID = 8194
Description =

Error - 3/03/2011 7:20:17 PM | Computer Name = DylanZhu-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/03/2011 7:20:55 PM | Computer Name = DylanZhu-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 2/03/2011 10:06:31 PM | Computer Name = DylanZhu-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 2/03/2011 10:08:00 PM | Computer Name = DylanZhu-PC | Source = Service Control Manager | ID = 7030
Description = The Sophos AutoUpdate Service service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.

Error - 2/03/2011 10:13:23 PM | Computer Name = DylanZhu-PC | Source = bowser | ID = 8003
Description =

Error - 3/03/2011 3:51:34 AM | Computer Name = DylanZhu-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 3/03/2011 3:55:11 AM | Computer Name = DylanZhu-PC | Source = bowser | ID = 8003
Description =

Error - 3/03/2011 4:23:20 AM | Computer Name = DylanZhu-PC | Source = bowser | ID = 8003
Description =

Error - 3/03/2011 7:48:36 AM | Computer Name = DylanZhu-PC | Source = bowser | ID = 8003
Description =

Error - 3/03/2011 6:48:54 PM | Computer Name = DylanZhu-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 3/03/2011 6:58:49 PM | Computer Name = DylanZhu-PC | Source = bowser | ID = 8003
Description =

Error - 3/03/2011 8:22:59 PM | Computer Name = DylanZhu-PC | Source = bowser | ID = 8003
Description =


< End of report >

Any help would be greatly appreciated, thanks.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,711 posts
  • MVP
You are running two anti-viruses, Sophos & MSSE. You need to remove one since they fight each other.

Copy the text in the code box by highlighting and Ctrl + c

:Services
BCUService

:OTL
SRV - [2009/08/04 18:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A8 68 DF 01 84 32 AB 4C A3 99 88 E1 FE 53 F2 F9 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
O2 - BHO: (8ab9bc50) - {366D3EC4-734A-CFBA-4289-C50CB5EF8FF7} - File not found
O2 - BHO: (8ab9bc50) - {8A6DD9E4-7018-2350-C63C-A82CBB693C5C} - File not found
O2 - BHO: (8ab9bc50) - {9735A4A7-A520-122A-E208-3F51E7F2DAB5} - File not found
O2 - BHO: (8ab9bc50) - {9F418480-11F5-F016-D730-A8A7A14169C5} - File not found
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (8ab9bc50) - {E615221D-4166-4A0B-A773-D125D6EB9E5C} - File not found
O2 - BHO: (8ab9bc50) - {E88E171D-B2CD-4DF4-16AF-B905138703F3} - File not found
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKCU..\Run: [ares] File not found
[2010/12/30 00:04:46 | 000,000,156 | -HS- | C] () -- C:\ProgramData\714783829
[2010/12/30 00:04:44 | 000,001,185 | ---- | C] () -- C:\ProgramData\179345273
[2010/12/30 00:04:10 | 000,000,165 | ---- | C] () -- C:\ProgramData\sl1266364103
[2010/12/30 00:03:54 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe

:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

then run OTL (Right click and Run as Administrator) and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again (Right click and Run as Administrator) and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Use IE or Firefoxa but right click and Run As Administrator then go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Also do the bitdefender quickscan using the same browser. Please close all other programs.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

Start, All Programs, Accessories, then right click on Command Prompt and Run As Administrator
sfc /scannow

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

sigverif

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

Any better?

Ron
  • 0

#3
0blivion

0blivion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi RKinner!

Thanks for replying. I've uninstalled MSE and am sticking to Sophos as my antivirus.

Also, very sorry for the late reply, I think I'm on the opposite side of the earth (Sydney, Australia actually), so got back at 7pm my time, and I've been running the scans till now. All done and I've included all the log files below.

Hopefully I haven't included too many log files and whatnot in the one reply; thought I'd keep them in one place. Again, thanks so much for helping; nothing else I've tried has had any effect.

[EDIT] I've been surfing for the past hour or so now, googling various terms, especially anti-virus related ones and so far, no redirects, no random url hopping, so it seems to be all good! =D Again, thank you so much for fixing this! =D

Anyways, onto the log files, in the order that you listed the scans:

Here's the log from OTL after running the Custom Fix:


All processes killed
========== SERVICES/DRIVERS ==========
Service BCUService stopped successfully!
Service BCUService deleted successfully!
========== OTL ==========
Error: No service named BCUService was found to stop!
Service\Driver key BCUService not found.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\ deleted successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{366D3EC4-734A-CFBA-4289-C50CB5EF8FF7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{366D3EC4-734A-CFBA-4289-C50CB5EF8FF7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A6DD9E4-7018-2350-C63C-A82CBB693C5C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A6DD9E4-7018-2350-C63C-A82CBB693C5C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9735A4A7-A520-122A-E208-3F51E7F2DAB5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9735A4A7-A520-122A-E208-3F51E7F2DAB5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F418480-11F5-F016-D730-A8A7A14169C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F418480-11F5-F016-D730-A8A7A14169C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ deleted successfully.
C:\Program Files (x86)\Free Download Manager\iefdm2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E615221D-4166-4A0B-A773-D125D6EB9E5C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E615221D-4166-4A0B-A773-D125D6EB9E5C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E88E171D-B2CD-4DF4-16AF-B905138703F3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E88E171D-B2CD-4DF4-16AF-B905138703F3}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BCU deleted successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ares deleted successfully.
C:\ProgramData\714783829 moved successfully.
C:\ProgramData\179345273 moved successfully.
C:\ProgramData\sl1266364103 moved successfully.
C:\ProgramData\unrar.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dylan Zhu
->Temp folder emptied: 115745867 bytes
->Temporary Internet Files folder emptied: 44859482 bytes
->Java cache emptied: 7218239 bytes
->Google Chrome cache emptied: 327638480 bytes
->Flash cache emptied: 51743 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5479907 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 8131589354 bytes

Total Files Cleaned = 8,233.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 03052011_195111

Files\Folders moved on Reboot...
C:\Users\Dylan Zhu\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Here's the log files after Running the Scan with "All" checked in the "Extra Registries" field:

Logfile



OTL logfile created on: 5/03/2011 8:00:39 PM - Run 2
OTL by OldTimer - Version 3.2.22.2 Folder = Z:\000
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 42.79 Gb Free Space | 42.79% Space Free | Partition Type: NTFS
Drive Z: | 831.41 Gb Total Space | 535.42 Gb Free Space | 64.40% Space Free | Partition Type: NTFS

Computer Name: DYLANZHU-PC | User Name: Dylan Zhu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/04 11:38:16 | 000,581,120 | ---- | M] (OldTimer Tools) -- Z:\000\OTL.exe
PRC - [2010/10/09 01:15:18 | 001,541,360 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2010/10/09 01:15:13 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2010/09/22 01:16:17 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/09/22 01:16:17 | 000,230,640 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2010/07/13 01:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/06/04 20:23:16 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/04/22 16:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
PRC - [2009/11/20 22:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/13 17:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2009/09/30 23:02:50 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 23:02:48 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/06 16:51:20 | 000,065,536 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009/06/17 17:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe


========== Modules (SafeList) ==========

MOD - [2011/03/04 11:38:16 | 000,581,120 | ---- | M] (OldTimer Tools) -- Z:\000\OTL.exe
MOD - [2011/01/15 08:09:25 | 000,234,408 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll
MOD - [2010/08/21 16:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/28 21:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/10/27 02:51:38 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/30 04:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 12:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/26 15:56:50 | 000,119,296 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2010/10/09 01:15:18 | 001,541,360 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2010/10/09 01:15:13 | 000,163,056 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/09/22 01:16:17 | 000,230,640 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010/07/22 17:45:00 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/04 20:23:16 | 000,097,520 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/13 17:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/09/30 23:02:50 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 23:02:48 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/08/06 16:51:20 | 000,065,536 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009/06/17 17:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/08 20:28:11 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/10/27 04:00:16 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/27 02:14:24 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/10/09 01:15:06 | 000,142,328 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2010/08/25 04:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010/08/25 04:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/25 04:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/07/09 14:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/05/06 20:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/27 12:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/03/22 20:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/26 15:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010/02/26 15:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/02/26 15:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/02/26 15:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010/02/18 05:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/18 05:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/12/22 02:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)
DRV:64bit: - [2009/12/22 02:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV:64bit: - [2009/11/20 22:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 22:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/29 19:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/20 13:27:34 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009/07/14 12:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 12:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 11:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/11 07:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/09 21:06:31 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/05/16 17:54:56 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam.sys -- (WDC_SAM)
DRV:64bit: - [2007/12/03 13:20:54 | 000,024,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN) Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)
DRV:64bit: - [2007/12/03 13:20:54 | 000,024,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)
DRV - [2011/03/05 19:55:52 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/07/13 19:23:22 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010/07/13 19:21:59 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2007/02/08 05:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 8F 2C 7B 13 DB CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/03/05 19:51:16 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SmartRecovery2_x64\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/03 18:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos Web Intelligence
[2011/03/03 18:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/03/03 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems
[2011/03/03 18:55:12 | 000,035,568 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\SophosBootTasks.exe
[2011/03/03 18:53:35 | 000,142,328 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2011/03/03 18:53:35 | 000,025,608 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys
[2011/02/28 21:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/02/28 21:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/02/28 21:23:53 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
[2011/02/28 21:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/02/28 21:21:01 | 000,193,592 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppdcompio.dll
[2011/02/28 21:21:01 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysWow64\hppccompio.dll
[2011/02/28 21:20:59 | 000,318,264 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpbcoins64.dll
[2011/02/28 21:20:59 | 000,245,048 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpbcoins32.dll
[2011/02/28 21:20:55 | 000,000,000 | ---D | C] -- C:\CP1020_Series_Full_Solution
[2011/02/23 14:07:22 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/23 14:07:22 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/23 14:07:21 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/23 14:07:21 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/19 04:46:37 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\Library
[2011/02/19 04:46:37 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\AppData\Roaming\Apple Computer
[2011/02/19 04:46:37 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\AppData\Local\Apple Computer
[2011/02/19 04:46:34 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\Documents\My Books
[2011/02/19 04:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\kinoma
[2011/02/19 04:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reader
[2011/02/19 04:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2011/02/19 04:45:03 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\AppData\Local\Sony Corporation
[2011/02/19 04:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2011/02/19 04:23:56 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\AppData\Local\kinoma
[2011/02/19 03:51:05 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/02/19 02:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\A-PDF
[2011/02/19 02:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A-PDF Image to PDF
[2011/02/19 02:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\A-PDF Image to PDF
[2011/02/17 18:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/02/15 13:57:58 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\AppData\Roaming\Leadertech
[2011/02/15 13:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2011/02/15 13:57:25 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2011/02/15 13:56:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2011/02/15 13:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011/02/15 13:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2011/02/15 13:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/02/15 13:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2011/02/15 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\AppData\Roaming\Logitech
[2011/02/15 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\AppData\Roaming\Logishrd
[2011/02/11 01:00:35 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/02/11 01:00:34 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/02/11 01:00:33 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/02/11 01:00:33 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/02/11 01:00:33 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/02/11 01:00:33 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/02/11 01:00:33 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/02/11 01:00:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/02/11 01:00:33 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/02/11 01:00:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/02/11 01:00:33 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/02/11 01:00:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/11 01:00:19 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/02/11 01:00:18 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/02/11 01:00:18 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/02/11 01:00:18 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/02/11 01:00:12 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011/02/11 01:00:12 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011/02/11 01:00:11 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/02/11 01:00:11 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/02/11 01:00:10 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011/02/11 01:00:10 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/02/11 01:00:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011/02/11 01:00:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/02/11 01:00:08 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/02/11 01:00:07 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/02/11 01:00:07 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/11 00:59:30 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/02/11 00:59:30 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/02/11 00:59:30 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/02/11 00:59:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/02/11 00:59:27 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/11 00:59:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/11 00:59:27 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/07 20:27:27 | 000,000,000 | ---D | C] -- C:\Users\Dylan Zhu\Documents\StarCraft II Public Test
[2010/10/12 19:22:20 | 000,580,096 | ---- | C] (Indigo Rose Corporation) -- C:\Program Files (x86)\uninstall.exe
[2010/05/26 14:33:33 | 003,126,384 | ---- | C] (Uniblue Systems Ltd ) -- C:\Program Files (x86)\registrybooster.exe

========== Files - Modified Within 30 Days ==========

[2011/03/05 20:03:04 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 20:03:04 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 19:56:18 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/05 19:55:52 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2011/03/05 19:55:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/05 19:55:38 | 3192,512,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/05 19:54:05 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-846594931-988123819-3990201064-1001UA.job
[2011/03/05 19:51:16 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/03/05 19:50:03 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/03/05 19:49:51 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/05 19:49:51 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/05 01:07:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/04 15:54:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-846594931-988123819-3990201064-1001Core.job
[2011/03/02 19:54:35 | 000,002,420 | ---- | M] () -- C:\Users\Dylan Zhu\Desktop\Google Chrome.lnk
[2011/03/02 16:47:35 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/28 21:23:53 | 000,000,193 | ---- | M] () -- C:\Windows\SysNative\AddPort.ini
[2011/02/20 00:49:05 | 000,417,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/19 04:45:07 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Reader Library.lnk
[2011/02/19 04:43:38 | 032,226,156 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 11.pdf
[2011/02/19 04:42:11 | 030,164,153 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 14.pdf
[2011/02/19 04:39:17 | 031,295,993 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 15.pdf
[2011/02/19 04:37:15 | 028,141,070 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 16.pdf
[2011/02/19 04:34:36 | 037,107,506 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 18.pdf
[2011/02/19 04:30:59 | 033,085,485 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 17.pdf
[2011/02/19 04:29:08 | 022,910,677 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 19.pdf
[2011/02/19 04:26:54 | 054,221,673 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 13.pdf
[2011/02/19 04:26:46 | 030,310,186 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 12.pdf
[2011/02/19 04:26:34 | 036,310,094 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 10.pdf
[2011/02/19 04:26:27 | 031,267,543 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 09.pdf
[2011/02/19 04:26:19 | 032,431,456 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 08.pdf
[2011/02/19 04:26:10 | 034,855,199 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 07.pdf
[2011/02/19 04:26:00 | 031,447,708 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 06.pdf
[2011/02/19 04:25:50 | 031,788,488 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 05.pdf
[2011/02/19 04:25:39 | 037,747,261 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 04.pdf
[2011/02/19 04:25:01 | 091,465,369 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 03.pdf
[2011/02/19 04:24:51 | 090,928,304 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 02.pdf
[2011/02/19 04:24:36 | 048,558,316 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 01.pdf
[2011/02/19 02:43:06 | 048,403,604 | ---- | M] () -- C:\Users\Dylan Zhu\Documents\X-1999 Volume 1 - CLAMP.pdf
[2011/02/15 13:57:25 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2011/02/11 01:10:13 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/02/28 21:23:53 | 000,000,193 | ---- | C] () -- C:\Windows\SysNative\AddPort.ini
[2011/02/28 21:21:00 | 000,129,024 | ---- | C] () -- C:\Windows\SysNative\HPCP1020LM.dll
[2011/02/19 04:45:07 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Reader Library.lnk
[2011/02/19 04:28:43 | 037,107,506 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 18.pdf
[2011/02/19 04:18:03 | 022,910,677 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 19.pdf
[2011/02/19 03:37:24 | 033,085,485 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 17.pdf
[2011/02/19 03:35:48 | 028,141,070 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 16.pdf
[2011/02/19 03:34:11 | 031,295,993 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 15.pdf
[2011/02/19 03:31:42 | 030,164,153 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 14.pdf
[2011/02/19 03:27:12 | 054,221,673 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 13.pdf
[2011/02/19 03:25:11 | 030,310,186 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 12.pdf
[2011/02/19 03:22:59 | 032,226,156 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 11.pdf
[2011/02/19 03:22:17 | 036,310,094 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 10.pdf
[2011/02/19 03:21:20 | 031,267,543 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 09.pdf
[2011/02/19 03:20:22 | 032,431,456 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 08.pdf
[2011/02/19 03:18:56 | 034,855,199 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 07.pdf
[2011/02/19 03:17:34 | 031,447,708 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 06.pdf
[2011/02/19 03:11:24 | 031,788,488 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 05.pdf
[2011/02/19 02:57:10 | 037,747,261 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 04.pdf
[2011/02/19 02:56:11 | 091,465,369 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 03.pdf
[2011/02/19 02:54:31 | 090,928,304 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 02.pdf
[2011/02/19 02:44:42 | 048,558,316 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\CLAMP - X1999 Volume 01.pdf
[2011/02/19 02:43:05 | 048,403,604 | ---- | C] () -- C:\Users\Dylan Zhu\Documents\X-1999 Volume 1 - CLAMP.pdf
[2011/01/04 02:06:44 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/17 18:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/07/29 22:59:15 | 000,000,556 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/07/13 04:45:16 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010/07/13 02:59:37 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\CommCmd.dll
[2010/07/13 02:54:06 | 000,065,536 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2010/07/13 02:20:13 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/07/13 02:12:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/08/27 18:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 16:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 13:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 13:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 11:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

Extras Logfile


OTL Extras logfile created on: 5/03/2011 8:00:39 PM - Run 2
OTL by OldTimer - Version 3.2.22.2 Folder = Z:\000
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 42.79 Gb Free Space | 42.79% Space Free | Partition Type: NTFS
Drive Z: | 831.41 Gb Total Space | 535.42 Gb Free Space | 64.40% Space Free | Partition Type: NTFS

Computer Name: DYLANZHU-PC | User Name: Dylan Zhu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Dylan Zhu\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0915-000001000000}" = 7-Zip 9.15 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B55F339-396E-29A9-B6D0-24B6D251C90A}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4FBB2E98-1A3B-396A-A662-73E17009C076}" = ATI Catalyst Install Manager
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0012-0000-1000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D2CBDAE4-0D71-4A61-A565-CA8A26026C6C}" = WD Drive Manager (x64)
"{ED066E02-C49A-D5D9-7ACD-1014EB7571D1}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.STANDARD" = Microsoft Office Standard 2010
"sp6" = Logitech SetPoint 6.20
"WinRAR archiver" = WinRAR 4.00 beta 4 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 23
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.0422.1
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0528.1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B681A3B-C924-23F9-AAD0-9FB1715C763A}" = Catalyst Control Center InstallProxy
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{96ED9087-7A6A-22A9-135F-901AF77474AC}" = ccc-core-static
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan LiDE 500F
"{BC1FA5CF-A36F-4C61-9638-09D0B431B006}" = Smart Recovery 2 B10.0708.1 (x64)
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6E6B1D1-EC88-7270-3819-AA924908CFDA}" = Catalyst Control Center Graphics Previews Vista
"{C7027BD9-C90F-79C7-8CFF-8F32E2806631}" = CCC Help English
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B09.1119.01
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}" = HP LaserJet Professional CP1020 Series
"{F5F1B66A-F117-427C-98C7-D4732F49BEBF}" = NavDesk 2009
"{F8365857-3233-E29E-65C6-6C0AB4F99622}" = Catalyst Control Center Graphics Previews Common
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"A-PDF Image to PDF_is1" = A-PDF Image Converter Pro
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Foxit PDF Editor" = Foxit PDF Editor
"Free Download Manager_is1" = Free Download Manager 3.0
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.12
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.2
"Messenger Plus! Live" = Messenger Plus! Live
"Nokia PC Suite" = Nokia PC Suite
"quicktime_lite_is1" = QT Lite 4.0.0
"RealAlt_is1" = Real Alternative 2.0.2 Lite
"Revo Uninstaller" = Revo Uninstaller 1.91
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/02/2011 5:31:43 AM | Computer Name = DylanZhu-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 1/03/2011 11:48:55 PM | Computer Name = DylanZhu-PC | Source = VSS | ID = 8194
Description =

Error - 2/03/2011 3:47:24 AM | Computer Name = DylanZhu-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/03/2011 3:48:00 AM | Computer Name = DylanZhu-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/03/2011 3:53:54 AM | Computer Name = DylanZhu-PC | Source = Sophos Anti-Virus | ID = 131073
Description = No versions of component 'MessageResDSFactory' are registered. MessageResDSFactory
cannot be returned.

Error - 3/03/2011 3:53:54 AM | Computer Name = DylanZhu-PC | Source = Sophos Anti-Virus | ID = 131073
Description = No versions of component 'MessageResDSFactory' are registered. MessageResDSFactory
cannot be returned.

Error - 3/03/2011 4:21:18 AM | Computer Name = DylanZhu-PC | Source = VSS | ID = 8194
Description =

Error - 3/03/2011 7:18:44 PM | Computer Name = DylanZhu-PC | Source = VSS | ID = 8194
Description =

Error - 3/03/2011 7:20:17 PM | Computer Name = DylanZhu-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/03/2011 7:20:55 PM | Computer Name = DylanZhu-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 3/03/2011 8:22:59 PM | Computer Name = DylanZhu-PC | Source = bowser | ID = 8003
Description =

Error - 4/03/2011 12:01:39 AM | Computer Name = DylanZhu-PC | Source = bowser | ID = 8003
Description =

Error - 4/03/2011 2:38:47 AM | Computer Name = DylanZhu-PC | Source = bowser | ID = 8003
Description =

Error - 4/03/2011 8:34:53 AM | Computer Name = DylanZhu-PC | Source = bowser | ID = 8003
Description =

Error - 5/03/2011 4:39:08 AM | Computer Name = DylanZhu-PC | Source = Microsoft Antimalware | ID = 3002
Description =

Error - 5/03/2011 4:40:32 AM | Computer Name = DylanZhu-PC | Source = bowser | ID = 8003
Description =

Error - 5/03/2011 4:49:54 AM | Computer Name = DylanZhu-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138
(Definition 1.99.652.0).

Error - 5/03/2011 4:51:11 AM | Computer Name = DylanZhu-PC | Source = SAVOnAccess | ID = 3997733
Description = Driver threads still active when driver is being shutdown.

Error - 5/03/2011 4:51:11 AM | Computer Name = DylanZhu-PC | Source = Service Control Manager | ID = 7034
Description = The Sophos Anti-Virus service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/03/2011 5:04:31 AM | Computer Name = DylanZhu-PC | Source = bowser | ID = 8003
Description =


< End of report >

This is the report from ESET Online Scanner (Edit while the scan is happening - it's currently at a total scan time of 1hr 50mins, sorry for the late reply):

List of Threats Found:


C:\Program Files (x86)\registrybooster.exe a variant of Win32/RegistryBooster application deleted - quarantined
C:\Users\Dylan Zhu\AppData\Local\Google\Chrome\User Data\Default\Default\ikaonocdmddcmblbpiofolfjhnijafap\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Dylan Zhu\DoctorWeb\Quarantine\182a03d0-42832a40 multiple threats deleted - quarantined
C:\Users\Dylan Zhu\DoctorWeb\Quarantine\2c9ba28b-11506640 multiple threats deleted - quarantined
C:\Users\Dylan Zhu\DoctorWeb\Quarantine\577b1c34-658a31a0 multiple threats deleted - quarantined
C:\Users\Dylan Zhu\DoctorWeb\Quarantine\63dff933-583a7b70 probably a variant of Win32/Agent.CDGQEWH trojan cleaned by deleting - quarantined
C:\Users\Dylan Zhu\DoctorWeb\Quarantine\ca82234-7ea74d50 probably a variant of Win32/Agent.ZVRMM trojan cleaned by deleting - quarantined
Z:\000\Games\PC\Supreme Commander 2 v1.13 (Update 9)\Supreme Commander 2.rar a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
Z:\000\Games\PC\Warhammer_40000_Dawn_of_War_2-rFORCE\rforce-warhammer-dow2.rar probably a variant of Win32/Spy.Agent.FNZKMBC trojan deleted - quarantined
Z:\000\Mass Effect 2 No-CD patch\Mass Effect 2 No-CD Patch.rar probably a variant of Win32/Injector.BHN trojan deleted - quarantined
Z:\001\MsgPlusLive-484.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined
Z:\001\Other\Utilities\Installers\MsgPlusLive-460.exe a variant of Win32/Adware.CiDHelp application cleaned by deleting - quarantined
Z:\001\Other\Utilities\Installers\MsgPlusLive-479b.exe a variant of Win32/Adware.CiDHelp application cleaned by deleting - quarantined

ESETS Online Scanner Log File:


[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-05 11:56:06
# local_time=2011-03-05 10:56:06 (+1000, AUS Eastern Daylight Time)
# country="Australia"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 5405431 50951797 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=8449 16775165 50 96 0 111752981 0 0
# scanned=188924
# found=13
# cleaned=13
# scan_time=7818
C:\Program Files (x86)\registrybooster.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Dylan Zhu\AppData\Local\Google\Chrome\User Data\Default\Default\ikaonocdmddcmblbpiofolfjhnijafap\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Dylan Zhu\DoctorWeb\Quarantine\182a03d0-42832a40 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Dylan Zhu\DoctorWeb\Quarantine\2c9ba28b-11506640 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Dylan Zhu\DoctorWeb\Quarantine\577b1c34-658a31a0 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Dylan Zhu\DoctorWeb\Quarantine\63dff933-583a7b70 probably a variant of Win32/Agent.CDGQEWH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Dylan Zhu\DoctorWeb\Quarantine\ca82234-7ea74d50 probably a variant of Win32/Agent.ZVRMM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Z:\000\Games\PC\Supreme Commander 2 v1.13 (Update 9)\Supreme Commander 2.rar a variant of Win32/Packed.VMProtect.AAA trojan (deleted - quarantined) 00000000000000000000000000000000 C
Z:\000\Games\PC\Warhammer_40000_Dawn_of_War_2-rFORCE\rforce-warhammer-dow2.rar probably a variant of Win32/Spy.Agent.FNZKMBC trojan (deleted - quarantined) 00000000000000000000000000000000 C
Z:\000\Mass Effect 2 No-CD patch\Mass Effect 2 No-CD Patch.rar probably a variant of Win32/Injector.BHN trojan (deleted - quarantined) 00000000000000000000000000000000 C
Z:\001\MsgPlusLive-484.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Z:\001\Other\Utilities\Installers\MsgPlusLive-460.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Z:\001\Other\Utilities\Installers\MsgPlusLive-479b.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Log from quickscan.bitdefender:

QuickScan Beta 64-bit v0.9.9.77
-------------------------------
Scan date: Sat Mar 05 23:04:16 2011
Machine ID: FACAEC05



No infection found.
-------------------



Processes
---------
(unsigned) Catalyst Control Centre 2600 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(unsigned) Catalyst Control Centre 3704 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(unsigned) Smart Recovery 2 2396 C:\Program Files\GIGABYTE\SmartRecovery2_x64\RPMDaemon.exe
(unsigned) Smart TimeLock 1308 C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(unsigned) Smart TimeLock 1772 C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(unsigned) USB 3.0 Monitor 3672 C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(unsigned) WD Drive Manager 2068 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
(unsigned) WD Drive Manager 3800 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
(unsigned) XSrvSetup.exe 1924 C:\Windows\SysWOW64\XSrvSetup.exe

(verified) AMD External Events 1184 C:\Windows\System32\atieclxx.exe
(verified) AMD External Events 900 C:\Windows\System32\atiesrxx.exe
(verified) Core Service 1796 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(verified) des2svr.exe 1828 C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(verified) Intel® Active Management Technology L 2044 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(verified) Intel® Management & Security Applicat 5232 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(verified) Java™ Platform SE Auto Updater 2 0 3712 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) Logitech SetPoint 3760 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(verified) Logitech SetPoint 3404 C:\Program Files\Logitech\SetPointP\SetPoint.exe
(verified) Microsoft® CoReXT 2104 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(verified) Microsoft® CoReXT 2156 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(verified) Microsoft® Windows® Operating System 3140 C:\Program Files\Windows Media Player\wmpnetwk.exe
(verified) Microsoft® Windows® Operating System 3004 C:\Windows\explorer.exe
(verified) Microsoft® Windows® Operating System 444 C:\Windows\System32\csrss.exe
(verified) Microsoft® Windows® Operating System 532 C:\Windows\System32\csrss.exe
(verified) Microsoft® Windows® Operating System 4732 C:\Windows\System32\dllhost.exe
(verified) Microsoft® Windows® Operating System 2928 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 592 C:\Windows\System32\lsass.exe
(verified) Microsoft® Windows® Operating System 600 C:\Windows\System32\lsm.exe
(verified) Microsoft® Windows® Operating System 568 C:\Windows\System32\services.exe
(verified) Microsoft® Windows® Operating System 300 C:\Windows\System32\smss.exe
(verified) Microsoft® Windows® Operating System 1652 C:\Windows\System32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 1688 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2548 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 320 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 756 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 840 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 960 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 3684 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1000 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1036 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1536 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 5740 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 4552 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1888 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1984 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2640 C:\Windows\System32\taskeng.exe
(verified) Microsoft® Windows® Operating System 1672 C:\Windows\System32\taskhost.exe
(verified) Microsoft® Windows® Operating System 2764 C:\Windows\System32\taskhost.exe
(verified) Microsoft® Windows® Operating System 2124 C:\Windows\System32\VSSVC.exe
(verified) Microsoft® Windows® Operating System 512 C:\Windows\System32\wininit.exe
(verified) Microsoft® Windows® Operating System 688 C:\Windows\System32\winlogon.exe
(verified) NeroUpdate 2700 C:\Program Files (x86)\Nero\Update\NASvc.exe
(verified) Reader Library Launcher 3820 C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
(verified) Realtek HD Audio Manager 3396 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(verified) Sophos Anti-Virus 1484 C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(verified) Sophos Anti-Virus 1152 C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(verified) Sophos Anti-Virus 1292 C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(verified) Sophos AutoUpdate 3828 C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(verified) Sophos AutoUpdate 1020 C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(verified) Windows® Internet Explorer 2540 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 4716 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Search 3176 C:\Windows\System32\SearchIndexer.exe


Network activity
----------------
Process iexplore.exe (2540) connected on port 80 (HTTP) --> 66.102.11.100
Process iexplore.exe (2540) connected on port 80 (HTTP) --> 202.7.177.16
Process iexplore.exe (2540) connected on port 80 (HTTP) --> 202.7.177.11
Process iexplore.exe (2540) connected on port 80 (HTTP) --> 66.220.149.25
Process iexplore.exe (2540) connected on port 80 (HTTP) --> 202.7.177.35
Process iexplore.exe (2540) connected on port 80 (HTTP) --> 202.7.177.35
Process iexplore.exe (2540) connected on port 80 (HTTP) --> 202.7.177.24

Process svchost.exe (320) listens on ports: 49154 (RPC)
Process wininit.exe (512) listens on ports: 49152 (RPC)
Process services.exe (568) listens on ports: 49158 (RPC)
Process lsass.exe (592) listens on ports: 49159 (RPC)
Process svchost.exe (840) listens on ports: 135 (RPC)
Process svchost.exe (960) listens on ports: 49153 (RPC)
Process LMS.exe (2044) listens on ports: 623, 16992
Process wmpnetwk.exe (3140) listens on ports: 554 (RTSP)


Autoruns and critical files
---------------------------
(unsigned) Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(unsigned) InstallShield Update Service C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(unsigned) InstallShield Update Service C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
(unsigned) Smart Recovery 2 C:\Program Files\GIGABYTE\SmartRecovery2_x64\RPMKickstart.exe
(unsigned) USB 3.0 Monitor C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(unsigned) WD Drive Manager C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
(unsigned) xInsIDE.exe C:\Windows\RaidTool\xInsIDE.exe

(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
(verified) Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(verified) Google Update C:\Users\Dylan Zhu\AppData\Local\Google\Update\GoogleUpdate.exe
(verified) Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) Logitech SetPoint c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
(verified) Logitech SetPoint C:\Program Files\Logitech\SetPointP\SetPoint.exe
(verified) Microsoft® Windows® Operating System C:\Windows\system32\Bubbles.scr
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Reader Library Launcher C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
(verified) Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(verified) Sophos Anti-Virus c:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll
(verified) Sophos AutoUpdate C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(verified) Windows Live Messenger C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe


Browser plugins
---------------
(unsigned) InstallShield Update Service C:\Windows\Downloaded Program Files\isusweb.dll

(verified) BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax64.dll
(verified) Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
(verified) Google Update C:\Users\Dylan Zhu\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL
(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
(verified) Microsoft® CoReXT C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) Sophos Anti-Virus C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll
(verified) Windows® Internet Explorer C:\Windows\System32\ieframe.dll


Missing files
-------------
File not found: mscoree.dll
--> HKCR\CLSID\{45d30484-7ded-43d9-957a-d2fd1f046511}\InprocServer32\"(default)"
--> HKCR\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}\InprocServer32\"(default)"


Scan
----
(unsigned) MD5: 0a7977ff7535f237c8c745ae09887c35 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
(unsigned) MD5: 2f240967e4cd11cbffda49af08b5fb9f C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
(unsigned) MD5: 468172e73855801d1fd3fa315a54d23d C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
(unsigned) MD5: 05dd46438799b5201c947569295bb033 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
(unsigned) MD5: b2e07ce4bc299a81768c18b73edf7c75 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
(unsigned) MD5: 752c18af133ed0de642502631065c7b8 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
(unsigned) MD5: 8aabb1348d1af9a59939ee0a5a5d31ef C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
(unsigned) MD5: 2b52fa45acaed9229baf077ad4c8fa5e C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
(unsigned) MD5: a65408e452ed93e4fc33db7176a9fa51 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
(unsigned) MD5: 4c7abf3f050c269feae0b381db64f5ca C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
(unsigned) MD5: 24def5303df32df054491a1ed427b8e6 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
(unsigned) MD5: ec3cdb6adf24ffcdfd4eceba0f857dda C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
(unsigned) MD5: ca8faf88c7ceb2d27149850bafb8a97c C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
(unsigned) MD5: 4547ba978fc369a9a3d5526e8e9956b3 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
(unsigned) MD5: 5cb73e5ffc6e9480727446b787a04ff4 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
(unsigned) MD5: 6623a8bc3569893faf6a0c7cfacac4e2 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATIDEMGX.dll
(unsigned) MD5: ee850c95ed088e8835f2425ee551296f C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
(unsigned) MD5: 74ef310fac89341ce2897b7f2c4a7b0f C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(unsigned) MD5: 4c2ac301b65a6f1929eb15510626e762 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
(unsigned) MD5: d92e28c9791351325bade13f1058a469 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
(unsigned) MD5: 8e09b7f0bacad57573f20d8aa2281401 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CustomFormats.Graphics.Shared.dll
(unsigned) MD5: 52825468e35c7788d7eaf60b9f74ef65 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
(unsigned) MD5: 7d6873f66ae14e76d0268dbfd221bb19 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
(unsigned) MD5: 1c051b14cdd3cebf420fcebea9587b71 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
(unsigned) MD5: 2a0f5b44a1fea8b9455729f39cc87c33 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
(unsigned) MD5: c459c54d2d777e3281dd3bd85723e5f3 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCV.Graphics.Shared.dll
(unsigned) MD5: 7d490b6fb040415069b063efbf5394dc C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
(unsigned) MD5: a00a8d530ff29961e9742f36340fe5cc C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
(unsigned) MD5: c6240edb88aadf196354cfbc30acd791 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
(unsigned) MD5: 95c50b91c9058ee61a5033232b5329e3 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
(unsigned) MD5: 5e11aa0c211a6dda15383d8534432823 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
(unsigned) MD5: 6791bd7da839587d1a7ab6e4f023c6b5 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
(unsigned) MD5: ba0375277e8adb3714f3cf0b25f2e87a C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
(unsigned) MD5: d53b19d76e9c31ecbd1dc9a4d06be0aa C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
(unsigned) MD5: ce52430203077e2223e23d63424b0c35 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceTV.Graphics.Shared.dll
(unsigned) MD5: ef091494ba0ead4126b018147969fce5 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
(unsigned) MD5: fc61b88d5cf3e1e71caff03aa45b21b7 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
(unsigned) MD5: c5364204c4b6473e6fa8aec18bdab8ff C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
(unsigned) MD5: 2b2fcd356836108b0a5a10077a19488a C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
(unsigned) MD5: 6c6a4dd5965ee41ed352405d878081bf C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
(unsigned) MD5: f0f9ff6bdc4d79fe27d464d0be94e989 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
(unsigned) MD5: 3c67e44d299e7c4774441e3e119d8b51 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
(unsigned) MD5: 77556ce9b9c03bca98f99c39fb700443 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
(unsigned) MD5: 95b5cd8c74c6dd2f0317c5519dadca18 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
(unsigned) MD5: 8cd10b0dd78e8115613db6c9cbfd745b C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
(unsigned) MD5: bb86656c2f4cd39ecf0fd11cf6a811ab C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
(unsigned) MD5: 7cdc3a41c073d709d78f0684bd39230b C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
(unsigned) MD5: d0d2c70029737f3d7c181dc3fe66aadf C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
(unsigned) MD5: 6c1ce1a67238dc9ea142bed801ba644c C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Runtime.dll
(unsigned) MD5: 33d860b132d875052efb449a1150369c C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Shared.dll
(unsigned) MD5: c73d3b9ac25524037af2468b3c522c62 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Wizard.dll
(unsigned) MD5: 3ec7cb79b494d424b3e308d8fccc1492 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
(unsigned) MD5: 157731ae85b8862aec9767f2d5421c15 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
(unsigned) MD5: 19174e20ba209b1c9e2b96ededc1bebf C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Shared.dll
(unsigned) MD5: d450209af7522aae861415f3f4863223 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
(unsigned) MD5: 8fedc4295117065fed9dd728731af3ad C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
(unsigned) MD5: 5058289355eddaea6a4d0be33ea9ad69 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Shared.dll
(unsigned) MD5: 4d7901f6a3ac6fa7264ddb5c6234e7a6 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
(unsigned) MD5: 474d5caa65d02033a7e3546aeea29be6 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Dashboard.dll
(unsigned) MD5: e82800480013596116674f3db626ef60 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Runtime.dll
(unsigned) MD5: f0f0fb5876ddba5920b8c27482bb294c C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Shared.dll
(unsigned) MD5: deb45da8c159e232f5d33fe8bc98fac3 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Welcome.Graphics.Dashboard.dll
(unsigned) MD5: 0f2c1c0fa9989fd61496ccd926cbe11d C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Welcome.Graphics.Runtime.dll
(unsigned) MD5: b2f1ecbee3f1f05cd27253784183fad8 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Welcome.Graphics.Shared.dll
(unsigned) MD5: 8874046d1a1d2ebf74673f98bdd5bbb0 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
(unsigned) MD5: 0787b1f71237ab5750106ee59803beb8 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
(unsigned) MD5: 06d641bfff6d5de5056679b069786eb8 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
(unsigned) MD5: 7dc3998a6b37b7ab743420772ff62063 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.Shared.Private.dll
(unsigned) MD5: 04ad957dc0ee4731806d6d25417c4675 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
(unsigned) MD5: fe2b26cdb59a8a19082628a2a4928b74 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Wizard.dll
(unsigned) MD5: f78eb0355fd5fd4e722e20a3faddadce C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Wizard.Shared.dll
(unsigned) MD5: 1cb843fd7ff50fad0496436b9ffd3e15 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
(unsigned) MD5: bf167ba49eb46aee59e8ca68f6913d85 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
(unsigned) MD5: 21bd86ef204f3cc3eaae7ffd52ed97b5 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
(unsigned) MD5: adaa08d7ef7683d57ea4fd64be931759 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Wizard.dll
(unsigned) MD5: 7722f9f8037c6476c45e18f4830b0701 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
(unsigned) MD5: 630d76b82d083f45b454b3e5799aba7c C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
(unsigned) MD5: d38cd043de7b37e6b0bd11fa981d3808 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
(unsigned) MD5: a445c093012cf91fc900d4aa36f3bb15 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
(unsigned) MD5: 9e1c5257532ebb0021f1a83b07746bc8 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
(unsigned) MD5: 51c37b60961285ee202fb3b6bf8659ec C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
(unsigned) MD5: ff93b69a10f4f0dc65798186c3b193cb C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
(unsigned) MD5: 2d05ce1b075c0765d269d3d794272dd1 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
(unsigned) MD5: 8739eed05b939a6c979911dd221fd2dc C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
(unsigned) MD5: eeeae8d61c5def07329d251be5ade40b C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.SkinFactory.dll
(unsigned) MD5: 515616f2c0f74e02d2f8b12d66cda447 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Systemtray.dll
(unsigned) MD5: 6f9062cd57475e11adf0f2575cd307c2 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Wizard.dll
(unsigned) MD5: 1337f4662bf3815fc669a92547efabd9 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Wizard.Shared.dll
(unsigned) MD5: 77e5466bb6f7341aa2b797ede0cc98c3 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Wizard.Shared.Private.dll
(unsigned) MD5: d37165af7af964e269f8fc54a94d424b C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
(unsigned) MD5: 25c5334815ac47ba03540901515f8a01 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
(unsigned) MD5: 1035b71cf04745fa7d407a5d94ecfa7b C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
(unsigned) MD5: d3b5015d8ae7b02284e94ea13ccbc41a C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(unsigned) MD5: c7c74183aaf5569d064ec15a9c85cf27 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
(unsigned) MD5: 0deab952a0a36abcb6270fe45d3cace1 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0703.dll
(unsigned) MD5: 2e7fab502a8615b1aab0eab35afbca3b C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0706.dll
(unsigned) MD5: 40261429e4139a04d27bc9489f3ed7eb C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
(unsigned) MD5: 5c281ffe91b8639a7448fcec5754e123 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll
(unsigned) MD5: 7f9a009e33940087fde0fa25d8aa5706 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll
(unsigned) MD5: 0386fad4fee556be7c263dd397d30e75 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0805.dll
(unsigned) MD5: acfd0d2cd67c478673f2eab1cb4d9d79 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0812.dll
(unsigned) MD5: 258c457aed786e5f6360a8472bf6c176 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0906.dll
(unsigned) MD5: 9e897687058f8a8d95ce888ac6835ad7 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0912.dll
(unsigned) MD5: f332b04351025bf649667202de93890d C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
(unsigned) MD5: d3db5d7292522a683b2227381f5d1522 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
(unsigned) MD5: 628bdebe54190513068c93cb268ec90b C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
(unsigned) MD5: e2ffce009361cf4d98b75bce890e5251 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
(unsigned) MD5: e7704cbf568815c1caa6e513387bd3f2 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(unsigned) MD5: 7a13ceccfa2da9d1e9cbceb8c587494f C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
(unsigned) MD5: ab61672ce14bd880725ce6dfe1dd5c18 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
(unsigned) MD5: baab4a5eea54ed8f37a15c8c4393b77b C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
(unsigned) MD5: 7f4e08c1db19d06e0b5750f6e523662f C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
(unsigned) MD5: 0527ef30e95ea5b4c59d185fb8651b1f C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
(unsigned) MD5: d2aeadfd998706b4216315b2bd3fa79e C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(unsigned) MD5: 3bb48f7e33c2b76184ddf233000c09cd C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
(unsigned) MD5: 95ef67726c2f3b5e6a9ad8a289d5d87d C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
(unsigned) MD5: 43e54574c955bbf44af883eb0f8c9d06 C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(unsigned) MD5: 2c01ee98b0bd256bc1a1f5cdf053dc8a C:\Program Files (x86)\GIGABYTE\smart6\timelock\BPassDLL.dll
(unsigned) MD5: be10b23e1851f812ff6eda3d57d5303a C:\Program Files (x86)\GIGABYTE\smart6\timelock\slmDB.dll
(unsigned) MD5: 9bc46728c7838b7768ef88ea7c5ad32e C:\Program Files (x86)\GIGABYTE\smart6\timelock\slmSecret.dll
(unsigned) MD5: 6cb928ea57347ec5dbb058e1cafcfd56 C:\Program Files (x86)\GIGABYTE\smart6\timelock\slmWeekCtrlRule.dll
(unsigned) MD5: bd94b205e9456c45b6be88a62178b964 C:\Program Files (x86)\GIGABYTE\smart6\timelock\SmartLock.dll
(unsigned) MD5: 101556f6216e97f1258d87c38203695f C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(unsigned) MD5: 1cbad5eee017fafea2bf75e82330783d C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\DTMessageLib.dll
(unsigned) MD5: d480c9220bfe667de65a46cde80ea7e9 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\StatusStrings.dll
(unsigned) MD5: 122f89e0905fc656d56f65cd7a2e9b4d C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\xerces-c_2_7.dll
(unsigned) MD5: c26fd994b8eb39d122acbdd464377f3a C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
(unsigned) MD5: 087a06db98d0e84c0de90ee308707e63 C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(unsigned) MD5: 2d841b7b7f6dec32162edfcc69d61f42 C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(unsigned) MD5: d4eaf44813f1b493a46a180c1979a4e2 C:\Program Files (x86)\Sony\Reader\Data\bin\FskDocumentViewer.dll
(unsigned) MD5: 22e305b14baf9cfa5a1ccb91e5eca033 C:\Program Files (x86)\Sony\Reader\Data\bin\FskDocumentViewerAdobe.dll
(unsigned) MD5: 9eeefe43bfcf69a6b10e9e68e84961e3 C:\Program Files (x86)\Sony\Reader\Data\bin\Fskin.dll
(unsigned) MD5: 4b8842b750718544e8c5db703d99ea64 C:\Program Files (x86)\Sony\Reader\Data\bin\FskinLocalize.dll
(unsigned) MD5: fed03e98843d90573561844350617937 C:\Program Files (x86)\Sony\Reader\Data\bin\FskMediaPlayers.dll
(unsigned) MD5: 63a5b342dd02706ac19f9b3e65739560 C:\Program Files (x86)\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
(unsigned) MD5: d7db5702b12e653b5c54c78ff5676dce C:\Program Files (x86)\Sony\Reader\Data\bin\FskPower.dll
(unsigned) MD5: 17ac0a41e9d779bb812c1cade15a9cda C:\Program Files (x86)\Sony\Reader\Data\bin\FskSecurity.dll
(unsigned) MD5: 77e2ae17e4fd795f1ff63cf1e5cc254b C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\connectionDetector.dll
(unsigned) MD5: 0323d822e73bfce35797ee7d4d29dc87 C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
(unsigned) MD5: 92da10946924ce1180cd89552379489c C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookUsb.dll
(unsigned) MD5: 8df65463ae4ec8f99b2c4c8368fe1acd C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\fsk.dll
(unsigned) MD5: 9b451d5c196d95a654ed605098733257 C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
(unsigned) MD5: 8d5e714a01af21f3678caf5c2c1f30ed C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
(unsigned) MD5: 532c5b8ebf42e5805d1a169169815698 C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\libeay32.dll
(unsigned) MD5: 366031c1f10dc3d70211e7615b57134c C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\prsctr.dll
(unsigned) MD5: 66a2a18c100867756ec2811f3ab50315 C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ssleay32.dll
(unsigned) MD5: f144ad2d74de35fd9dcd21d6e34988f6 C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ticket.dll
(unsigned) MD5: acb7bb2db10ef25b5935076913f2b530 C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\USBDetector.dll
(unsigned) MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files (x86)\Sophos\AutoUpdate\MFC71.dll
(unsigned) MD5: 8086933d9f422aea1e0326103f49d32b C:\Program Files\GIGABYTE\SmartRecovery2_x64\RescuePlan.dll
(unsigned) MD5: c77c34c770bc976f72d000b705e6a2cf C:\Program Files\GIGABYTE\SmartRecovery2_x64\RPMDaemon.exe
(unsigned) MD5: 6e4b7d3d7c03a6fde856abee8f96f20e C:\Program Files\GIGABYTE\SmartRecovery2_x64\RPMKickstart.exe
(unsigned) MD5: 2096043d3a1b82fd2adb09f3dbc851a4 C:\Program Files\GIGABYTE\SmartRecovery2_x64\srpCore.dll
(unsigned) MD5: acbb28fadcc1bd7672244f646c693d97 C:\Program Files\GIGABYTE\SmartRecovery2_x64\srpVss.dll
(unsigned) MD5: a125efcd1e41a98ab6d37ab42c8435e3 C:\Program Files\GIGABYTE\SmartRecovery2_x64\yccdrv.dll
(unsigned) MD5: 7b8cdbdeb84da1a0c8897728beba80b8 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
(unsigned) MD5: 9670ff669ab7d6ab4f1734c1ffaff9d1 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
(unsigned) MD5: a379b75a6ffe4dfd3184f35f0141ce91 C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
(unsigned) MD5: 02c2027f23d97058536d43631222d4bc C:\Windows\assembly\GAC_64\GBHO\1.0.0.0__709f1911357dc329\GBHO.dll
(unsigned) MD5: bc5c20a8affecbe7ce73a0411478a12c C:\Windows\assembly\GAC_MSIL\SHDocVw\1.1.0.0__1b4e890f49261012\SHDocVw.dll
(unsigned) MD5: 32be2cf7f2366aa76884f894a2e6738f C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\2e16a238456fbe4a41233d7a732d086b\mscorlib.ni.dll
(unsigned) MD5: dc3ed4773f83aed605d30fe090846a28 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\e132c80b2eeffad1f37e2ce108d7d8f7\System.Configuration.ni.dll
(unsigned) MD5: 8d82ad150fc8a6ee31ae5edb436bf6ac C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\e48f514a13b9d9ddd60c82b64e68dc11\System.Drawing.ni.dll
(unsigned) MD5: cfb8ffba40ae58f81540ee6e2a062e92 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\1e17d4907cbd99eff7496e152bc3828a\System.Runtime.Remoting.ni.dll
(unsigned) MD5: 53600a8d9ad1682cf1830066782f1290 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\03966605e6880c960111f15fbe1e414a\System.Web.ni.dll
(unsigned) MD5: 31be5dd86f1c15e787eed8408b773e62 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\d6fb1e55b2ba3ab8b2815181133130e3\System.Windows.Forms.ni.dll
(unsigned) MD5: 851768f388595b669352394b6e09c6a9 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\2c68cc299a2191bb837b4a6c8108077c\System.Xml.ni.dll
(unsigned) MD5: e5d17215d435a08fcecff8467fd744c2 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\65f46521e7fca2cd2d216162175f2fd6\System.ni.dll
(unsigned) MD5: 3f4413dcd8d3bbabf08f68f25e6d60e1 C:\Windows\Downloaded Program Files\isusweb.dll
(unsigned) MD5: db4e2d9c09a5762cb2551222b5e443b2 C:\Windows\RaidTool\xInsIDE.exe
(unsigned) MD5: 3183388da27655085960a22b4b29caa9 C:\Windows\system32\DRIVERS\RtTeam60.sys
(unsigned) MD5: 4b3f898dc1378ced2f35d04e5b0ce0df C:\Windows\system32\drivers\SPTD.sys
(unsigned) MD5: cda5e19b214c8578752d2853b206a114 C:\Windows\System32\HpTcpMib.dll
(unsigned) MD5: 058592f982b2ff22a7be1733c1915699 C:\Windows\System32\HPTcpMon.dll
(unsigned) MD5: a8f7a64bf6a714a21fb73e5827af5aa2 C:\Windows\System32\HPTcpMUI.dll
(unsigned) MD5: 8d90e8abfe5b88d7bc646d825516d289 C:\Windows\System32\hpzjcd01.dll
(unsigned) MD5: eae1bc3f0a324751e87a3fe32bcf4a08 C:\Windows\System32\hpzjrd01.dll
(unsigned) MD5: d2600d5000cfd439aa791e56bd763ad8 C:\Windows\System32\pdfcmnnt.dll
(unsigned) MD5: b4cda1b4263b53d249ac27a4892da634 C:\Windows\SysWOW64\XSrvSetup.exe
(unsigned) MD5: ea42f79a76f4795e0930fb1e9fffa5cf C:\Windows\winsxs\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\mfc80u.dll
(unsigned) MD5: 9935f595c9b80bc40723042b43086549 C:\Windows\winsxs\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_fc42961a63b5a82b\mfc80ENU.dll


No file uploaded.

Scan finished - communication took 11 sec
Total traffic - 0.13 MB sent, 4.03 KB recvd
Scanned 2242 files and modules - 78 seconds

==============================================================================

Running the command prompt gives me:

sfc /scannow: "Windows Resource Protection did not find any integrity violations."

sigverif, after pressing Start: "Your files have been scanned and verified as digitally signed."

Edited by 0blivion, 05 March 2011 - 07:39 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,711 posts
  • MVP
Don't worry about delays. They are expected plus I have so many threads open that I couldn't keep track if I wanted to.

Logs look pretty good. IF you are not getting redirected then I guess we got it.

We need to clean up System Restore.
The best way is to follow Jim's procedure here http://aumha.net/vie...&st=0&sk=t&sd=a
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.

You can uninstall or delete any tools we had you download and their logs.

OTL has a cleanup tab you can use if you like.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.



You do not have the latest Java (Java™ 6 Update 24). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it. Do not let it install the Yahoo toolbar or other foist ware.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Flash Player recently came out with a new version which fixes an exploit hole. See http://aumha.net/vie...&st=0&sk=t&sd=a Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.
If Firefox is slow loading make sure it only has the current Java add-on. Java seems to have a problem removing the old consoles from Firefox and multiple java consoles will slow down the the start of Firfox considerably. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox


If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html


Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

Ron
  • 0

#5
0blivion

0blivion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Ron!

Thanks for all the help. Seems to be completely gone, and I've installed WinPatrol and Autorun Eater; both seem very useful, especially given their size. I also updated the java runtime, and made sure my Flash was up to date.

Regarding the Restore Point (I still went through all the steps, because they couldn't hurt), but I actually didn't have System Restore enabled prior to this, is that advisable? (But now I'm happy to have a definitely clean Restore point)

My Sophos Endpoint Security is a current subscription, so I'll stick with that. Thanks for the suggestion of Avast though.

Anyways, thanks again for all the help! From me and my comp both.

Cheers,
Dylan.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,711 posts
  • MVP
You should always have System Restore running. This is your safety net. IF something goes wrong and it is not running you may have to reload Windows. The idiot a-v companies who start off their cleaning routine with "turn off system restore" are really asking you to live dangerously. Any virus which is stored in system restore is dormant and can't come back to life unless you tell it to restore to an earlier time. It's not difficult to purge the older system restore records as you have just seen. An even simpler way is to just turn it off then back on but that leaves you vulnerable to a power hit or unexpected crash for a few moments so I prefer the longer way.

Ron
  • 0

#7
0blivion

0blivion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ah, ok, that makes a lot of sense. I'll keep it on from now on then. Cheers =D
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP