Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot update microsoft security essentials or any windows updates [Cl

Started by darkwing7 , Dec 17 2011 08:26 PM

  • This topic is locked This topic is locked

#1
darkwing7
Posted 17 December 2011 - 08:26 PM

darkwing7

    New Member

  • Member
  • Pip
  • 1 posts
Hello!

I am new here, I recently started getting the following symptoms:

1)Sometimes internet explorer will shut down by itself claiming it is protecting me from malicious code execution.

2) My Zone Alarm used to block quite a few illegitimate programs from accessing the internet when 1) first started to occur, but has since stopped.

3) I downloaded Microsoft security Essentials in the hopes that it would find whatever it was causing problems on IE8 but realized after I downloaded it that it was mysteriously unable to access the internet to update itself. Same happens when I go to microsoft updates website to check for updates. I can access the internet under all other circumstances. I can run all anti malware and anti virus scans just fine, and malwarebytes caught 3-4 trojans and I deleted them (They might be reinstalling themselves under different names as I found more after a reboot).

4) Now malwarebytes and Symantec Endpoint security both find nothing. But the problems above all persist regarding unable to update various windows software and IE8 shutting itself off time and again. Your expertise and time is greatly appreciated!

The OTL log is as below:

OTL logfile created on: 12/17/2011 9:05:16 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\ychou\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 55.71% Memory free
5.33 Gb Paging File | 3.85 Gb Available in Paging File | 72.28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.93 Gb Total Space | 120.85 Gb Free Space | 81.15% Space Free | Partition Type: NTFS
Drive D: | 117.38 Mb Total Space | 113.35 Mb Free Space | 96.56% Space Free | Partition Type: FAT

Computer Name: MNYCHOU1 | User Name: ychou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/17 21:02:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ychou\My Documents\Downloads\OTL.exe
PRC - [2011/12/07 09:34:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/22 15:45:32 | 000,161,336 | ---- | M] (Google) -- C:\Documents and Settings\ychou\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/03 09:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/03 09:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/02 10:20:58 | 000,224,256 | ---- | M] () -- C:\Program Files\GNU\GnuPG\dirmngr.exe
PRC - [2010/10/12 16:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 16:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/05/14 13:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/28 11:18:36 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OA001Mon.exe
PRC - [2010/01/20 19:01:35 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Smc.exe
PRC - [2010/01/20 19:01:35 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SmcGui.exe
PRC - [2010/01/20 19:01:35 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/01/20 19:01:35 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/01/20 19:01:34 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/09/09 17:21:16 | 000,069,632 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2008/09/09 17:18:54 | 001,486,848 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
PRC - [2008/08/18 13:42:30 | 001,205,528 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2008/08/18 13:39:28 | 000,455,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2008/08/01 00:41:50 | 000,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2008/08/01 00:41:50 | 000,021,352 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2008/06/24 10:16:50 | 000,243,000 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2008/06/12 11:59:58 | 000,786,432 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2008/06/03 18:28:50 | 000,386,328 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2008/05/30 06:29:28 | 000,593,920 | ---- | M] (Dell, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2008/05/22 20:32:08 | 000,221,273 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\DellXPM09B_6017v022\WDM\stacsv.exe
PRC - [2008/05/22 20:31:16 | 000,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/05/20 19:21:30 | 000,466,944 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/05/14 20:42:16 | 000,105,472 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2008/05/08 21:16:06 | 000,098,304 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect iRoam\iPassPeriodicUpdateService.exe
PRC - [2008/05/08 21:15:46 | 000,155,648 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect iRoam\iPassPeriodicUpdateApp.exe
PRC - [2008/04/30 19:26:22 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/21 23:32:04 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/02/26 13:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/10/25 20:23:36 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2006/09/13 11:39:02 | 000,053,288 | ---- | M] (ShoreTel, Inc.) -- C:\Program Files\Shoreline Communications\ShoreWare Client\STCLogin.exe
PRC - [2006/09/08 18:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/09 20:39:42 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/07 09:34:39 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/07 09:20:41 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/11/07 09:19:24 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/11/07 09:06:09 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/11/07 09:06:05 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/11/07 09:05:53 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/11/07 09:04:52 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/11/07 09:04:36 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/03/02 10:20:58 | 000,224,256 | ---- | M] () -- C:\Program Files\GNU\GnuPG\dirmngr.exe
MOD - [2011/03/02 10:17:18 | 000,603,136 | ---- | M] () -- C:\Program Files\GNU\GnuPG\libgcrypt-11.dll
MOD - [2011/03/02 10:16:20 | 000,208,384 | ---- | M] () -- C:\Program Files\GNU\GnuPG\libksba-8.dll
MOD - [2011/03/02 10:16:08 | 000,073,216 | ---- | M] () -- C:\Program Files\GNU\GnuPG\libassuan-0.dll
MOD - [2011/03/02 10:13:52 | 000,048,640 | ---- | M] () -- C:\Program Files\GNU\GnuPG\libgpg-error-0.dll
MOD - [2011/03/02 10:11:52 | 000,038,400 | ---- | M] () -- C:\Program Files\GNU\GnuPG\libw32pth-0.dll
MOD - [2010/06/13 16:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/05 07:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/04/30 16:51:32 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2009/04/30 16:50:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008/09/09 17:21:40 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\UCMPlugin\SmithMicro.Common.dll
MOD - [2008/09/09 17:20:40 | 000,393,216 | ---- | M] () -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMProfileManager.dll
MOD - [2008/09/09 17:18:24 | 003,588,096 | ---- | M] () -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.SharedUI.dll
MOD - [2008/09/09 17:17:44 | 000,483,328 | ---- | M] () -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMMessages.dll
MOD - [2008/09/09 17:17:28 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.AsyncOperations.dll
MOD - [2008/09/09 17:16:54 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.VpnController.dll
MOD - [2008/09/09 17:16:52 | 000,192,512 | ---- | M] () -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Application.dll
MOD - [2008/09/09 17:16:48 | 000,040,960 | ---- | M] () -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\VpnWrapper.dll
MOD - [2008/09/09 17:16:18 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Message.dll
MOD - [2008/09/09 17:16:16 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Common.dll
MOD - [2008/07/28 21:03:06 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\Wavx_ESC_Logging.dll
MOD - [2008/05/30 06:29:22 | 000,016,384 | ---- | M] () -- C:\Program Files\Dell\Dell ControlPoint\Dell.DcpPlugin.dll
MOD - [2008/05/30 06:29:16 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Dell ControlPoint\SmithMicro.Common.dll
MOD - [2008/05/14 20:40:30 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2008/04/14 06:00:00 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 06:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/14 06:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 06:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/03/10 18:47:48 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
MOD - [2007/07/23 18:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2004/10/27 08:02:36 | 000,651,264 | ---- | M] () -- C:\Program Files\iPass\iPassConnect iRoam\libeay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/03 09:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/02 10:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Program Files\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2010/01/20 19:01:35 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2010/01/20 19:01:35 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SNAC.EXE -- (SNAC)
SRV - [2010/01/20 19:01:35 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/01/20 19:01:35 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/01/20 19:01:34 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/07/13 14:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/09/09 17:21:16 | 000,069,632 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2008/08/18 13:39:28 | 000,455,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2008/08/01 00:41:50 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2008/08/01 00:41:50 | 000,021,352 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008/06/13 01:57:44 | 001,720,320 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect iRoam\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2008/06/12 11:59:58 | 000,786,432 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2008/06/03 18:28:50 | 000,386,328 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/05/22 20:32:08 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\DellXPM09B_6017v022\WDM\stacsv.exe -- (STacSV)
SRV - [2008/05/08 21:16:06 | 000,098,304 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect iRoam\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2008/05/08 21:15:46 | 000,155,648 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect iRoam\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2008/04/25 18:45:40 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/03/10 18:48:48 | 001,249,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)


========== Driver Services (SafeList) ==========

DRV - [2011/12/17 10:24:28 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54A4BC2B-DC47-499B-8822-5E832071D54A}\MpKsl285c3129.sys -- (MpKsl285c3129)
DRV - [2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/08 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/03 09:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/04 13:31:31 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111216.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/04 13:31:31 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111216.034\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/28 14:50:35 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/07/14 11:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/06/11 16:02:32 | 000,035,448 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv)
DRV - [2010/06/11 16:02:22 | 000,010,744 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2010/01/28 11:20:32 | 000,281,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2010/01/20 19:01:35 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/01/20 19:01:35 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/01/20 19:01:35 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/01/20 19:01:33 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/01/20 19:01:33 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/01/20 19:01:33 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/05/28 04:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Afx.sys -- (OA001Afx)
DRV - [2009/05/25 14:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/04/30 16:51:28 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/03/06 09:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/12/19 17:30:40 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPassP.sys -- (iPassP) iPass Protocol (IEEE 802.1x)
DRV - [2008/08/01 00:39:26 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2008/06/24 10:16:52 | 000,172,344 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/06/04 17:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/05/22 20:32:50 | 001,381,914 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/05/20 19:21:26 | 000,108,160 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/04/19 01:43:40 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/04/04 16:40:50 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2007/07/23 18:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 18:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 18:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 18:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 18:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 18:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 18:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 18:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 17:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 17:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/06/14 13:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/finance
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DC B8 AF 69 5C C5 08 49 8B AA 39 E6 56 D2 18 5C [binary data]
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 55273
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\ychou\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\ychou\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\ychou\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\ychou\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/11/14 13:28:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/07 09:34:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/11 12:17:56 | 000,000,000 | ---D | M]

[2011/07/02 17:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ychou\Application Data\Mozilla\Extensions
[2011/12/16 10:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ychou\Application Data\Mozilla\Firefox\Profiles\e1jxou2c.default\extensions
[2011/07/27 09:04:50 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\ychou\Application Data\Mozilla\Firefox\Profiles\e1jxou2c.default\extensions\{05ae437f-496c-49dd-984e-d7f5ea3b5dc1}
[2011/08/04 13:25:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\ychou\Application Data\Mozilla\Firefox\Profiles\e1jxou2c.default\extensions\{35121a5e-60b1-46f2-89be-c72ec1d7d203}
[2011/12/07 09:34:53 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\ychou\Application Data\Mozilla\Firefox\Profiles\e1jxou2c.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2011/07/17 14:11:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\YCHOU\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\E1JXOU2C.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/14 13:28:22 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2011/12/07 09:34:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/12 15:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 15:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 15:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 15:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010/10/12 17:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/10/12 15:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011/12/07 09:34:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/07 09:34:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/13 21:03:36 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DCPstrApp] C:\Program Files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe (Broadcom Corporation)
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell, Inc.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OA001Mon] C:\WINDOWS\OA001Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Spark] C:\Program Files\Spark\Spark.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} https://redwood.mode...,2010,0611,2020 (F5 Networks CacheCleaner)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://redwood.mode...0,2010,611,2100 (F5 Networks VPN Manager)
O16 - DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} http://hdqvoice1/Sho...ientInstall.ocx (Shoretel SClientInstall)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://redwood.mode...0,2010,611,2051 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\DOCUME~1\ychou\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1 (F5 Networks Auto Update)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229721390463 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://redwood.mode...0,2010,611,2044 (F5 Networks SuperHost Class)
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} http://hdqdellmon/we...all/webinst.cab (WebBasedClientInstall Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://redwood.mode...0,2010,611,2119 (F5 Networks Host Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = modeln.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C76C86C5-6093-449C-A994-9941B38591BD}: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (wvauth) -C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/19 13:52:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/06/29 17:59:00 | 000,001,050 | ---- | M] () - D:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2008/12/19 10:32:22 | 000,001,050 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/12 11:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ychou\Local Settings\Application Data\Google
[2011/12/05 09:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/12/04 13:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ychou\My Documents\utilities
[2011/12/03 21:13:48 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/12/03 21:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/03 19:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\85C18
[2011/12/03 19:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/12/03 19:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ychou\Application Data\0CF85
[2011/07/20 11:39:01 | 027,081,592 | ---- | C] (Smith Micro Software, Inc.) -- C:\Program Files\VZAM_7.2.9_2470a_RIM.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\ychou\Desktop\*.tmp files -> C:\Documents and Settings\ychou\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\ychou\*.tmp files -> C:\Documents and Settings\ychou\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/17 20:37:03 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1655578845-672299723-1847928074-7577UA.job
[2011/12/17 16:46:32 | 000,161,219 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/12/17 11:37:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1655578845-672299723-1847928074-7577Core.job
[2011/12/17 10:24:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ychou\Local Settings\Application Data\WavXMapDrive.bat
[2011/12/17 10:24:18 | 000,190,474 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/17 10:24:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/17 10:18:26 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/17 10:17:51 | 000,505,834 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/17 10:17:51 | 000,089,514 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/17 10:13:56 | 000,000,021 | ---- | M] () -- C:\WINDOWS\S.dirmngr
[2011/12/17 10:13:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/17 10:12:53 | 3745,406,976 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/15 16:38:09 | 000,054,644 | ---- | M] () -- C:\Documents and Settings\ychou\My Documents\utilities.zip
[2011/12/13 23:03:39 | 000,002,198 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/13 21:03:36 | 000,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/09 20:39:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/08 09:15:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/07 18:29:16 | 000,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/12/04 18:20:01 | 000,001,190 | -HS- | M] () -- C:\Documents and Settings\ychou\Local Settings\Application Data\0d16ps5l74g467
[2011/12/04 18:20:01 | 000,001,190 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0d16ps5l74g467
[2011/11/26 12:53:32 | 000,000,246 | ---- | M] () -- C:\Documents and Settings\ychou\My Documents\test_MCO_lines.csv
[2011/11/22 16:25:47 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\ychou\My Documents\table_export_missingWholesalers.csv
[2011/11/21 13:46:17 | 000,161,219 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\ychou\Desktop\*.tmp files -> C:\Documents and Settings\ychou\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\ychou\*.tmp files -> C:\Documents and Settings\ychou\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/17 10:13:56 | 000,000,021 | ---- | C] () -- C:\WINDOWS\S.dirmngr
[2011/12/15 16:38:09 | 000,054,644 | ---- | C] () -- C:\Documents and Settings\ychou\My Documents\utilities.zip
[2011/12/12 11:32:57 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1655578845-672299723-1847928074-7577UA.job
[2011/12/12 11:32:57 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1655578845-672299723-1847928074-7577Core.job
[2011/12/04 18:20:01 | 000,001,190 | -HS- | C] () -- C:\Documents and Settings\ychou\Local Settings\Application Data\0d16ps5l74g467
[2011/12/04 18:20:01 | 000,001,190 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0d16ps5l74g467
[2011/12/03 21:17:22 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/03 21:12:31 | 000,002,198 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/12/03 21:12:14 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/26 12:50:43 | 000,000,246 | ---- | C] () -- C:\Documents and Settings\ychou\My Documents\test_MCO_lines.csv
[2011/11/22 16:24:34 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\ychou\My Documents\table_export_missingWholesalers.csv
[2011/08/03 09:11:46 | 046,973,440 | ---- | C] () -- C:\Program Files\zaSetup_92_106_000_en.exe
[2011/07/17 23:18:29 | 001,767,668 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1655578845-672299723-1847928074-7577-0.dat
[2011/07/17 23:18:29 | 000,269,198 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/07/14 07:50:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/13 09:32:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\f5unistall.INI
[2011/06/15 12:42:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ychou\Local Settings\Application Data\WavXMapDrive.bat
[2011/03/30 03:10:04 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2010/07/28 15:09:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/03 17:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 17:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/08 15:34:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/07/08 13:50:25 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/07/08 13:50:25 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/07/08 13:50:25 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/12/19 19:28:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/12/19 18:01:08 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/19 17:30:39 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\iPassI5Installer.exe
[2008/12/19 17:20:25 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/12/19 14:39:09 | 000,157,008 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2008/12/19 14:39:03 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/12/19 14:16:03 | 000,161,219 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/12/19 14:12:29 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/12/19 14:12:28 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/19 14:12:28 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/19 14:12:28 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/12/19 14:12:27 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/19 14:12:26 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/12/19 14:12:24 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/12/19 14:12:23 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/12/19 13:53:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/19 13:49:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/19 05:45:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/19 05:44:16 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/09 17:17:12 | 000,652,800 | ---- | C] () -- C:\WINDOWS\System32\SMgina.dll
[2008/07/28 21:03:06 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2008/06/13 14:18:56 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
[2008/06/13 14:18:56 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
[2008/06/13 14:18:54 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
[2008/06/13 14:18:54 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
[2008/06/13 14:18:52 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2008/06/13 14:18:52 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2008/06/13 14:18:52 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2008/06/13 14:18:50 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2008/06/13 14:18:50 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2008/06/13 14:18:48 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2008/06/13 14:18:48 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2008/06/13 14:18:46 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2008/06/13 14:18:44 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2008/06/13 14:18:44 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2008/06/13 14:18:42 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2008/06/13 14:16:16 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
[2008/05/30 12:38:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2008/05/30 12:38:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2008/05/30 12:37:52 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2008/05/30 12:37:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2008/05/30 12:37:22 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2008/05/30 12:37:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2008/05/30 12:37:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2008/05/30 12:37:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2008/05/30 12:37:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2008/05/30 12:37:12 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2008/05/30 12:37:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2008/05/30 12:37:10 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2008/05/30 12:37:08 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2008/05/30 12:37:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2008/05/30 12:37:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2008/05/14 20:40:30 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 06:00:00 | 000,505,834 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 06:00:00 | 000,089,514 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/02/25 15:04:48 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/08/14 14:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/30 15:58:44 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 15:58:44 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 11:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 15:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 15:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll

< End of report >

Attached Files

  • Attached File  OTL.Txt   103.66KB   88 downloads

  • 0

Advertisements

#2
Essexboy
Posted 18 December 2011 - 06:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there on completion of this run I would like a fresh OTL scan but this time select all users as they will need to be cleaned as well

You appear to have two Antivirus programmes - which is the main one you use ?

On completion try to update MSSE and windows

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DC B8 AF 69 5C C5 08 49 8B AA 39 E6 56 D2 18 5C [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 55273
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    [2011/12/03 19:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\85C18
    [2011/12/03 19:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\LP
    [2011/12/03 19:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ychou\Application Data\0CF85
    [2011/12/04 18:20:01 | 000,001,190 | -HS- | M] () -- C:\Documents and Settings\ychou\Local Settings\Application Data\0d16ps5l74g467
    [2011/12/04 18:20:01 | 000,001,190 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0d16ps5l74g467

    :Reg
    [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Essexboy
Posted 22 December 2011 - 02:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP