Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with Alureon.fe nasty Trojan [Unsolved] [Closed]

Started by Insau Tybo , Feb 01 2012 04:03 PM

  • This topic is locked This topic is locked

#1
Insau Tybo
Posted 01 February 2012 - 04:03 PM

Insau Tybo

    Member

  • Member
  • PipPip
  • 33 posts
So recently I got infected by Alureon.fe as indicated by MSE before my computer went totally nuts. By nuts I mean it would run extremely slow, no files, no desktop, continuous false alerts and rogue spyware scanning that could not be closed. I restored my system to a previous date 1/26/12 I believe, and the computer appears to be working ok now except some of my files are like lighter then more recent ones, I'm not sure how to explain it, its kinda like when a file is invisible. Also, I still can not turn on windows firewall, when I try to change to recommended settings it gives me 0x080070424 error. I only ran across this when I tried to update a game I play and it said something like could not connect to http server check firewall, and then I saw my firewall was turned off and I tried to turn it on but could not. So therefore I feel like Alureon.fe is still in my system and I know how tricky these kinds of trojans can be. I've tried scanning with MSE and TDS Microsoft Security Scanner but nothing shows up. Could someone please help?

Edited by Insau Tybo, 02 February 2012 - 03:08 PM.

  • 0

Advertisements

#2
Insau Tybo
Posted 01 February 2012 - 04:04 PM

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
also, I'm running Windows 7 64 bit
  • 0

#3
Insau Tybo
Posted 01 February 2012 - 04:21 PM

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
OTL logfile created on: 2/2/2012 4:11:53 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex Huang\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 65.38% Memory free
6.87 Gb Paging File | 4.86 Gb Available in Paging File | 70.67% Paging File free
Paging file location(s): C:\pagefile.sys 4222 4222 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 79.14 Gb Free Space | 27.93% Space Free | Partition Type: NTFS

Computer Name: MINJUN-PC | User Name: Alex Huang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/02 16:10:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alex Huang\Downloads\OTL.exe
PRC - [2012/01/10 00:38:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 01:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2011/01/13 13:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 13:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/01/13 13:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/01/13 13:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/11/20 09:52:21 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2009/07/13 20:14:44 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WerFault.exe
PRC - [2009/07/07 11:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/27 12:37:18 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
PRC - [2009/04/27 12:37:16 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/11/02 14:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe
PRC - [2005/10/28 10:00:00 | 000,122,880 | ---- | M] (WinZip Computing LP) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE


========== Modules (No Company Name) ==========

MOD - [2012/01/12 03:30:08 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\82ca215f115529e1372218a8ca377ddb\System.Web.Services.ni.dll
MOD - [2012/01/12 03:29:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll
MOD - [2012/01/10 00:38:36 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/13 02:45:23 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/13 02:45:19 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll
MOD - [2011/10/13 02:36:32 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 02:36:04 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/13 02:35:51 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:35:51 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa42950143908bea4f88f3b9fd693e94\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2011/10/13 02:35:45 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/13 02:35:42 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/13 02:35:31 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/13 02:35:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/13 02:35:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/13 02:35:22 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/13 02:35:13 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/07/22 17:49:42 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/26 12:41:40 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/27 18:29:51 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
MOD - [2011/01/13 13:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011/01/13 13:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/01/13 13:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011/01/13 13:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011/01/13 13:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011/01/13 13:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011/01/13 13:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011/01/13 13:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011/01/13 13:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011/01/13 13:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/11/17 12:16:34 | 000,324,896 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libtidy.dll
MOD - [2010/09/16 15:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/07/07 11:24:00 | 000,268,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/07/07 11:24:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/07/07 11:24:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/07/07 11:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/07/07 11:23:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/07/07 11:23:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/06/18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/04/27 12:37:18 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
MOD - [2009/04/27 12:37:16 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
MOD - [2008/05/16 11:35:22 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Core.dll
MOD - [2008/05/16 11:35:22 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Common.dll
MOD - [2008/05/16 11:34:18 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2008/02/07 10:05:18 | 000,163,840 | ---- | M] () -- C:\Windows\SysWOW64\hppatusg01.dll
MOD - [2007/11/02 14:52:40 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPUsageTracking.dll
MOD - [2007/11/02 14:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe
MOD - [2007/11/02 14:52:38 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPToolkit.dll
MOD - [2007/11/02 14:52:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\Enumeration.dll
MOD - [2007/11/02 14:52:22 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPTools.dll
MOD - [2007/11/02 14:52:16 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPStreamsInterface.dll
MOD - [2007/04/30 07:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 07:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 07:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/03/06 07:16:48 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxdddatr.dll
MOD - [2007/01/09 16:10:06 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddscw.dll
MOD - [2006/12/28 10:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddcats.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/06/14 19:12:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2007/05/25 08:42:22 | 000,034,224 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV:64bit: - [2007/05/25 08:42:12 | 000,567,216 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxddcoms.exe -- (lxdd_device)
SRV - [2011/01/13 13:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe -- (SftService)
SRV - [2010/10/02 21:19:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/20 09:57:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/13 00:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/11/11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/05/25 08:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxddcoms.exe -- (lxdd_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/25 15:53:05 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/06/15 03:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/16 14:20:51 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/05/20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 00:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009/06/14 19:48:02 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 15:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 02:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/26 19:13:24 | 001,206,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fut11info.nl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.31.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - prefs.js..network.proxy.http: "216.48.80.12"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alex Huang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Alex Huang\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\Users\Alex Huang\AppData\Roaming\5005 [2012/01/29 23:54:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/30 00:27:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/30 00:28:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\Users\Alex Huang\AppData\Roaming\5005 [2012/01/29 23:54:06 | 000,000,000 | ---D | M]

[2010/08/28 17:46:06 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alex Huang\AppData\Roaming\Mozilla\Extensions
[2010/08/28 17:46:06 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alex Huang\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/02/01 17:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Huang\AppData\Roaming\Mozilla\Firefox\Profiles\nu88bg46.default\extensions
[2012/01/30 00:39:52 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Alex Huang\AppData\Roaming\Mozilla\Firefox\Profiles\nu88bg46.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/05/19 16:40:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/02/14 15:02:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2012/01/29 23:54:06 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\ALEX HUANG\APPDATA\ROAMING\5005
() (No name found) -- C:\USERS\ALEX HUANG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NU88BG46.DEFAULT\EXTENSIONS\[email protected]
[2012/01/10 00:38:36 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/13 09:42:41 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/01/01 03:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 17:03:17 | 000,002,040 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/14 00:20:54 | 000,000,876 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O1 - Hosts: 127.0.0.1 gs.apple.com
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [HPUsageTracking] "\HP UT\bin\hppusg.exe" "\HP UT" File not found
O4:64bit: - HKLM..\Run: [lxddamon] C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe ()
O4:64bit: - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files (x86)\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxddamon] C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [P2kAutostart] File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [PowerSuite] C:\Program Files (x86)\Uniblue\PowerSuite\Launcher.exe (Uniblue Systems Limited)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Alex Huang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex Huang\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: 将链接目标转换为 Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: 将链接目标追加到现有的 PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: 转换为 Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: 追加到现有的 PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex Huang\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: 将链接目标转换为 Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 将链接目标追加到现有的 PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 转换为 Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 追加到现有的 PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://games.bigfish...Web.1.0.0.9.cab (CPlayFirstCookingDasControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.c...ch_USAv1005.cab (MGLaunch_v1004 Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94BC0005-4FBA-4B56-961E-6F29181CF2AA}: DhcpNameServer = 192.168.200.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DDF972B-2BFA-4DE2-9F42-6902217FC5B4}: DhcpNameServer = 68.87.64.150 68.87.75.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0CBB058-CB57-4AFF-AEAF-51250DCD9F7F}: DhcpNameServer = 192.168.200.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCB2A001-C3AC-4943-86F7-3F71F8EEB9E4}: DhcpNameServer = 192.168.200.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exeC:\Users\Alex Huang\AppData\Roaming\appconf32.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\INSTALL.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/29 23:19:35 | 000,000,000 | ---D | C] -- C:\found.000
[2012/01/29 21:19:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/28 22:27:17 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\INCA Shared
[2012/01/28 21:48:09 | 000,000,000 | ---D | C] -- C:\ijji
[2012/01/28 21:48:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ijji
[2012/01/28 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Alex Huang\AppData\Roaming\ijjigame
[2012/01/28 18:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REACTOR
[2012/01/24 23:17:49 | 000,000,000 | -H-D | C] -- C:\Users\Alex Huang\Tracing
[2012/01/24 22:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2012/01/24 22:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2012/01/24 22:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
[2012/01/21 21:11:37 | 000,000,000 | -H-D | C] -- C:\Users\Alex Huang\AppData\Local\Chromium
[2012/01/21 17:05:39 | 000,000,000 | -H-D | C] -- C:\Users\Alex Huang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
[2012/01/21 17:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
[2012/01/21 17:05:37 | 000,000,000 | ---D | C] -- C:\Users\Alex Huang\Documents\Heroes of Newerth
[2012/01/21 17:02:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heroes of Newerth
[2010/08/28 15:18:33 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddinpa.dll
[2010/08/28 15:18:32 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpmui.dll
[2010/08/28 15:18:32 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddiesc.dll
[2010/08/28 15:18:31 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddusb1.dll
[2010/08/28 15:18:30 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddserv.dll
[2010/08/28 15:18:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddlmpm.dll
[2010/08/28 15:18:30 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddih.exe
[2010/08/28 15:18:30 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddppls.exe
[2010/08/28 15:18:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddprox.dll
[2010/08/28 15:18:30 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpplc.dll
[2010/08/28 15:18:29 | 000,700,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddhbn3.dll
[2010/08/28 15:18:29 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcoms.exe
[2010/08/28 15:18:29 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomm.dll
[2010/08/28 15:18:28 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomc.dll
[2010/08/28 15:18:28 | 000,394,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcfg.exe
[2 C:\Users\Alex Huang\AppData\Roaming\*.tmp files -> C:\Users\Alex Huang\AppData\Roaming\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,668,672 | ---- | M] (FragSoft) -- C:\Windows\SysNative\ISDone.dll
[2012/02/02 16:05:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/02 15:50:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/02 15:50:49 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP WEP.job
[2012/02/02 15:50:48 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/02 15:50:39 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1147797363-89902876-126264869-1003UA.job
[2012/02/01 22:49:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1147797363-89902876-126264869-1003Core.job
[2012/02/01 18:41:10 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 18:41:10 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 16:37:36 | 000,000,402 | ---- | M] () -- C:\Users\Alex Huang\Desktop\repair.bat
[2012/01/30 01:20:23 | 2213,896,192 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/29 23:21:10 | 000,003,368 | ---- | M] () -- C:\bootsqm.dat
[2012/01/29 21:04:48 | 000,000,448 | -H-- | M] () -- C:\ProgramData\ugCpkmLnoQwbWz
[2012/01/29 21:03:43 | 000,000,280 | -H-- | M] () -- C:\ProgramData\~ugCpkmLnoQwbWz
[2012/01/29 21:03:43 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~ugCpkmLnoQwbWzr
[2012/01/24 22:24:34 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2012/01/24 20:18:22 | 000,001,356 | ---- | M] () -- C:\Users\Alex Huang\Desktop\Free YouTube to MP3 Converter.lnk
[2012/01/22 20:10:45 | 000,001,951 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012/01/22 20:10:45 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012/01/21 17:05:42 | 000,001,907 | ---- | M] () -- C:\Users\Alex Huang\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
[2012/01/21 17:05:42 | 000,001,883 | ---- | M] () -- C:\Users\Alex Huang\Desktop\Heroes of Newerth.lnk
[2012/01/20 00:56:44 | 000,058,291 | -H-- | M] () -- C:\Users\Alex Huang\Desktop\Walmart-Gift-Card.jpg
[2012/01/12 03:07:17 | 000,780,450 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/12 03:07:17 | 000,665,322 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/12 03:07:17 | 000,123,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/12 03:07:09 | 000,780,450 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/10 00:38:49 | 000,002,050 | ---- | M] () -- C:\Users\Alex Huang\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2 C:\Users\Alex Huang\AppData\Roaming\*.tmp files -> C:\Users\Alex Huang\AppData\Roaming\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/01 16:37:35 | 000,000,402 | ---- | C] () -- C:\Users\Alex Huang\Desktop\repair.bat
[2012/01/30 07:20:30 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\HP WEP.job
[2012/01/29 23:21:10 | 000,003,368 | ---- | C] () -- C:\bootsqm.dat
[2012/01/29 21:03:43 | 000,000,280 | -H-- | C] () -- C:\ProgramData\~ugCpkmLnoQwbWz
[2012/01/29 21:03:43 | 000,000,192 | -H-- | C] () -- C:\ProgramData\~ugCpkmLnoQwbWzr
[2012/01/29 21:03:39 | 000,000,448 | -H-- | C] () -- C:\ProgramData\ugCpkmLnoQwbWz
[2012/01/24 22:24:34 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2012/01/22 20:10:45 | 000,001,951 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012/01/22 20:10:45 | 000,001,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2012/01/22 20:10:45 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012/01/21 17:05:42 | 000,001,907 | ---- | C] () -- C:\Users\Alex Huang\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
[2012/01/21 17:05:42 | 000,001,883 | ---- | C] () -- C:\Users\Alex Huang\Desktop\Heroes of Newerth.lnk
[2012/01/20 00:56:35 | 000,058,291 | -H-- | C] () -- C:\Users\Alex Huang\Desktop\Walmart-Gift-Card.jpg
[2011/09/24 10:47:50 | 000,180,224 | -HS- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/07/25 13:55:16 | 000,181,632 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/06/14 23:48:59 | 000,001,456 | -H-- | C] () -- C:\Users\Alex Huang\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/14 23:23:39 | 000,819,200 | -HS- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/23 16:31:04 | 000,780,450 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/07 07:35:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/07 16:59:15 | 000,000,000 | ---- | C] () -- C:\Windows\Game (2).INI
[2011/01/07 16:56:58 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2010/09/26 21:03:35 | 000,000,178 | -H-- | C] () -- C:\Users\Alex Huang\AppData\Roaming\wklnhst.dat
[2010/08/28 20:15:21 | 000,003,584 | ---- | C] () -- C:\Users\Alex Huang\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/28 18:25:48 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/28 15:18:33 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxddcomx.dll
[2010/08/28 15:18:33 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\LXDDinst.dll
[2009/12/18 20:13:39 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/12/18 20:13:39 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD5240.DAT
[2009/12/18 20:09:01 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2009/12/18 20:09:01 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2009/12/18 20:09:00 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2009/12/18 20:08:57 | 000,014,496 | ---- | C] () -- C:\Windows\HL-5240.INI
[2009/12/18 20:07:18 | 000,000,091 | ---- | C] () -- C:\Windows\Brownie.ini
[2009/11/20 11:48:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/16 01:47:28 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe
[2009/03/16 01:47:24 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll

========== LOP Check ==========

[2011/02/16 23:32:15 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\.minecraft
[2012/01/29 23:54:06 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\5005
[2012/01/30 00:39:20 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\Audacity
[2012/01/30 00:39:21 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\Catalina Marketing Corp
[2010/09/25 15:29:02 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\[bleep]
[2011/06/14 22:47:41 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/30 00:39:21 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\DAEMON Tools Pro
[2012/01/24 20:18:33 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\DVDVideoSoft
[2011/07/22 17:55:45 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/29 23:54:07 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\Electronic Arts
[2011/03/06 15:20:30 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\GameTuts
[2010/12/30 01:03:03 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\GetRightToGo
[2012/01/30 00:39:21 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\gtk-2.0
[2012/01/30 00:12:47 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\ijjigame
[2011/06/14 23:24:11 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\Leawo
[2011/06/14 23:24:12 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\Leawo Video2PC
[2010/09/26 22:13:07 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\Lexmark Productivity Studio
[2012/01/30 07:10:36 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\LimeWire
[2011/07/24 14:27:22 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\LolClient
[2011/12/21 21:46:40 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\Marvell
[2011/06/14 23:24:12 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\Moyea
[2011/10/27 12:52:55 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\PC Suite
[2010/11/30 20:33:24 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\Red Kawa
[2010/11/30 19:58:28 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\Regensoft
[2011/10/27 12:53:00 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\Samsung
[2012/01/30 00:39:53 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\SystemRequirementsLab
[2010/09/26 21:03:35 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\Template
[2011/09/24 23:02:54 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\Uniblue
[2012/01/30 00:39:54 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\uTorrent
[2010/11/30 20:31:14 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\Video Wallpaper
[2011/05/19 14:11:36 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\xmldm
[2011/05/11 02:21:19 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:DE6EED8B
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:3790BACD

< End of report >

Edited by Insau Tybo, 02 February 2012 - 03:22 PM.

  • 0

#4
Insau Tybo
Posted 02 February 2012 - 03:06 PM

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
OTL Extras logfile created on: 2/2/2012 4:11:53 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex Huang\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 65.38% Memory free
6.87 Gb Paging File | 4.86 Gb Available in Paging File | 70.67% Paging File free
Paging file location(s): C:\pagefile.sys 4222 4222 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 79.14 Gb Free Space | 27.93% Space Free | Partition Type: NTFS

Computer Name: MINJUN-PC | User Name: Alex Huang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{2BF53A9A-EC11-4429-B29D-19A9276092EF}" = HP LaserJet Toolbox
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{54360A73-B080-4A69-BFD4-53C190DD3AB0}" = HP Color LaserJet CP1210 Series
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A945B7E-4F69-4DDA-B14B-E4DE8446A010}" = MrvlUsgTracking64
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{F323676A-B911-4B57-827F-32D02DCD4971}" = HP Color LaserJet CP1210 Series Toolbox
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6E2FA73-B2A7-8223-98EC-685E2E8F6CE0}" = ccc-utility64
"HP Color LaserJet CP1210 Series" = HP Color LaserJet CP1210 Series
"Lexmark 2500 Series" = Lexmark 2500 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR 4.00 beta 4 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A169B94-4AF2-AD4B-1265-E1074A347418}" = Catalyst Control Center Core Implementation
"{0A3A9522-EFA2-4C56-9138-101692C2A130}" = System Requirements Lab
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0F15BB9F-7E5E-A355-FA8E-C2164726E577}" = CCC Help Portuguese
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{277832E3-0A34-C91C-D344-2FED4C847397}" = CCC Help German
"{279355E6-EE94-A7A5-F6B5-2903748443AE}" = Catalyst Control Center Graphics Full New
"{290AC453-D1F4-F73B-F01C-0018BC10B62B}" = ccc-core-static
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{39A3C9DD-457C-5BF1-4B2D-A76927264B26}" = CCC Help Dutch
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AC4AE26-732F-40DE-CC6C-A4BFC2142BF8}" = CCC Help English
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{665B3CA4-DAB1-D27E-6727-0BEF6593E882}" = CCC Help Greek
"{674AD787-B463-ED3E-CCA8-4F49A9C1785D}" = Catalyst Control Center Localization All
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{7009600B-85C8-5D83-1101-6446540F1897}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7305AE01-CD11-18B5-DC5F-B1A2960935C3}" = CCC Help Polish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83BBF5E6-004F-1DBA-EC29-1033B675831B}" = CCC Help Thai
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8508FB72-89A3-41FD-DE33-9EEBFB298947}" = CCC Help Italian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOK_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOK_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOK_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.OUTLOOK_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.OUTLOOK_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97835E04-BA21-6878-768F-1B84EA2ADAC1}" = CCC Help Norwegian
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C09E3A4-850A-40B2-B94F-EBFB5349C238}" = hppusgCP1215
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A192CA8A-5259-ECD5-1564-AB715B722432}" = CCC Help Japanese
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A7CA6CC5-465B-41F8-96B5-F66BDF4482C7}" = VZAccess Manager
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-2052-0000-7760-000000000004}" = Adobe Acrobat 9 Pro - ChineseS
"{AC76BA86-2052-0000-7760-000000000004}{AC76BA86-2052-0000-7760-000000000004}" = Adobe Acrobat 9 Pro - ChineseS
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B31327DF-2B59-F072-8B44-79CDE915D75E}" = CCC Help Danish
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B41423C9-C260-F8C8-39DD-541400ECF367}" = CCC Help French
"{B95T9A00-40176-4AC6-N973-5A8AB71A09DJ}_is1" = GTA IV + EFLC version 1.5
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BA6D1B6E-5348-49D5-A8AC-F7AF268C0AEB}" = Brother HL-5240
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C6CBE669-DDCA-DB7F-236D-18B20BEFF1B5}" = CCC Help Chinese Traditional
"{CA7D81F8-5661-3D97-F6B0-5E0993511A5D}" = CCC Help Finnish
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D069C7EF-001B-5378-9F71-F005DE42E255}" = Catalyst Control Center Graphics Light
"{D2A7D7D8-1E27-8464-6666-44B6FB83B3FC}" = CCC Help Czech
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D86DE1ED-9BF1-6101-6D08-2D762B28D8C8}" = CCC Help Korean
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E1A8F958-D748-63DD-F2D2-82BE71B0F905}" = CCC Help Hungarian
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E37E645E-4A0C-4D9E-B30A-7B19E797E743}" = BlackBerry USB Drivers
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E40A74A2-D821-2442-CCA3-75C54964D525}" = Catalyst Control Center Graphics Full Existing
"{E43ACD6B-0E7E-4F4C-0BA8-999FCB5FC5B9}" = CCC Help Chinese Standard
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E9684BDD-32A6-550C-6456-0A4209EB4F3A}" = CCC Help Russian
"{F05F2DB5-4300-C318-4560-08CD9E35F512}" = CCC Help Spanish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D038D6-6229-AA2E-A8D1-43EED2CBF0BD}" = CCC Help Swedish
"{F322850C-6CCB-FC54-D36D-0F4E1CC90CBF}" = Skins
"{F3A52623-4890-415D-A43A-F71A3A39C273}" = HPCarePackProducts
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F527F14E-B80A-5BE7-DC85-8BF2D172067F}" = CCC Help Turkish
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF4F3E30-6638-6A16-2A68-139F6C613233}" = Catalyst Control Center Graphics Previews Vista
"{FFB07785-9FC3-334F-A54F-AC8D5B471EAE}" = Catalyst Control Center InstallProxy
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AviSynth" = AviSynth 2.5
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Cooking Dash 2- DinerTown Studios ." = Cooking Dash 2- DinerTown Studios .
"Cooking Dash 3 Thrills and Spills Collectors Edition 1.00" = Cooking Dash 3 Thrills and Spills Collectors Edition 1.00
"Diaper Dash1.0" = Diaper Dash
"Diner Town Detective Agency ." = Diner Town Detective Agency .
"DivX Setup.divx.com" = DivX Setup
"EA Download Manager" = EA Download Manager
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hon" = Heroes of Newerth
"IconPackager" = IconPackager
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lexmark 2500 Series" = Lexmark 2500 Series
"LimeWire" = LimeWire 5.4.6
"LOLReplay" = LOLReplay
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NoteTab Light 6_is1" = NoteTab Light 6 (Remove only)
"Office14.OUTLOOK" = Microsoft Outlook 2010
"Piggly (Christmas Edition) demo_is1" = Piggly (Christmas Edition) demo v1.12
"PowerISO" = PowerISO
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"Videora iPod Converter" = Videora iPod Converter 6
"VLC media player" = VLC media player 1.1.0
"Wedding Dash - Ready Aim Love1.0.94" = Wedding Dash - Ready Aim Love
"WildTangent dell Master Uninstall" = WildTangent Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 4 (32-bit)
"WinZip" = WinZip
"YouTube Downloader App" = YouTube Downloader App 3.00

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.0.0
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/1/2012 6:29:29 PM | Computer Name = Minjun-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=17,
authorId=31913, vendorId=0, vendorType=0

Error - 2/1/2012 6:29:29 PM | Computer Name = Minjun-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=21,
authorId=31913, vendorId=0, vendorType=0

Error - 2/1/2012 6:29:29 PM | Computer Name = Minjun-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=25,
authorId=31913, vendorId=0, vendorType=0

Error - 2/1/2012 6:29:29 PM | Computer Name = Minjun-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=43,
authorId=31913, vendorId=0, vendorType=0

Error - 2/1/2012 6:29:29 PM | Computer Name = Minjun-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=13,
authorId=31913, vendorId=0, vendorType=0

Error - 2/1/2012 6:29:29 PM | Computer Name = Minjun-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=17,
authorId=31913, vendorId=0, vendorType=0

Error - 2/1/2012 6:29:29 PM | Computer Name = Minjun-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=21,
authorId=31913, vendorId=0, vendorType=0

Error - 2/1/2012 6:29:29 PM | Computer Name = Minjun-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=25,
authorId=31913, vendorId=0, vendorType=0

Error - 2/1/2012 6:29:29 PM | Computer Name = Minjun-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=43,
authorId=31913, vendorId=0, vendorType=0

Error - 2/2/2012 5:12:04 PM | Computer Name = Minjun-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: bb8 Start Time:
01cce1ef29c5ce04 Termination Time: 6 Application Path: C:\Users\Alex Huang\Downloads\OTL.exe

Report
Id: 78def698-4de2-11e1-ba39-002564d735c9

[ Dell Events ]
Error - 7/22/2011 6:55:50 PM | Computer Name = Minjun-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/22/2011 7:56:15 PM | Computer Name = Minjun-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/22/2011 7:56:15 PM | Computer Name = Minjun-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/29/2011 8:00:13 PM | Computer Name = Minjun-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/29/2011 8:00:13 PM | Computer Name = Minjun-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/29/2011 8:59:47 PM | Computer Name = Minjun-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/29/2011 8:59:47 PM | Computer Name = Minjun-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/5/2011 9:20:13 PM | Computer Name = Minjun-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/5/2011 9:20:13 PM | Computer Name = Minjun-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/22/2011 7:54:17 PM | Computer Name = Minjun-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 9/6/2011 5:05:14 PM | Computer Name = Minjun-PC | Source = MCUpdate | ID = 0
Description = 5:05:14 PM - Error connecting to the internet. 5:05:14 PM - Unable
to contact server..

Error - 9/6/2011 5:06:03 PM | Computer Name = Minjun-PC | Source = MCUpdate | ID = 0
Description = 5:06:01 PM - Error connecting to the internet. 5:06:01 PM - Unable
to contact server..

Error - 9/16/2011 4:10:28 AM | Computer Name = Minjun-PC | Source = MCUpdate | ID = 0
Description = 4:10:24 AM - Error connecting to the internet. 4:10:24 AM - Unable
to contact server..

Error - 9/16/2011 5:10:36 AM | Computer Name = Minjun-PC | Source = MCUpdate | ID = 0
Description = 5:10:35 AM - Error connecting to the internet. 5:10:35 AM - Unable
to contact server..

Error - 9/16/2011 6:10:44 AM | Computer Name = Minjun-PC | Source = MCUpdate | ID = 0
Description = 6:10:43 AM - Error connecting to the internet. 6:10:43 AM - Unable
to contact server..

Error - 9/16/2011 7:10:53 AM | Computer Name = Minjun-PC | Source = MCUpdate | ID = 0
Description = 7:10:51 AM - Error connecting to the internet. 7:10:51 AM - Unable
to contact server..

Error - 11/4/2011 4:09:26 PM | Computer Name = Minjun-PC | Source = MCUpdate | ID = 0
Description = 4:09:26 PM - Error connecting to the internet. 4:09:26 PM - Unable
to contact server..

Error - 11/4/2011 4:10:01 PM | Computer Name = Minjun-PC | Source = MCUpdate | ID = 0
Description = 4:09:55 PM - Error connecting to the internet. 4:09:55 PM - Unable
to contact server..

Error - 1/22/2012 4:56:09 PM | Computer Name = Minjun-PC | Source = MCUpdate | ID = 0
Description = 3:56:08 PM - Error connecting to the internet. 3:56:08 PM - Unable
to contact server..

Error - 1/22/2012 4:57:21 PM | Computer Name = Minjun-PC | Source = MCUpdate | ID = 0
Description = 3:56:38 PM - Error connecting to the internet. 3:56:38 PM - Unable
to contact server..

[ System Events ]
Error - 1/30/2012 8:10:03 AM | Computer Name = Minjun-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 1/30/2012 8:13:38 AM | Computer Name = Minjun-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%858

Error - 1/31/2012 1:41:21 PM | Computer Name = Minjun-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 1/31/2012 1:41:29 PM | Computer Name = Minjun-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.119.930.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 1/31/2012 1:41:29 PM | Computer Name = Minjun-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.119.930.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 1/31/2012 1:56:25 PM | Computer Name = Minjun-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%858

Error - 1/31/2012 7:58:40 PM | Computer Name = Minjun-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 2/1/2012 5:36:00 PM | Computer Name = Minjun-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%858

Error - 2/1/2012 5:38:17 PM | Computer Name = Minjun-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 2/1/2012 5:38:17 PM | Computer Name = Minjun-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.


< End of report >

Edited by Insau Tybo, 02 February 2012 - 03:22 PM.

  • 0

#5
Insau Tybo
Posted 02 February 2012 - 03:23 PM

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Can someone verify whether or not I have a virus? because I don't think system restore would have gotten rid of Alureon...
  • 0

#6
CompCav
Posted 02 February 2012 - 03:37 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, Insau Tybo! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

I am currently reviewing your log and will return with the first step to clean your computer later today.

CompCav
  • 0

#7
Insau Tybo
Posted 02 February 2012 - 04:09 PM

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
ok thank you so much :)
  • 0

#8
CompCav
Posted 02 February 2012 - 04:20 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
P2P Warning!:

IMPORTANT I have noticed that there are signs of Limewire and uTorrent P2P (Person to Person) File Sharing Programs on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Limewire and uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep them, please do not use either of them until your computer is cleaned.


Registry Cleaner warning:

Also I see you have the Uniblue products loaded on your machine. Registry cleaners at best do nothing and at worst can make your machine unbootable, we recommend that you also uninstall these products.

If you wish to keep them, please do not use either of them until your computer is cleaned.



Step 1.

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix

    Posted Image
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.



Step 2.

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..network.proxy.http: "216.48.80.12"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0
[2012/01/29 23:54:06 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\ALEX HUANG\APPDATA\ROAMING\5005
() (No name found) -- C:\USERS\ALEX HUANG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NU88BG46.DEFAULT\EXTENSIONS\[email protected]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [P2kAutostart] File not found
O4 - HKCU..\Run: [PowerSuite] C:\Program Files (x86)\Uniblue\PowerSuite\Launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Users\Alex Huang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O20 - HKLM Winlogon: UserInit - (userinit.exeC:\Users\Alex Huang\AppData\Roaming\appconf32.exe) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
[2012/01/29 21:04:48 | 000,000,448 | -H-- | M] () -- C:\ProgramData\ugCpkmLnoQwbWz
[2012/01/29 21:03:43 | 000,000,280 | -H-- | M] () -- C:\ProgramData\~ugCpkmLnoQwbWz
[2012/01/29 21:03:43 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~ugCpkmLnoQwbWzr
[2012/01/30 07:10:36 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\LimeWire
[2011/09/24 23:02:54 | 000,000,000 | -H-D | M] -- C:\Users\Alex Huang\AppData\Roaming\Uniblue
[2012/01/30 00:39:54 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\uTorrent



:files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C


:Commands
[purity]
[resethosts]
[emptyflash]
[emptyjava]
[createrestorepoint]
[Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.



Step 3.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 4.

Re-run OTL on your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window. OTL.Txt
  • Post OTL.txt


Step 5.

Please Post:

all RkReport.txt files
OTL fix log
aswMBR log
OTL.txt


How is your computer doing?

Edited by CompCav, 05 February 2012 - 09:56 PM.

  • 0

#9
Insau Tybo
Posted 02 February 2012 - 04:32 PM

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I will take your advice and delete uTorrent but I do not have limewire anymore. Also I will delete Uniblue.

My computer is doing fine atm besides the fact that I can't turn on the firewall (which makes me believe alureon is still in my pc) and I can't play an online because of some firewall problem I believe.

I will run the scans and follow up shortly.
  • 0

#10
Insau Tybo
Posted 02 February 2012 - 04:34 PM

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
RogueKiller V7.0.2 [01/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Alex Huang [Admin rights]
Mode: Scan -- Date : 02/02/2012 17:29:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
74.208.10.249 gs.apple.com
127.0.0.1 gs.apple.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-75L9A0 ATA Device +++++
--- User ---
[MBR] 1819d8e6143c56683717be359b0015ef
[BSP] 2f8722f9a86f009208ae8241a82a3fe9 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

Advertisements

#11
Insau Tybo
Posted 02 February 2012 - 04:35 PM

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
RogueKiller V7.0.2 [01/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Alex Huang [Admin rights]
Mode: Remove -- Date : 02/02/2012 17:33:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
74.208.10.249 gs.apple.com
127.0.0.1 gs.apple.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-75L9A0 ATA Device +++++
--- User ---
[MBR] 1819d8e6143c56683717be359b0015ef
[BSP] 2f8722f9a86f009208ae8241a82a3fe9 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#12
Insau Tybo
Posted 02 February 2012 - 04:36 PM

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
also is there suppose to be 3 reports or 2 because I can only find 2 on my desktop
  • 0

#13
CompCav
Posted 02 February 2012 - 04:38 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Need to click the ShortcutsFix button.
  • 0

#14
Insau Tybo
Posted 02 February 2012 - 04:39 PM

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
oh I just realized it says shorcuts repairing... still

it seems to be stuck on this stage

Edited by Insau Tybo, 02 February 2012 - 04:49 PM.

  • 0

#15
Insau Tybo
Posted 02 February 2012 - 04:57 PM

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
should I close RogueKiller and rerun shortcuts fix?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP