Inactive Another redirection virus case

superpig10000 · 2011/01/03

[Inactive] Another redirection virus case

Any help would be greatly appreciated. Thank you!

I have run TDSSKiller, Microsoft Security Essentials, Hitman Pro, etc... A number of trojans/malwares have been removed but not all of them apparently. Also, some of them seem to pop up again after a while.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5447

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

1/3/2011 11:19:13 PM
mbam-log-2011-01-03 (23-19-13).txt

Scan type: Quick scan
Objects scanned: 153726
Time elapsed: 13 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Baidu (Adware.Bdsearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Value: {B580CF65-E151-49C3-B73F-70B13FCA8E86} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Value: {B580CF65-E151-49C3-B73F-70B13FCA8E86} -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Metropolis (Trojan.FakeAlert) -> Value: Metropolis -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmi32 (Trojan.Downloader) -> Value: wmi32 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update System (Trojan.Agent) -> Value: Windows Update System -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update System (Trojan.Agent) -> Value: Windows Update System -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\Windows Update System (Trojan.Backdoor) -> Value: Windows Update System -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\system32\drivers\ejnnfk.sys (Trojan.Bubnix.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\anh nguyen\AppData\Roaming\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

GMER

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-04 00:14:13
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FC1O
Running: em1b3gje.exe; Driver: C:\Users\ANHNGU~1\AppData\Local\Temp\pwroapob.sys

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\ejnnfk.sys A device attached to the system is not functioning. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[3376] Explorer.EXE 0021290F 2 Bytes [C0, 14]
.text C:\Windows\Explorer.EXE[3376] Explorer.EXE 00212930 14 Bytes [8B, FF, 55, 8B, EC, 56, 57, ...]
.text C:\Windows\Explorer.EXE[3376] kernel32.dll!CreateProcessInternalW 76DFE42D 5 Bytes JMP 001F7247

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [6FA4FBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [6FA1B9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [6FA0A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [6FA0CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [6FA08AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [6FA1CF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [6FA07D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [6FA07CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [6FA06A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [6FA9C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [6FA27F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [6FA090CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [6FA12179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [6FA121A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [6FA17F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [6FA17D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3376] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [6FA483D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8BC29478

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] ejnnfk <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BthPort\Parameters\Keys\00225f21f3d3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\00225f21f3d3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\ejnnfk@wxroe -792123947
Reg HKLM\SYSTEM\ControlSet002\Services\ejnnfk@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\ejnnfk@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\ejnnfk@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\ejnnfk@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00225f21f3d3
Reg HKLM\SYSTEM\CurrentControlSet\Services\ejnnfk@wxroe -792123947
Reg HKLM\SYSTEM\CurrentControlSet\Services\ejnnfk@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ejnnfk@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ejnnfk@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ejnnfk@Group Boot Bus Extender

---- EOF - GMER 1.0.15 ----

MBR Check

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Latitude E6400
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 155):
0x87000000 \SystemRoot\system32\ntkrnlpa.exe
0x873A2000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804AE000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8046B000 \SystemRoot\system32\drivers\acpi.sys
0x80203000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80463000 \SystemRoot\system32\drivers\msisadrv.sys
0x8043E000 \SystemRoot\system32\drivers\pci.sys
0x8042F000 \SystemRoot\system32\drivers\volmgr.sys
0x80742000 \SystemRoot\System32\Drivers\ejnnfk.sys
0x80200000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80425000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
0x80718000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x806CE000 \SystemRoot\System32\drivers\volmgrx.sys
0x86F30000 \SystemRoot\system32\drivers\iastor.sys
0x8069D000 \SystemRoot\system32\drivers\fltmgr.sys
0x80405000 \SystemRoot\system32\drivers\fileinfo.sys
0x80694000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x86E2C000 \SystemRoot\system32\drivers\ndis.sys
0x80669000 \SystemRoot\system32\drivers\msrpc.sys
0x80630000 \SystemRoot\system32\drivers\NETIO.SYS
0x904F8000 \SystemRoot\System32\Drivers\Ntfs.sys
0x9048E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x90458000 \SystemRoot\system32\drivers\volsnap.sys
0x80628000 \SystemRoot\System32\Drivers\spldr.sys
0x8061D000 \SystemRoot\system32\DRIVERS\PBADRV.sys
0x8060E000 \SystemRoot\System32\drivers\partmgr.sys
0x86E1D000 \SystemRoot\System32\Drivers\mup.sys
0x90433000 \SystemRoot\System32\drivers\ecache.sys
0x86E0C000 \SystemRoot\system32\drivers\disk.sys
0x90412000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80605000 \SystemRoot\system32\drivers\crcdisk.sys
0x9420F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x946D8000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x9529E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x91234000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x95D61000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x94232000 \SystemRoot\System32\drivers\watchdog.sys
0x94656000 \SystemRoot\system32\DRIVERS\e1y6032.sys
0x94880000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x94619000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9460B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9476E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x95E77000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x91360000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x94760000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x94868000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x90E74000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x94855000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x94828000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x9488B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x94896000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x95286000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9431C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x94788000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90E83000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x94800000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9525B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9521B000 \SystemRoot\system32\DRIVERS\storport.sys
0x948A1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91390000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x95204000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x948AC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x95C4E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x95C71000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x95C3B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x948B7000 \SystemRoot\system32\DRIVERS\tapvpn.sys
0x96579000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x95C80000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9121C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x95C04000 \SystemRoot\system32\DRIVERS\ks.sys
0x94601000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x95C2E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x95E6B000 \SystemRoot\System32\drivers\vga.sys
0x95E4A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x95C8F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x993AC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x99348000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x9931B000 \SystemRoot\system32\DRIVERS\portcls.sys
0x992F6000 \SystemRoot\system32\DRIVERS\drmk.sys
0x913B0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x992CF000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x946AB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x942A1000 \SystemRoot\System32\Drivers\Null.SYS
0x942A8000 \SystemRoot\System32\Drivers\Beep.SYS
0x942AF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x943E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91202000 \SystemRoot\system32\drivers\rdpencdd.sys
0x948C2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9481A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x946BD000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9952A000 \SystemRoot\System32\drivers\tcpip.sys
0x96440000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x9927A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x99266000 \SystemRoot\system32\DRIVERS\smb.sys
0x9921F000 \SystemRoot\system32\drivers\afd.sys
0x994F8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x99209000 \SystemRoot\system32\DRIVERS\pacer.sys
0x994B0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9949D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9948F000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x99414000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x94221000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9970D000 \SystemRoot\system32\drivers\csc.sys
0x996F6000 \SystemRoot\System32\Drivers\dfsc.sys
0x9969F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91232000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x948CD000 \SystemRoot\System32\Drivers\cvusbdrv.sys
0x9480E000 \SystemRoot\system32\DRIVERS\usbccid.sys
0x948D8000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x9965B000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
0x99637000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
0x964B6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x94930000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9960F000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA8800000 \SystemRoot\System32\win32k.sys
0x99760000 \SystemRoot\System32\drivers\Dxapi.sys
0xA8C00000 \SystemRoot\System32\TSDDD.dll
0xA8C10000 \SystemRoot\System32\cdd.dll
0xA5EB5000 \SystemRoot\system32\drivers\luafv.sys
0xA5E7E000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
0xAA5E6000 \SystemRoot\system32\drivers\WudfPf.sys
0x81AB2000 \SystemRoot\system32\drivers\spsys.sys
0xA5E10000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81009000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x997A6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81101000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x82097000 \SystemRoot\system32\drivers\HTTP.sys
0x8203C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x82023000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8200F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x828E0000 \SystemRoot\system32\drivers\mrxdav.sys
0x828C2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x82889000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x82877000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x82853000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8316F000 \SystemRoot\System32\DRIVERS\srv.sys
0x84E22000 \SystemRoot\system32\drivers\peauth.sys
0x997F6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x948F9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x82809000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8301C000 \??\C:\Users\ANHNGU~1\AppData\Local\Temp\pwroapob.sys
0x94690000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x81A20000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x946A2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8108C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x997D8000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x77D00000 \Windows\System32\ntdll.dll

Processes (total 97):
0 System Idle Process
4 System
628 C:\Windows\System32\smss.exe
692 csrss.exe
728 csrss.exe
736 C:\Windows\System32\wininit.exe
784 C:\Windows\System32\services.exe
812 C:\Windows\System32\lsass.exe
820 C:\Windows\System32\lsm.exe
980 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\nvvsvc.exe
1048 C:\Windows\System32\svchost.exe
1080 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1176 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe
1344 C:\Windows\System32\winlogon.exe
1500 C:\Windows\System32\audiodg.exe
1548 C:\Windows\System32\SLsvc.exe
1608 C:\Windows\System32\svchost.exe
1752 C:\Windows\System32\nvvsvc.exe
1788 C:\Windows\System32\svchost.exe
1968 C:\Windows\System32\wlanext.exe
368 C:\Windows\System32\spoolsv.exe
428 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
472 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
672 C:\Windows\System32\svchost.exe
2468 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe
2484 C:\xampp\apache\bin\httpd.exe
2504 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2520 C:\Program Files\Intel\ASF Agent\ASFAgent.exe
2540 C:\Program Files\Bonjour\mDNSResponder.exe
2568 C:\Windows\System32\svchost.exe
2588 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2624 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2644 C:\xampp\FileZillaFTP\FileZilla Server.exe
2772 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
2856 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
2888 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2912 C:\xampp\mysql\bin\mysqld.exe
2952 C:\Windows\System32\svchost.exe
2964 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2980 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3052 C:\Windows\System32\svchost.exe
3092 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
3236 C:\Windows\System32\dwm.exe
3292 C:\Program Files\Viewpoint\Common\ViewpointService.exe
3312 C:\Windows\System32\svchost.exe
3368 C:\Windows\System32\SearchIndexer.exe
3376 C:\Windows\explorer.exe
3432 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3476 C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
3612 WmiPrvSE.exe
3744 C:\Program Files\DellTPad\Apoint.exe
3800 C:\Program Files\IDT\WDM\sttray.exe
3808 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3828 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
3836 C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
3844 C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
3864 C:\Windows\System32\rundll32.exe
3892 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3904 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3928 C:\Program Files\iTunes\iTunesHelper.exe
3936 C:\Program Files\Microsoft Security Client\msseces.exe
3944 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
3960 C:\Users\Anh Nguyen\AppData\Local\Google\Update\GoogleUpdate.exe
4000 C:\Program Files\UniKey\UniKey.exe
4008 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
2192 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
724 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
2132 C:\xampp\apache\bin\httpd.exe
3284 C:\Windows\System32\wbem\unsecapp.exe
4548 C:\Windows\System32\taskeng.exe
4848 C:\Program Files\DellTPad\ApMsgFwd.exe
5020 C:\Program Files\DellTPad\hidfind.exe
5028 C:\Program Files\DellTPad\ApntEx.exe
5692 C:\Program Files\iPod\bin\iPodService.exe
2312 C:\Users\Anh Nguyen\Calibre Library\Downloads\em1b3gje.exe
4876 C:\Windows\System32\wuauclt.exe
5388 C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
5316 C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
3176 C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
4644 C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
3568 C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
3916 C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
2396 C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
3400 C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
5064 C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
2336 C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
5596 C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
3500 C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
1444 C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
2992 C:\Windows\System32\SearchProtocolHost.exe
3664 C:\Windows\System32\SearchFilterHost.exe
3200 C:\Users\Anh Nguyen\Calibre Library\Downloads\MBRCheck.exe
5928 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`86600000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`06600000 (NTFS)

PhysicalDrive0 Model Number: <error opening>

Size Device Name MBR Status
--------------------------------------------
ERROR Opening: \\.\PhysicalDrive0 (32)

Done!

superpig10000 · 2011/01/03

DDS.txt:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Anh Nguyen at 0:21:08.73 on Tue 01/04/2011
Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.3571.1751 [GMT 9:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\aestsrv.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\xampp\FileZillaFTP\FileZilla server.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\Anh Nguyen\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\UniKey\UniKey.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\xampp\apache\bin\httpd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Anh Nguyen\Calibre Library\Downloads\em1b3gje.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Anh Nguyen\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2653012
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\tbVeo2.dll
mURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\tbVeo2.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\tbVeo2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\tbVeo2.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Google Update] "c:\users\anh nguyen\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [UniKey] c:\program files\unikey\UniKey.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] "c:\program files\wave systems corp\SecureUpgrade.exe "
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [eBook Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [JP595IR86O] c:\windows\temp\Gnp.exe
dRun: [Windows Update System] c:\windows\system32\config\systemprofile\appdata\roaming\svchost.exe
dRun: [btewejvq] c:\windows\temp\wpeecokwh\mxtpcnhlajb.exe
StartupFolder: c:\users\anhngu~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\anhngu~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\roller~1.lnk - c:\users\anh nguyen\appdata\local\temp\{33600947-4941-46a7-a818-ffdd60ac87aa}\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\ATR1.exe
StartupFolder: c:\users\anhngu~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\timeleft.lnk - c:\program files\timeleft3\TimeLeft.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {31BDCCD7-808E-47D6-8BCB-51566A9A2EFC} = 8.8.8.8,8.8.4.4
TCP: {69C32289-F5C8-4FAF-B2A8-DED95673443C} = 10.16.80.1
TCP: {8AAE3EC2-1FC5-4268-B3D9-4F156EFF07CE} = 8.8.8.8,8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\users\anhngu~1\appdata\roaming\mozilla\firefox\profiles\b5hozrro.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\anh nguyen\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\anh nguyen\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\anh nguyen\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\anh nguyen\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: YSlow: yslow@yahoo-inc.com - %profile%\extensions\yslow@yahoo-inc.com
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\anh nguyen\appdata\roaming\Move Networks

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_38163857\AEstSrv.exe [2009-4-28 81920]
R2 alssvc;Ambient Light Sensor;c:\program files\dell\ambient light sensor\AlsSvc.exe [2008-6-4 382232]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-4-17 29416]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-12-30 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-23 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-23 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-2-7 443168]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-3 24652]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-1-23 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-4-28 224384]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-9-25 3666432]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-4-28 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-4-28 277440]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-4-28 29736]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-1-3 16968]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2011-01-03 15:14:26 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{7e298458-abce-4c1c-aa85-ccf876913023}\mpengine.dll
2011-01-03 07:35:22 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-03 07:35:16 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-01-03 07:34:46 134464 ----a-w- c:\windows\system32\LnkProtect.dll
2011-01-03 07:34:21 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{93dd4d74-5f72-49cf-b369-cff0afb2e5c1}\gapaengine.dll
2011-01-03 06:33:49 -------- d-----w- c:\progra~2\Hitman Pro
2011-01-03 03:36:44 -------- d-----w- c:\users\anhngu~1\appdata\local\Sunbelt Software
2011-01-02 15:26:11 -------- d-----w- c:\users\anhngu~1\appdata\roaming\Malwarebytes
2011-01-02 15:26:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-02 15:26:03 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-02 15:26:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-02 15:25:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-02 13:42:07 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-01-02 13:30:47 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-02 12:44:27 480 ----a-w- c:\users\anh nguyen\TakeControlOf.cmd
2011-01-02 12:32:15 -------- d--h--w- c:\windows\PIF
2010-12-31 08:41:27 6273872 ------w- c:\progra~2\microsoft\windows defender\definition updates\{f324357c-1be6-4e2b-bd51-53b62dacba25}\mpengine.dll
2010-12-29 05:52:25 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-12-28 11:08:18 -------- d-----w- c:\program files\ConduitEngine
2010-12-26 17:01:29 892928 ----a-w- c:\windows\system32\iconv.dll
2010-12-26 17:01:29 675840 ----a-w- c:\windows\system32\ac3filter.ax
2010-12-26 17:01:29 496640 ----a-w- c:\windows\system32\xvid.ax
2010-12-26 17:01:28 -------- d-----w- c:\program files\Aimersoft
2010-12-26 15:04:38 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-26 15:04:38 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-20 13:51:15 -------- d-----w- c:\program files\iPod
2010-12-20 13:51:14 -------- d-----w- c:\program files\iTunes
2010-12-20 13:51:14 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-20 13:44:04 -------- d-----w- c:\program files\Bonjour
2010-12-20 09:31:00 40960 ----a-r- c:\users\anhngu~1\appdata\roaming\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-12-20 09:31:00 40960 ----a-r- c:\users\anhngu~1\appdata\roaming\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\ARPPRODUCTICON.exe
2010-12-20 09:30:57 -------- d-----w- c:\program files\Project64 1.6
2010-12-14 13:37:05 -------- d-----w- c:\users\anhngu~1\appdata\roaming\JAM Software
2010-12-14 13:37:04 -------- d-----w- c:\program files\JAM Software
2010-12-11 12:25:49 -------- d-----w- c:\users\anhngu~1\appdata\roaming\Local
2010-12-11 12:20:15 -------- d-----w- c:\progra~2\DivX

==================== Find3M ====================

2010-11-29 08:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 08:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 09:11:38 2396061423 ----a-w- c:\program files\VindictusSetupV109.exe
2010-10-19 01:33:14 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2010-10-11 21:52:44 4172888 ----a-w- c:\windows\system32\GameMon.des
2010-10-07 03:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 03:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 03:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-05-06 22:03:40 454656 ----a-w- c:\program files\putty.exe

============= FINISH: 0:22:14.58 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume3
Install Date: 4/28/2009 7:39:41 AM
System Uptime: 1/3/2011 11:30:40 PM (1 hours ago)

Motherboard: Dell Inc. | | 0RX495
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | Microprocessor | 2401/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 72 GiB total, 15.023 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1.364 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0006
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0006
Service: tunnel

==== System Restore Points ===================

RP661: 1/2/2011 11:52:00 PM - Microsoft Antimalware Checkpoint
RP662: 1/3/2011 11:31:26 AM - Windows Update
RP663: 1/3/2011 4:11:02 PM - Restore Operation
RP664: 1/3/2011 4:34:52 PM - Windows Update

==== Installed Programs ======================

µTorrent
3DMark06
A-PDF Split 2.6
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AIM 7
Aimersoft Audio Converter(Build 1.1.52)
Aimersoft DVD Creator(Build 1.1.52)
Aimersoft DVD Ripper(Build 1.1.52)
Aimersoft DVD Studio Pack(Build 1.1.52)
Aimersoft Video Converter(Build 1.1.52)
All Day Battery Life Configuration
Ambient Light Sensor
Anki
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE
Audacity 1.2.6
AutoUpdate
Bandisoft MPEG-1 Decoder
BioAPI Framework
biolsp patch
Bonjour
Broadcom USH Host Components
calibre
Carambis Driver Updater
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
DCP32MMWrapper
Dell Control Point
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Edoc Viewer
Dell Embassy Trust Suite by Wave Systems
Dell Getting Started Guide
Dell Security Device Driver Pack
Dell Touchpad
Dell Webcam Central
DivX Codec
DivX Player
DivX Version Checker
DivX Web Player
Document Manager Lite
Download Updater (AOL LLC)
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
FIFA 10
Gemalto
Google Chrome
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotspot Shield 1.17
Integrated Webcam Driver (1.03.02.0919)
Intel PROSet Wireless
Intel(R) Network Connections 13.0.42.0
Intel(R) PRO Alerting Agent
Intel(R) PROSet/Wireless WiFi API
Intel(R) PROSet/Wireless WiFi Driver
Intel® Matrix Storage Manager
IrfanView (remove only)
iTunes
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 7
K-Lite Codec Pack 5.0.5 (Full)
LAME v3.98.2 for Audacity
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MLBDugoutHeroes
Move Media Player
Mozilla Firefox (3.5.16)
Mozilla Thunderbird (2.0.0.23)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nexon Game Manager
Nokia Connectivity Cable Driver
NTRU TCG Software Stack
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Octoshape add-in for Adobe Flash Player
Pando Media Booster
PC Connectivity Solution
PDFCreator
PowerDVD
PowerISO
Preboot Manager
Private Information Manager
Project64 1.6
PRS-500 USB driver
QuickTime
Reader Library by Sony
RealPlayer
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Secure Update
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Wizards
Skype Toolbars
Skype™ 4.2
SO32MMWrapper
Sonic CinePlayer Decoder Pack
SopCast 3.2.4
StreamTorrent 1.0
SyncToy 2.0 (x86)
System Requirements Lab
TimeLeft
TreeSize Free V2.5
Trusted Drive Manager
UniKey 3.63
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2466076)
VC80CRTRedist - 8.0.50727.762
Veetle TV 0.9.15
Veoh Web Player
Veoh Web Player Toolbar
Viewpoint Media Player
VLC media player 0.9.9
Wakan 1.67
Wave Infrastructure Installer
Wave Support Software
WIDCOMM Bluetooth Software 6.1.0.4402
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
Write-N-Cite
Xming-fonts 7.4.0.3
Xming 6.9.0.31
Yahoo! Messenger
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

12/29/2010 6:06:18 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
12/29/2010 4:37:54 PM, Error: Service Control Manager [7030] - The Quick Heal Total Security Mail Protection service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/29/2010 4:37:50 PM, Error: Service Control Manager [7030] - The Total Security Helper Service WSC service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/29/2010 4:36:52 PM, Error: Service Control Manager [7030] - The Online Protection System service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/29/2010 12:01:12 PM, Error: EventLog [6008] - The previous system shutdown at 12:00:01 PM on 12/29/2010 was unexpected.
12/29/2010 11:58:35 AM, Error: Service Control Manager [7022] - The TdmService service hung on starting.
12/28/2010 8:24:23 PM, Error: Service Control Manager [7034] - The Google Update Service service terminated unexpectedly. It has done this 1 time(s).
12/28/2010 12:29:14 AM, Error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error 1 (0x1).
12/28/2010 12:00:40 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
12/28/2010 12:00:40 PM, Error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the path specified.
1/3/2011 4:35:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.3130.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/3/2011 4:35:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.3130.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/3/2011 4:35:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.3130.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/3/2011 4:28:27 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
1/3/2011 4:13:26 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{90ff64c0-337b-11de-b01e-806e6f6e6963}\System Volume Information\SystemRestore\New-system' was corrupted and it has been recovered. Some data might have been lost.
1/3/2011 12:36:39 PM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/3/2011 11:31:02 PM, Error: EventLog [6008] - The previous system shutdown at 11:29:27 PM on 1/3/2011 was unexpected.
1/3/2011 10:45:41 PM, Error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error 0 (0x0).
1/2/2011 8:01:35 PM, Error: Service Control Manager [7000] - The Intel AGP Bus Filter service failed to start due to the following error: A device attached to the system is not functioning.
1/2/2011 10:37:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
1/2/2011 10:37:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
1/2/2011 10:33:21 PM, Error: EventLog [6008] - The previous system shutdown at 10:31:12 PM on 1/2/2011 was unexpected.

==== End Of File ===========================

PeteC · 2011/01/03

welcome to WindowsBBS

I see you have P2P software ( Limewire, BitTorrent, uTorrent etcâ€¦ ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them,

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

superpig10000 · 2011/01/03

Duly noted and understood. Thank you, Pete

broni · 2011/01/03

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

===============================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

superpig10000 · 2011/01/03

I have not attempted to use search engines lately. If you want me to do that please let me know.

Bootkit Remover

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Business Edition (build 6000), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`86600000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

Combofix

ComboFix 11-01-03.01 - Anh Nguyen 01/04/2011 12:28:32.1.2 - x86
Microsoft® Windows Vistaâ„¢ Business 6.0.6000.0.1252.1.1033.18.3571.2180 [GMT 9:00]
Running from: c:\users\Anh Nguyen\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Hotspot Shield\hssie\HsSIe.dll
c:\users\Anh Nguyen\AppData\Roaming\Local
c:\users\Anh Nguyen\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Anh Nguyen\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Anh Nguyen\AppData\Roaming\Local\Temp\DDM\Settings\Independance Day.avi.ddr
c:\users\Anh Nguyen\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Anh Nguyen\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Independance Day.avi(2).ddp
c:\users\Anh Nguyen\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Independance Day.avi.ddp
c:\users\Anh Nguyen\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\usjuolsircdc.avi.ddp
c:\users\Anh Nguyen\AppData\Roaming\Local\Temp\DDM\Settings\usjuolsircdc.avi.ddr
c:\windows\System32\ms.dll

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-04 to 2011-01-04 )))))))))))))))))))))))))))))))
.

2011-01-04 03:37 . 2011-01-04 04:08 -------- d-----w- c:\users\Anh Nguyen\AppData\Local\temp
2011-01-04 03:37 . 2011-01-04 03:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-04 03:25 . 2011-01-04 03:25 -------- d-----w- C:\32788R22FWJFW
2011-01-04 03:10 . 2010-11-16 03:01 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-04 03:09 . 2010-11-16 03:01 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CECC62B-E20A-45A9-9DA9-E52F098A71A8}\mpengine.dll
2011-01-03 07:35 . 2011-01-03 07:35 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-03 07:35 . 2011-01-04 06:51 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-01-03 07:34 . 2011-01-03 07:34 134464 ----a-w- c:\windows\system32\LnkProtect.dll
2011-01-03 07:34 . 2010-11-30 01:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93DD4D74-5F72-49CF-B369-CFF0AFB2E5C1}\gapaengine.dll
2011-01-03 06:33 . 2011-01-03 07:50 -------- d-----w- c:\programdata\Hitman Pro
2011-01-03 03:36 . 2011-01-03 03:36 -------- d-----w- c:\users\Anh Nguyen\AppData\Local\Sunbelt Software
2011-01-03 03:31 . 2011-01-03 06:32 -------- d-----w- c:\programdata\Lavasoft
2011-01-02 15:26 . 2011-01-02 15:26 -------- d-----w- c:\users\Anh Nguyen\AppData\Roaming\Malwarebytes
2011-01-02 15:26 . 2011-01-02 15:26 -------- d-----w- c:\programdata\Malwarebytes
2011-01-02 15:26 . 2010-12-20 09:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-02 15:26 . 2010-12-20 09:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-02 15:25 . 2011-01-03 14:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-02 13:42 . 2010-11-30 01:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-01-02 13:30 . 2011-01-02 13:31 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-02 12:44 . 2011-01-02 12:47 480 ----a-w- c:\users\Anh Nguyen\TakeControlOf.cmd
2011-01-02 12:32 . 2011-01-02 12:32 -------- d--h--w- c:\windows\PIF
2010-12-31 08:41 . 2010-11-16 03:01 6273872 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F324357C-1BE6-4E2B-BD51-53B62DACBA25}\mpengine.dll
2010-12-29 05:52 . 2010-12-29 05:52 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-12-28 11:08 . 2010-12-29 05:52 -------- d-----w- c:\program files\ConduitEngine
2010-12-26 17:01 . 2010-04-14 09:12 892928 ----a-w- c:\windows\system32\iconv.dll
2010-12-26 17:01 . 2010-04-14 09:12 675840 ----a-w- c:\windows\system32\ac3filter.ax
2010-12-26 17:01 . 2010-04-14 09:12 496640 ----a-w- c:\windows\system32\xvid.ax
2010-12-26 17:01 . 2010-12-27 03:35 -------- d-----w- c:\program files\Aimersoft
2010-12-26 15:04 . 2009-05-18 04:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-26 15:04 . 2008-04-17 03:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-20 13:51 . 2010-12-26 15:04 -------- d-----w- c:\program files\iPod
2010-12-20 13:51 . 2010-12-28 13:26 -------- d-----w- c:\program files\iTunes
2010-12-20 13:51 . 2010-12-20 13:52 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-20 13:48 . 2010-12-20 13:48 -------- d-----w- c:\program files\Apple Software Update
2010-12-20 13:44 . 2010-12-20 13:44 -------- d-----w- c:\program files\Bonjour
2010-12-20 09:31 . 2010-12-20 09:31 40960 ----a-r- c:\users\Anh Nguyen\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-12-20 09:31 . 2010-12-20 09:31 40960 ----a-r- c:\users\Anh Nguyen\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-12-20 09:30 . 2011-01-03 11:20 -------- d-----w- c:\program files\Project64 1.6
2010-12-14 13:37 . 2010-12-14 13:37 -------- d-----w- c:\users\Anh Nguyen\AppData\Roaming\JAM Software
2010-12-14 13:37 . 2010-12-14 13:37 -------- d-----w- c:\program files\JAM Software
2010-12-11 12:20 . 2010-12-11 12:28 -------- d-----w- c:\programdata\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-04 04:08 . 2009-05-01 19:18 0 ----a-w- c:\users\Anh Nguyen\AppData\Local\WavXMapDrive.bat
2010-11-29 08:38 . 2010-11-29 08:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 08:38 . 2010-11-29 08:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 09:11 . 2010-11-11 14:26 2396061423 ----a-w- c:\program files\VindictusSetupV109.exe
2010-10-24 12:25 . 2010-10-24 12:25 43392 ----a-w- c:\windows\system32\drivers\MpNWMon.sys
2010-10-24 12:25 . 2010-10-24 12:25 165264 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2010-10-19 20:51 . 2009-10-03 15:27 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-11 21:52 . 2009-05-15 06:42 4172888 ----a-w- c:\windows\system32\GameMon.des
2010-10-07 03:23 . 2010-10-07 03:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 03:23 . 2010-10-07 03:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 03:23 . 2010-10-07 03:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-05-06 22:03 . 2009-05-06 22:03 454656 ----a-w- c:\program files\putty.exe
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e} "= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Veoh_Web_Player\tbVeo2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e} "= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CD90BF73-20F6-44EF-993D-BB920303BD2E} "= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@= "{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} "
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@= "{CF08DA3E-C97D-4891-A66B-E39B28DD270F} "
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Google Update "= "c:\users\Anh Nguyen\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-10 133104]
"UniKey "= "c:\program files\UniKey\UniKey.exe" [2005-08-16 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "c:\program files\DellTPad\Apoint.exe" [2009-02-23 200704]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"ChangeTPMAuth "= "c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-12-19 184320]
"WavXMgr "= "c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 134144]
"SecureUpgrade "= "c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-01-16 656696]
"USCService "= "c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-01-16 15360]
"nwiz "= "nwiz.exe" [2009-04-23 1657376]
"NVHotkey "= "c:\windows\system32\nvHotkey.dll" [2009-04-29 92704]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-04-29 13756960]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-20 198160]
"eBook Library Launcher "= "c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-01-26 906640]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

c:\users\Anh Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-27 97680]
RollerCoaster Tycoon 3 Registration.lnk - c:\users\Anh Nguyen\AppData\Local\Temp\{33600947-4941-46A7-A818-FFDD60AC87AA}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [N/A]
TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2010-6-2 2000112]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-2-7 1084192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3 "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Anh Nguyen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hott notes 4.lnk]
path=c:\users\Anh Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hott notes 4.lnk
backup=c:\windows\pss\hott notes 4.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellControlPoint]
2009-01-19 20:54 667648 ----a-w- c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck]
2009-01-16 21:40 95544 ----a-w- c:\program files\Wave Systems Corp\EMBASSY Security Setup\EmbassySecurityCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-10 02:08 133104 ----atw- c:\users\Anh Nguyen\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 08:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 14:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-04-29 02:49 92704 ----a-w- c:\windows\System32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-04-29 02:49 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 08:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1783976355-914737711-2657614627-1000]
"EnableNotificationsRef "=dword:00000001

R3 AsfAlrt;AsfAlrt Service;c:\windows\system32\Drivers\AsfAlrt.sys [2007-04-19 42832]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-06-16 29736]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-01-03 16968]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-10-11 4172888]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\aestsrv.exe [2009-03-17 81920]
S2 alssvc;Ambient Light Sensor;c:\program files\Dell\Ambient Light Sensor\AlsSvc.exe [2008-06-03 382232]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-20 29416]
S2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2007-04-19 133968]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2008-12-29 320800]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-01-22 808296]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-01-22 20840]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-02-07 443168]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\Drivers\cvusbdrv.sys [2009-01-22 32808]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-02-23 224384]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-10-27 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-10-27 277440]

--- Other Services/Drivers In Memory ---

*Deregistered* - ejnnfk

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1783976355-914737711-2657614627-1000Core.job
- c:\users\Anh Nguyen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-10 02:08]

2011-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1783976355-914737711-2657614627-1000UA.job
- c:\users\Anh Nguyen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-10 02:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2653012
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {31BDCCD7-808E-47D6-8BCB-51566A9A2EFC} = 8.8.8.8,8.8.4.4
TCP: {69C32289-F5C8-4FAF-B2A8-DED95673443C} = 10.16.80.1
TCP: {8AAE3EC2-1FC5-4268-B3D9-4F156EFF07CE} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Anh Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\b5hozrro.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: YSlow: yslow@yahoo-inc.com - %profile%\extensions\yslow@yahoo-inc.com
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Anh Nguyen\AppData\Roaming\Move Networks
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Boingo Wi-Fi - c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-PDVDDXSrv - c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-04 13:08
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet049\Services\RichVideo]
"ImagePath "= "\ "c:\users\Anh Nguyen\Downloads\Movie Stuff\CyberLink POWER DVD Ultra DELUXE(extended edition)(with serial key)\CyberLink POWER DVD Ultra DELUXE(extended edition)(with serial key)\RichVideo\RichVideo.exe\ "\00$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ
"ImagePath "= "\ "c:\users\Anh Nguyen\Downloads\Movie Stuff\CyberLink POWER DVD Ultra DELUXE(extended edition)(with serial key)\CyberLink POWER DVD Ultra DELUXE(extended edition)(with serial key)\RichVideo\RichVideo.exe\ "\00$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ
[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~â‚¬â€šÆ’â€žâ€¦â€ â€¡Ë†â€°Å â€¹Å’Å½â€˜â€™â€œâ€â€¢â€“â€”Ëœâ„¢Å â€ºÅ’Å½Å¸*¡¢£¤¥¦§¨©ª«¬*®¯°±²³´µ¶·¸¹º»¼½¾¿Ã€ÃÃ‚ÃƒÃ„Ã…Ã†Ã‡ÃˆÃ‰ÃŠÃ‹ÃŒÃÃŽÃÃÃ‘Ã’Ã“Ã”Ã•Ã–Ã—Ã˜Ã™ÃšÃ›ÃœÃÃžÃŸÃ€ÃÃ‚ÃƒÃ„Ã…Ã†Ã‡ÃˆÃ‰ÃŠÃ‹ÃŒÃÃŽÃ "

[HKEY_LOCAL_MACHINE\system\ControlSet049\Services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "

[HKEY_LOCAL_MACHINE\system\ControlSet049\Services\ejnnfk]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet049\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet049\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6060)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\STacSV.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\xampp\FileZillaFTP\FileZilla server.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\conime.exe
c:\program files\IDT\WDM\sttray.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-01-04 13:14:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-04 04:13

Pre-Run: 15,240,867,840 bytes free
Post-Run: 14,794,584,064 bytes free

- - End Of File - - 611F12844EA622D683C13356AB1CFD7C

broni · 2011/01/04

Combofix log looks clean now....

See, if you're still redirected.

superpig10000 · 2011/01/04

It's been a day and no redirection so far. Thanks for everything!

broni · 2011/01/04

Very good

We'll have to run couple more scans to make sure, nothing is hiding out there...

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

superpig10000 · 2011/01/04

OTL Part 1

OTL logfile created on: 1/5/2011 12:15:58 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Anh Nguyen\Calibre Library\Downloads
Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.43 Gb Total Space | 13.82 Gb Free Space | 19.07% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.36 Gb Free Space | 68.20% Space Free | Partition Type: NTFS

Computer Name: PU121126 | User Name: Anh Nguyen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/05 12:15:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anh Nguyen\Calibre Library\Downloads\OTL.exe
PRC - [2010/12/13 17:16:14 | 009,777,448 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2010/12/09 08:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\Anh Nguyen\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/24 11:10:46 | 000,083,440 | ---- | M] (Google) -- C:\Users\Anh Nguyen\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/11/17 13:16:26 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/16 00:57:30 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/09 10:42:46 | 002,000,112 | ---- | M] (NesterSoft Inc.) -- C:\Program Files\TimeLeft3\TimeLeft.exe
PRC - [2009/12/20 13:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009/12/20 13:00:00 | 001,029,776 | ---- | M] (FileZilla Project) -- C:\xampp\FileZillaFTP\FileZilla Server.exe
PRC - [2009/12/20 13:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009/11/20 11:59:34 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/06/02 03:58:06 | 000,094,256 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2009/06/02 03:13:56 | 000,331,312 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/05/19 13:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/28 15:21:59 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/17 18:02:18 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe
PRC - [2009/03/17 18:01:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe
PRC - [2009/02/23 14:51:40 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/02/23 14:51:24 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/02/23 14:51:22 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/02/23 14:51:22 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/02/07 10:32:44 | 000,443,168 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/02/07 10:32:26 | 001,084,192 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2009/01/23 00:19:20 | 000,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2009/01/23 00:19:20 | 000,020,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2009/01/17 06:41:02 | 000,656,696 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2009/01/17 05:46:22 | 000,015,360 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2009/01/15 00:23:50 | 000,991,232 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2008/12/30 01:07:28 | 000,320,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2008/12/23 02:15:32 | 000,134,144 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2008/11/10 05:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/03 01:26:42 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/03 00:56:44 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/06/15 20:12:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/15 20:12:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/06/04 05:16:30 | 000,382,232 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
PRC - [2007/04/19 19:56:36 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2007/01/05 06:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/02 18:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006/09/11 18:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005/08/16 20:18:52 | 000,180,224 | ---- | M] () -- C:\Program Files\UniKey\UniKey.exe

========== Modules (SafeList) ==========

MOD - [2011/01/05 12:15:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anh Nguyen\Calibre Library\Downloads\OTL.exe
MOD - [2010/09/15 23:11:06 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2009/02/07 10:34:24 | 000,041,760 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\dadkeyb.dll
MOD - [2006/11/02 18:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
MOD - [2005/08/16 20:15:09 | 000,061,440 | ---- | M] () -- C:\Program Files\UniKey\UKHook35.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Users\Anh Nguyen\Downloads\Movie Stuff\CyberLink POWER DVD Ultra DELUXE(extended edition)(with serial key)\CyberLink POWER DVD Ultra DELUXE(extended edition)(with serial key)\RichVideo\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/12 06:52:44 | 004,172,888 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/12/20 13:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/12/20 13:00:00 | 001,029,776 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\xampp\FileZillaFTP\FileZilla server.exe -- (FileZilla Server)
SRV - [2009/12/20 13:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/11/10 10:46:24 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2009/06/02 03:58:12 | 000,034,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009/06/02 03:58:06 | 000,094,256 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009/06/02 03:13:56 | 000,331,312 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/05/19 13:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/28 15:09:42 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/17 18:02:18 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe -- (STacSV)
SRV - [2009/03/17 18:01:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/07 10:32:44 | 000,443,168 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/01/23 00:19:20 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2009/01/23 00:19:20 | 000,020,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2009/01/15 00:23:50 | 000,991,232 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2008/12/30 01:07:28 | 000,320,800 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/12/12 23:54:00 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/11/13 03:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/11/10 05:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/03 01:26:42 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/03 00:56:44 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/06/15 20:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/06/04 05:16:30 | 000,382,232 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe -- (alssvc)
SRV - [2007/04/19 19:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2007/01/05 06:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NvtSp50.sys -- (NvtSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011/01/03 16:35:22 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/07/27 11:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/06/02 03:13:56 | 000,033,840 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2009/04/29 09:08:00 | 009,838,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/28 15:20:33 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/04/28 15:20:33 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/04/28 15:20:33 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2009/03/17 18:02:30 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/02/23 15:59:20 | 000,224,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2009/02/23 14:51:20 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/01/23 00:16:14 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/01/17 06:41:06 | 000,205,624 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/10/27 15:25:30 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/10/27 15:25:28 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/10/18 06:32:36 | 000,011,392 | ---- | M] (Dell Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hbtnkey.sys -- (HBtnKey)
DRV - [2008/09/25 21:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/09/16 18:41:20 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\heci.sys -- (HECI) Intel(R)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/08 17:21:56 | 000,318,488 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/07/23 16:16:50 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/07/02 14:12:12 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/02 14:12:10 | 000,043,008 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/07/02 14:12:10 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/06/16 18:24:12 | 000,017,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/06/16 18:24:04 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008/06/16 18:24:02 | 000,100,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/06/16 18:24:00 | 000,081,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/06/05 03:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/01/24 06:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/04/19 19:28:12 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2006/11/02 18:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 18:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 18:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 18:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 18:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 18:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 18:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 18:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 18:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 18:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 18:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 18:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 18:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 18:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 18:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 18:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 18:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 18:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 18:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 18:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 18:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 18:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 18:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 18:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 18:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 18:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 18:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 18:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 18:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 18:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 18:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 18:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 17:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 17:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 17:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 17:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 17:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 17:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 16:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 16:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 16:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 16:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2653012
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul "
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:1.8
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.679
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.0.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/28 22:14:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/20 22:50:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/20 22:50:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/12/20 22:50:45 | 000,000,000 | ---D | M]

[2009/05/02 05:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anh Nguyen\AppData\Roaming\Mozilla\Extensions
[2011/01/04 22:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anh Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\b5hozrro.default\extensions
[2010/09/19 21:58:56 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Anh Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\b5hozrro.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2009/09/01 22:31:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anh Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\b5hozrro.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/20 13:47:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Anh Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\b5hozrro.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(29)
[2009/07/15 23:54:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Anh Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\b5hozrro.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/14 09:10:42 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Anh Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\b5hozrro.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009/10/14 09:10:40 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Anh Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\b5hozrro.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/02/17 23:20:59 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Anh Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\b5hozrro.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/24 10:11:05 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Anh Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\b5hozrro.default\extensions\firebug@software.joehewitt.com
[2010/04/24 10:11:31 | 000,000,000 | ---D | M] (YSlow) -- C:\Users\Anh Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\b5hozrro.default\extensions\yslow@yahoo-inc.com
[2010/01/29 10:48:13 | 000,001,606 | ---- | M] () -- C:\Users\Anh Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\b5hozrro.default\searchplugins\amazondotcom.xml
[2009/08/20 01:27:40 | 000,001,595 | ---- | M] () -- C:\Users\Anh Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\b5hozrro.default\searchplugins\ebay.xml
[2011/01/04 22:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/26 15:40:28 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/20 09:01:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/09/04 21:39:44 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009/09/14 02:11:57 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\ANH NGUYEN\APPDATA\ROAMING\MOVE NETWORKS
[2010/04/13 06:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/17 02:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/12/28 22:14:11 | 000,001,068 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-zugo.xml

O1 HOSTS File: ([2011/01/04 13:07:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [UniKey] C:\Program Files\UniKey\UniKey.exe ()
O4 - Startup: C:\Users\Anh Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = C:\Users\Anh Nguyen\AppData\Local\Temp\{33600947-4941-46A7-A818-FFDD60AC87AA}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe File not found
O4 - Startup: C:\Users\Anh Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Anh Nguyen\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Anh Nguyen\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/02 22:10:53 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.bdmpeg - C:\Windows\System32\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.mpeg - C:\Windows\System32\bdmpegv.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/04 13:14:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/04 13:07:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/04 12:37:15 | 000,000,000 | ---D | C] -- C:\Users\Anh Nguyen\AppData\Local\temp
[2011/01/04 12:25:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/04 12:25:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/04 12:25:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/04 12:25:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/04 12:25:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/01/04 12:25:06 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/01/04 12:22:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/04 12:22:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/03 23:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/03 16:34:46 | 000,134,464 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\LnkProtect.dll
[2011/01/03 12:36:44 | 000,000,000 | ---D | C] -- C:\Users\Anh Nguyen\AppData\Local\Sunbelt Software
[2011/01/03 00:26:11 | 000,000,000 | ---D | C] -- C:\Users\Anh Nguyen\AppData\Roaming\Malwarebytes
[2011/01/03 00:26:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/03 00:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/03 00:26:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/03 00:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/02 22:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/01/02 21:32:15 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/12/29 15:11:30 | 000,000,000 | ---D | C] -- C:\Users\Anh Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2010/12/28 20:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2010/12/27 12:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft
[2010/12/27 02:01:40 | 000,000,000 | ---D | C] -- C:\Users\Anh Nguyen\Documents\Aimersoft Video Converter
[2010/12/27 02:01:29 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\System32\iconv.dll
[2010/12/27 02:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\Aimersoft
[2010/12/27 00:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2010/12/20 22:54:56 | 000,000,000 | ---D | C] -- C:\Users\Anh Nguyen\Documents\iTunes
[2010/12/20 22:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/20 22:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/20 22:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/20 22:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2010/12/20 22:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/12/20 22:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/12/20 18:30:58 | 000,000,000 | ---D | C] -- C:\Users\Anh Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
[2010/12/20 18:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\Project64 1.6
[2010/12/14 22:37:05 | 000,000,000 | ---D | C] -- C:\Users\Anh Nguyen\AppData\Roaming\JAM Software
[2010/12/14 22:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
[2010/12/14 22:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\JAM Software
[2010/12/11 21:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2009/05/07 07:03:38 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Program Files\putty.exe
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Anh Nguyen\Documents\*.tmp files -> C:\Users\Anh Nguyen\Documents\*.tmp -> ]

superpig10000 · 2011/01/04

OTL Part 2

========== Files - Modified Within 30 Days ==========

[2011/01/05 12:20:31 | 000,759,808 | ---- | M] () -- C:\Windows\System32\drivers\ejnnfk.sys
[2011/01/05 12:13:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1783976355-914737711-2657614627-1000UA.job
[2011/01/05 12:10:02 | 000,341,930 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/01/05 12:09:33 | 000,000,000 | ---- | M] () -- C:\Users\Anh Nguyen\AppData\Local\WavXMapDrive.bat
[2011/01/05 12:08:22 | 000,341,930 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/01/05 12:07:49 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/05 12:07:49 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/05 12:07:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/05 12:07:37 | 3745,415,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/05 01:26:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/01/04 21:48:20 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/01/04 13:07:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/03 23:30:59 | 461,144,807 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/03 23:04:57 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/03 23:04:57 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/03 22:22:15 | 000,007,254 | ---- | M] () -- C:\Users\Anh Nguyen\Documents\log.xml
[2011/01/03 20:40:42 | 000,000,203 | ---- | M] () -- C:\Users\Anh Nguyen\Desktop\P64.rtf
[2011/01/03 16:35:22 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/01/03 16:34:46 | 000,134,464 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\LnkProtect.dll
[2011/01/02 23:11:14 | 003,756,032 | ---- | M] () -- C:\Users\Anh Nguyen\AppData\Local\filesync.metadata
[2011/01/02 22:31:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/01/02 22:10:53 | 000,000,024 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/01/02 21:47:32 | 000,000,480 | ---- | M] () -- C:\Users\Anh Nguyen\TakeControlOf.cmd
[2011/01/02 20:01:33 | 000,000,046 | ---- | M] () -- C:\Windows\qqtX4
[2011/01/02 20:01:33 | 000,000,046 | ---- | M] () -- C:\Windows\6OMU44uWOW
[2011/01/02 20:01:33 | 000,000,044 | ---- | M] () -- C:\Windows\cNY4SQa1ek
[2011/01/02 20:01:33 | 000,000,043 | ---- | M] () -- C:\Windows\RuCWc
[2011/01/02 20:01:33 | 000,000,043 | ---- | M] () -- C:\Windows\8DDlY
[2011/01/02 20:01:33 | 000,000,042 | ---- | M] () -- C:\Windows\oF1CKLrj
[2011/01/02 20:01:33 | 000,000,042 | ---- | M] () -- C:\Windows\KJLfO5
[2011/01/02 20:01:33 | 000,000,040 | ---- | M] () -- C:\Windows\HfSCj
[2011/01/02 20:01:33 | 000,000,038 | ---- | M] () -- C:\Windows\M5UPkoM
[2011/01/02 20:01:33 | 000,000,038 | ---- | M] () -- C:\Windows\bfxio
[2011/01/02 20:01:33 | 000,000,037 | ---- | M] () -- C:\Windows\Xs6kVY
[2011/01/02 20:01:33 | 000,000,037 | ---- | M] () -- C:\Windows\EsxjCr
[2011/01/02 20:01:33 | 000,000,036 | ---- | M] () -- C:\Windows\xcYbidTs
[2011/01/02 20:01:33 | 000,000,036 | ---- | M] () -- C:\Windows\O7E1iaf22s
[2011/01/02 20:01:33 | 000,000,036 | ---- | M] () -- C:\Windows\CmEm4WQT1
[2011/01/02 20:01:33 | 000,000,035 | ---- | M] () -- C:\Windows\8EAjHymp
[2011/01/02 20:01:33 | 000,000,034 | ---- | M] () -- C:\Windows\jvCdUC
[2011/01/02 20:01:33 | 000,000,032 | ---- | M] () -- C:\Windows\qF7MFv
[2011/01/02 20:01:33 | 000,000,029 | ---- | M] () -- C:\Windows\v7VdnYqe
[2011/01/02 20:01:33 | 000,000,027 | ---- | M] () -- C:\Windows\xNiEn
[2011/01/02 20:01:33 | 000,000,027 | ---- | M] () -- C:\Windows\jNINWpX8E
[2011/01/02 20:01:33 | 000,000,026 | ---- | M] () -- C:\Windows\xO8HATyLOY
[2011/01/02 20:01:33 | 000,000,026 | ---- | M] () -- C:\Windows\T3kUj
[2011/01/02 20:01:33 | 000,000,026 | ---- | M] () -- C:\Windows\qWab5IJ
[2011/01/02 20:01:33 | 000,000,026 | ---- | M] () -- C:\Windows\1caPV
[2011/01/02 20:01:33 | 000,000,025 | ---- | M] () -- C:\Windows\kXEPL1AT3
[2011/01/02 20:01:33 | 000,000,024 | ---- | M] () -- C:\Windows\icybByB7U
[2011/01/02 20:01:32 | 000,000,049 | ---- | M] () -- C:\Windows\aGAhEhsUk
[2011/01/02 20:01:32 | 000,000,047 | ---- | M] () -- C:\Windows\rAN7VLcsJi
[2011/01/02 20:01:32 | 000,000,047 | ---- | M] () -- C:\Windows\kTetkiUNn5
[2011/01/02 20:01:32 | 000,000,046 | ---- | M] () -- C:\Windows\phEx45E
[2011/01/02 20:01:32 | 000,000,046 | ---- | M] () -- C:\Windows\AE5mB2cG7
[2011/01/02 20:01:32 | 000,000,046 | ---- | M] () -- C:\Windows\A5RpSGbTV4
[2011/01/02 20:01:32 | 000,000,045 | ---- | M] () -- C:\Windows\wFyfJt
[2011/01/02 20:01:32 | 000,000,045 | ---- | M] () -- C:\Windows\kkU1VPSLP
[2011/01/02 20:01:32 | 000,000,044 | ---- | M] () -- C:\Windows\4i2CHc316
[2011/01/02 20:01:32 | 000,000,043 | ---- | M] () -- C:\Windows\e2BRs7XCOc
[2011/01/02 20:01:32 | 000,000,041 | ---- | M] () -- C:\Windows\XeBrLSBhFa
[2011/01/02 20:01:32 | 000,000,041 | ---- | M] () -- C:\Windows\TtMYc336j
[2011/01/02 20:01:32 | 000,000,040 | ---- | M] () -- C:\Windows\pXNtfL
[2011/01/02 20:01:32 | 000,000,040 | ---- | M] () -- C:\Windows\kAcXHdPa
[2011/01/02 20:01:32 | 000,000,040 | ---- | M] () -- C:\Windows\7BP46dfh
[2011/01/02 20:01:32 | 000,000,040 | ---- | M] () -- C:\Windows\31smHNO
[2011/01/02 20:01:32 | 000,000,039 | ---- | M] () -- C:\Windows\xWab4
[2011/01/02 20:01:32 | 000,000,039 | ---- | M] () -- C:\Windows\nlFAbIa
[2011/01/02 20:01:32 | 000,000,039 | ---- | M] () -- C:\Windows\iMBu3o
[2011/01/02 20:01:32 | 000,000,034 | ---- | M] () -- C:\Windows\MAGsm
[2011/01/02 20:01:32 | 000,000,033 | ---- | M] () -- C:\Windows\vxy1p3
[2011/01/02 20:01:32 | 000,000,033 | ---- | M] () -- C:\Windows\JMuXAGjvk
[2011/01/02 20:01:32 | 000,000,032 | ---- | M] () -- C:\Windows\Xpf2Mm2KO
[2011/01/02 20:01:32 | 000,000,031 | ---- | M] () -- C:\Windows\QBlXkV4
[2011/01/02 20:01:32 | 000,000,031 | ---- | M] () -- C:\Windows\BKESmNn
[2011/01/02 20:01:32 | 000,000,029 | ---- | M] () -- C:\Windows\tYPYrCGdab
[2011/01/02 20:01:32 | 000,000,029 | ---- | M] () -- C:\Windows\k2UcdPmmu
[2011/01/02 20:01:32 | 000,000,029 | ---- | M] () -- C:\Windows\5hhALccVlp
[2011/01/02 20:01:32 | 000,000,029 | ---- | M] () -- C:\Windows\1QlCEMCW
[2011/01/02 20:01:30 | 000,000,046 | ---- | M] () -- C:\Windows\mAn1T2tUw
[2011/01/02 20:01:30 | 000,000,044 | ---- | M] () -- C:\Windows\eXywNfD
[2011/01/02 20:01:30 | 000,000,043 | ---- | M] () -- C:\Windows\w3Sya
[2011/01/02 20:01:30 | 000,000,042 | ---- | M] () -- C:\Windows\DX7CfXOvPi
[2011/01/02 20:01:30 | 000,000,042 | ---- | M] () -- C:\Windows\C7XHWqda3J
[2011/01/02 20:01:30 | 000,000,041 | ---- | M] () -- C:\Windows\SHAcB
[2011/01/02 20:01:30 | 000,000,041 | ---- | M] () -- C:\Windows\OerVNcIU
[2011/01/02 20:01:30 | 000,000,041 | ---- | M] () -- C:\Windows\fAmoEI
[2011/01/02 20:01:30 | 000,000,041 | ---- | M] () -- C:\Windows\aMk1aAKjeK
[2011/01/02 20:01:30 | 000,000,040 | ---- | M] () -- C:\Windows\Ggic7
[2011/01/02 20:01:30 | 000,000,039 | ---- | M] () -- C:\Windows\VYheTgWVhv
[2011/01/02 20:01:30 | 000,000,039 | ---- | M] () -- C:\Windows\qqvYDwBc1
[2011/01/02 20:01:30 | 000,000,038 | ---- | M] () -- C:\Windows\u8Qfaq
[2011/01/02 20:01:30 | 000,000,037 | ---- | M] () -- C:\Windows\y4FDpTTw
[2011/01/02 20:01:30 | 000,000,036 | ---- | M] () -- C:\Windows\djc3GMAv
[2011/01/02 20:01:30 | 000,000,032 | ---- | M] () -- C:\Windows\BNL5qes
[2011/01/02 20:01:30 | 000,000,030 | ---- | M] () -- C:\Windows\QcFIC
[2011/01/02 20:01:30 | 000,000,030 | ---- | M] () -- C:\Windows\8PpDHAfK3i
[2011/01/02 20:01:30 | 000,000,028 | ---- | M] () -- C:\Windows\UouBhbn
[2011/01/02 20:01:30 | 000,000,028 | ---- | M] () -- C:\Windows\bw8VjavCUR
[2011/01/02 20:01:30 | 000,000,027 | ---- | M] () -- C:\Windows\fyPWpUc
[2011/01/02 20:01:30 | 000,000,025 | ---- | M] () -- C:\Windows\78ErIXU
[2011/01/02 20:01:28 | 000,000,047 | ---- | M] () -- C:\Windows\wMhwL
[2011/01/02 20:01:28 | 000,000,045 | ---- | M] () -- C:\Windows\Tclwf
[2011/01/02 20:01:28 | 000,000,045 | ---- | M] () -- C:\Windows\AqcTjYS4
[2011/01/02 20:01:28 | 000,000,044 | ---- | M] () -- C:\Windows\Y6NxdTNG
[2011/01/02 20:01:28 | 000,000,044 | ---- | M] () -- C:\Windows\N5hbL6aH
[2011/01/02 20:01:28 | 000,000,044 | ---- | M] () -- C:\Windows\dUxpqMMDA
[2011/01/02 20:01:28 | 000,000,044 | ---- | M] () -- C:\Windows\BliukY4HP
[2011/01/02 20:01:28 | 000,000,043 | ---- | M] () -- C:\Windows\gy8PxTd2
[2011/01/02 20:01:28 | 000,000,043 | ---- | M] () -- C:\Windows\3tDqVkUOoG
[2011/01/02 20:01:28 | 000,000,041 | ---- | M] () -- C:\Windows\U5DiVlAr
[2011/01/02 20:01:28 | 000,000,041 | ---- | M] () -- C:\Windows\iW1xkQGf
[2011/01/02 20:01:28 | 000,000,040 | ---- | M] () -- C:\Windows\144jkRfYe5
[2011/01/02 20:01:28 | 000,000,039 | ---- | M] () -- C:\Windows\K1288ihQ
[2011/01/02 20:01:28 | 000,000,038 | ---- | M] () -- C:\Windows\JnGCQ
[2011/01/02 20:01:28 | 000,000,037 | ---- | M] () -- C:\Windows\KKYECa7cX
[2011/01/02 20:01:28 | 000,000,037 | ---- | M] () -- C:\Windows\6foPCe7qNo
[2011/01/02 20:01:28 | 000,000,035 | ---- | M] () -- C:\Windows\pLjsPVkfn1
[2011/01/02 20:01:28 | 000,000,035 | ---- | M] () -- C:\Windows\CCLOgpM
[2011/01/02 20:01:28 | 000,000,035 | ---- | M] () -- C:\Windows\8AM1o
[2011/01/02 20:01:28 | 000,000,034 | ---- | M] () -- C:\Windows\gNADHr
[2011/01/02 20:01:28 | 000,000,032 | ---- | M] () -- C:\Windows\urWpo
[2011/01/02 20:01:28 | 000,000,032 | ---- | M] () -- C:\Windows\JsIqItNQ
[2011/01/02 20:01:28 | 000,000,032 | ---- | M] () -- C:\Windows\JGgYi
[2011/01/02 20:01:28 | 000,000,032 | ---- | M] () -- C:\Windows\ekHFhX4c
[2011/01/02 20:01:28 | 000,000,030 | ---- | M] () -- C:\Windows\oSIru3SWY
[2011/01/02 20:01:28 | 000,000,029 | ---- | M] () -- C:\Windows\ObunXm6t
[2011/01/02 20:01:28 | 000,000,028 | ---- | M] () -- C:\Windows\BhsWaf
[2011/01/02 20:01:28 | 000,000,025 | ---- | M] () -- C:\Windows\vARUH
[2011/01/02 20:01:28 | 000,000,024 | ---- | M] () -- C:\Windows\kc5EkqCghH
[2011/01/01 15:13:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1783976355-914737711-2657614627-1000Core.job
[2010/12/29 20:00:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/29 20:00:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/29 15:11:32 | 000,002,069 | ---- | M] () -- C:\Users\Anh Nguyen\Desktop\Google Chrome.lnk
[2010/12/29 15:11:32 | 000,002,031 | ---- | M] () -- C:\Users\Anh Nguyen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/28 22:09:16 | 001,506,701 | ---- | M] () -- C:\Users\Anh Nguyen\Documents\2761274.pdf
[2010/12/28 00:24:10 | 000,397,183 | ---- | M] () -- C:\Users\Anh Nguyen\Documents\Japan - SE Asia.pdf
[2010/12/27 12:58:02 | 000,001,684 | ---- | M] () -- C:\Users\Anh Nguyen\Desktop\iTunes.lnk
[2010/12/27 12:35:21 | 000,001,066 | ---- | M] () -- C:\Users\Anh Nguyen\Desktop\Aimersoft DVD Studio Pack.lnk
[2010/12/27 12:34:43 | 000,054,784 | ---- | M] () -- C:\Users\Anh Nguyen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/22 23:09:50 | 000,002,039 | ---- | M] () -- C:\Users\Anh Nguyen\Desktop\VisualBoyAdvance.exe - Shortcut.lnk
[2010/12/21 14:44:12 | 000,050,522 | ---- | M] () -- C:\Users\Anh Nguyen\Desktop\Draft1.docx
[2010/12/21 11:22:08 | 003,393,043 | ---- | M] () -- C:\Users\Anh Nguyen\Presentation1.pptx
[2010/12/21 10:47:28 | 000,014,119 | ---- | M] () -- C:\Users\Anh Nguyen\Speech.docx
[2010/12/20 22:33:38 | 000,012,456 | ---- | M] () -- C:\Users\Anh Nguyen\Documents\Speech.docx
[2010/12/20 22:30:28 | 002,839,741 | ---- | M] () -- C:\Users\Anh Nguyen\Documents\Presentation1.pptx
[2010/12/20 18:30:59 | 000,001,900 | ---- | M] () -- C:\Users\Anh Nguyen\Desktop\Project64 1.6.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/20 18:05:17 | 000,001,356 | ---- | M] () -- C:\Users\Anh Nguyen\AppData\Local\d3d9caps.dat
[2010/12/07 00:14:02 | 000,030,208 | ---- | M] () -- C:\Users\Anh Nguyen\Documents\Anh Nguyen _ Carnegie Recommendation.doc
[2010/12/07 00:13:17 | 000,030,208 | ---- | M] () -- C:\Users\Anh Nguyen\Documents\Letter of Recommendation _ DA.doc
[2010/12/07 00:12:34 | 000,013,858 | ---- | M] () -- C:\Users\Anh Nguyen\Documents\Letter of Recommendation _ DA.docx
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Anh Nguyen\Documents\*.tmp files -> C:\Users\Anh Nguyen\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/04 12:25:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/04 12:25:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/04 12:25:36 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/04 12:25:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/04 12:25:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/03 22:22:14 | 000,007,254 | ---- | C] () -- C:\Users\Anh Nguyen\Documents\log.xml
[2011/01/03 20:40:42 | 000,000,203 | ---- | C] () -- C:\Users\Anh Nguyen\Desktop\P64.rtf
[2011/01/03 16:35:22 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/01/02 22:31:28 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/01/02 21:44:27 | 000,000,480 | ---- | C] () -- C:\Users\Anh Nguyen\TakeControlOf.cmd
[2011/01/02 21:28:34 | 000,000,000 | -H-- | C] () -- C:\Users\Anh Nguyen\AppData\Roaming\M71J68N67k.txt
[2011/01/02 20:01:33 | 000,000,046 | ---- | C] () -- C:\Windows\qqtX4
[2011/01/02 20:01:33 | 000,000,046 | ---- | C] () -- C:\Windows\6OMU44uWOW
[2011/01/02 20:01:33 | 000,000,044 | ---- | C] () -- C:\Windows\cNY4SQa1ek
[2011/01/02 20:01:33 | 000,000,043 | ---- | C] () -- C:\Windows\RuCWc
[2011/01/02 20:01:33 | 000,000,042 | ---- | C] () -- C:\Windows\oF1CKLrj
[2011/01/02 20:01:33 | 000,000,042 | ---- | C] () -- C:\Windows\KJLfO5
[2011/01/02 20:01:33 | 000,000,040 | ---- | C] () -- C:\Windows\HfSCj
[2011/01/02 20:01:33 | 000,000,038 | ---- | C] () -- C:\Windows\M5UPkoM
[2011/01/02 20:01:33 | 000,000,038 | ---- | C] () -- C:\Windows\bfxio
[2011/01/02 20:01:33 | 000,000,037 | ---- | C] () -- C:\Windows\Xs6kVY
[2011/01/02 20:01:33 | 000,000,037 | ---- | C] () -- C:\Windows\EsxjCr
[2011/01/02 20:01:33 | 000,000,036 | ---- | C] () -- C:\Windows\xcYbidTs
[2011/01/02 20:01:33 | 000,000,036 | ---- | C] () -- C:\Windows\O7E1iaf22s
[2011/01/02 20:01:33 | 000,000,036 | ---- | C] () -- C:\Windows\CmEm4WQT1
[2011/01/02 20:01:33 | 000,000,035 | ---- | C] () -- C:\Windows\8EAjHymp
[2011/01/02 20:01:33 | 000,000,034 | ---- | C] () -- C:\Windows\jvCdUC
[2011/01/02 20:01:33 | 000,000,032 | ---- | C] () -- C:\Windows\qF7MFv
[2011/01/02 20:01:33 | 000,000,029 | ---- | C] () -- C:\Windows\v7VdnYqe
[2011/01/02 20:01:33 | 000,000,027 | ---- | C] () -- C:\Windows\xNiEn
[2011/01/02 20:01:33 | 000,000,027 | ---- | C] () -- C:\Windows\jNINWpX8E
[2011/01/02 20:01:33 | 000,000,026 | ---- | C] () -- C:\Windows\xO8HATyLOY
[2011/01/02 20:01:33 | 000,000,026 | ---- | C] () -- C:\Windows\T3kUj
[2011/01/02 20:01:33 | 000,000,026 | ---- | C] () -- C:\Windows\qWab5IJ
[2011/01/02 20:01:33 | 000,000,026 | ---- | C] () -- C:\Windows\1caPV
[2011/01/02 20:01:33 | 000,000,025 | ---- | C] () -- C:\Windows\kXEPL1AT3
[2011/01/02 20:01:33 | 000,000,024 | ---- | C] () -- C:\Windows\icybByB7U
[2011/01/02 20:01:32 | 000,759,808 | ---- | C] () -- C:\Windows\System32\drivers\ejnnfk.sys
[2011/01/02 20:01:32 | 000,000,049 | ---- | C] () -- C:\Windows\aGAhEhsUk
[2011/01/02 20:01:32 | 000,000,047 | ---- | C] () -- C:\Windows\rAN7VLcsJi
[2011/01/02 20:01:32 | 000,000,047 | ---- | C] () -- C:\Windows\kTetkiUNn5
[2011/01/02 20:01:32 | 000,000,046 | ---- | C] () -- C:\Windows\phEx45E
[2011/01/02 20:01:32 | 000,000,046 | ---- | C] () -- C:\Windows\AE5mB2cG7
[2011/01/02 20:01:32 | 000,000,046 | ---- | C] () -- C:\Windows\A5RpSGbTV4
[2011/01/02 20:01:32 | 000,000,045 | ---- | C] () -- C:\Windows\wFyfJt
[2011/01/02 20:01:32 | 000,000,045 | ---- | C] () -- C:\Windows\kkU1VPSLP
[2011/01/02 20:01:32 | 000,000,044 | ---- | C] () -- C:\Windows\4i2CHc316
[2011/01/02 20:01:32 | 000,000,043 | ---- | C] () -- C:\Windows\e2BRs7XCOc
[2011/01/02 20:01:32 | 000,000,043 | ---- | C] () -- C:\Windows\8DDlY
[2011/01/02 20:01:32 | 000,000,041 | ---- | C] () -- C:\Windows\TtMYc336j
[2011/01/02 20:01:32 | 000,000,040 | ---- | C] () -- C:\Windows\pXNtfL
[2011/01/02 20:01:32 | 000,000,040 | ---- | C] () -- C:\Windows\kAcXHdPa
[2011/01/02 20:01:32 | 000,000,040 | ---- | C] () -- C:\Windows\7BP46dfh
[2011/01/02 20:01:32 | 000,000,040 | ---- | C] () -- C:\Windows\31smHNO
[2011/01/02 20:01:32 | 000,000,039 | ---- | C] () -- C:\Windows\xWab4
[2011/01/02 20:01:32 | 000,000,039 | ---- | C] () -- C:\Windows\nlFAbIa
[2011/01/02 20:01:32 | 000,000,039 | ---- | C] () -- C:\Windows\iMBu3o
[2011/01/02 20:01:32 | 000,000,034 | ---- | C] () -- C:\Windows\MAGsm
[2011/01/02 20:01:32 | 000,000,033 | ---- | C] () -- C:\Windows\vxy1p3
[2011/01/02 20:01:32 | 000,000,033 | ---- | C] () -- C:\Windows\JMuXAGjvk
[2011/01/02 20:01:32 | 000,000,032 | ---- | C] () -- C:\Windows\Xpf2Mm2KO
[2011/01/02 20:01:32 | 000,000,031 | ---- | C] () -- C:\Windows\QBlXkV4
[2011/01/02 20:01:32 | 000,000,031 | ---- | C] () -- C:\Windows\BKESmNn
[2011/01/02 20:01:32 | 000,000,029 | ---- | C] () -- C:\Windows\tYPYrCGdab
[2011/01/02 20:01:32 | 000,000,029 | ---- | C] () -- C:\Windows\k2UcdPmmu
[2011/01/02 20:01:32 | 000,000,029 | ---- | C] () -- C:\Windows\5hhALccVlp
[2011/01/02 20:01:32 | 000,000,029 | ---- | C] () -- C:\Windows\1QlCEMCW
[2011/01/02 20:01:30 | 000,000,046 | ---- | C] () -- C:\Windows\mAn1T2tUw
[2011/01/02 20:01:30 | 000,000,044 | ---- | C] () -- C:\Windows\eXywNfD
[2011/01/02 20:01:30 | 000,000,043 | ---- | C] () -- C:\Windows\w3Sya
[2011/01/02 20:01:30 | 000,000,042 | ---- | C] () -- C:\Windows\DX7CfXOvPi
[2011/01/02 20:01:30 | 000,000,042 | ---- | C] () -- C:\Windows\C7XHWqda3J
[2011/01/02 20:01:30 | 000,000,041 | ---- | C] () -- C:\Windows\XeBrLSBhFa
[2011/01/02 20:01:30 | 000,000,041 | ---- | C] () -- C:\Windows\SHAcB
[2011/01/02 20:01:30 | 000,000,041 | ---- | C] () -- C:\Windows\OerVNcIU
[2011/01/02 20:01:30 | 000,000,041 | ---- | C] () -- C:\Windows\fAmoEI
[2011/01/02 20:01:30 | 000,000,041 | ---- | C] () -- C:\Windows\aMk1aAKjeK
[2011/01/02 20:01:30 | 000,000,040 | ---- | C] () -- C:\Windows\Ggic7
[2011/01/02 20:01:30 | 000,000,039 | ---- | C] () -- C:\Windows\VYheTgWVhv
[2011/01/02 20:01:30 | 000,000,039 | ---- | C] () -- C:\Windows\qqvYDwBc1
[2011/01/02 20:01:30 | 000,000,038 | ---- | C] () -- C:\Windows\u8Qfaq
[2011/01/02 20:01:30 | 000,000,037 | ---- | C] () -- C:\Windows\y4FDpTTw
[2011/01/02 20:01:30 | 000,000,032 | ---- | C] () -- C:\Windows\BNL5qes
[2011/01/02 20:01:30 | 000,000,030 | ---- | C] () -- C:\Windows\QcFIC
[2011/01/02 20:01:30 | 000,000,030 | ---- | C] () -- C:\Windows\8PpDHAfK3i
[2011/01/02 20:01:30 | 000,000,028 | ---- | C] () -- C:\Windows\UouBhbn
[2011/01/02 20:01:30 | 000,000,028 | ---- | C] () -- C:\Windows\bw8VjavCUR
[2011/01/02 20:01:30 | 000,000,027 | ---- | C] () -- C:\Windows\fyPWpUc
[2011/01/02 20:01:30 | 000,000,025 | ---- | C] () -- C:\Windows\78ErIXU
[2011/01/02 20:01:28 | 000,000,047 | ---- | C] () -- C:\Windows\wMhwL
[2011/01/02 20:01:28 | 000,000,045 | ---- | C] () -- C:\Windows\Tclwf
[2011/01/02 20:01:28 | 000,000,045 | ---- | C] () -- C:\Windows\AqcTjYS4
[2011/01/02 20:01:28 | 000,000,044 | ---- | C] () -- C:\Windows\Y6NxdTNG
[2011/01/02 20:01:28 | 000,000,044 | ---- | C] () -- C:\Windows\N5hbL6aH
[2011/01/02 20:01:28 | 000,000,044 | ---- | C] () -- C:\Windows\dUxpqMMDA
[2011/01/02 20:01:28 | 000,000,044 | ---- | C] () -- C:\Windows\BliukY4HP
[2011/01/02 20:01:28 | 000,000,043 | ---- | C] () -- C:\Windows\gy8PxTd2
[2011/01/02 20:01:28 | 000,000,043 | ---- | C] () -- C:\Windows\3tDqVkUOoG
[2011/01/02 20:01:28 | 000,000,041 | ---- | C] () -- C:\Windows\U5DiVlAr
[2011/01/02 20:01:28 | 000,000,041 | ---- | C] () -- C:\Windows\iW1xkQGf
[2011/01/02 20:01:28 | 000,000,040 | ---- | C] () -- C:\Windows\144jkRfYe5
[2011/01/02 20:01:28 | 000,000,039 | ---- | C] () -- C:\Windows\K1288ihQ
[2011/01/02 20:01:28 | 000,000,038 | ---- | C] () -- C:\Windows\JnGCQ
[2011/01/02 20:01:28 | 000,000,037 | ---- | C] () -- C:\Windows\KKYECa7cX
[2011/01/02 20:01:28 | 000,000,037 | ---- | C] () -- C:\Windows\6foPCe7qNo
[2011/01/02 20:01:28 | 000,000,036 | ---- | C] () -- C:\Windows\djc3GMAv
[2011/01/02 20:01:28 | 000,000,035 | ---- | C] () -- C:\Windows\pLjsPVkfn1
[2011/01/02 20:01:28 | 000,000,035 | ---- | C] () -- C:\Windows\CCLOgpM
[2011/01/02 20:01:28 | 000,000,035 | ---- | C] () -- C:\Windows\8AM1o
[2011/01/02 20:01:28 | 000,000,034 | ---- | C] () -- C:\Windows\gNADHr
[2011/01/02 20:01:28 | 000,000,032 | ---- | C] () -- C:\Windows\urWpo
[2011/01/02 20:01:28 | 000,000,032 | ---- | C] () -- C:\Windows\JsIqItNQ
[2011/01/02 20:01:28 | 000,000,032 | ---- | C] () -- C:\Windows\JGgYi
[2011/01/02 20:01:28 | 000,000,032 | ---- | C] () -- C:\Windows\ekHFhX4c
[2011/01/02 20:01:28 | 000,000,030 | ---- | C] () -- C:\Windows\oSIru3SWY
[2011/01/02 20:01:28 | 000,000,029 | ---- | C] () -- C:\Windows\ObunXm6t
[2011/01/02 20:01:28 | 000,000,028 | ---- | C] () -- C:\Windows\BhsWaf
[2011/01/02 20:01:28 | 000,000,025 | ---- | C] () -- C:\Windows\vARUH
[2011/01/02 20:01:28 | 000,000,024 | ---- | C] () -- C:\Windows\kc5EkqCghH
[2010/12/29 20:00:03 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/12/29 20:00:03 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/12/29 15:11:32 | 000,002,069 | ---- | C] () -- C:\Users\Anh Nguyen\Desktop\Google Chrome.lnk
[2010/12/29 15:11:32 | 000,002,031 | ---- | C] () -- C:\Users\Anh Nguyen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/28 22:09:16 | 001,506,701 | ---- | C] () -- C:\Users\Anh Nguyen\Documents\2761274.pdf
[2010/12/28 00:25:08 | 000,050,522 | ---- | C] () -- C:\Users\Anh Nguyen\Desktop\Draft1.docx
[2010/12/28 00:24:10 | 000,397,183 | ---- | C] () -- C:\Users\Anh Nguyen\Documents\Japan - SE Asia.pdf
[2010/12/27 12:58:02 | 000,001,684 | ---- | C] () -- C:\Users\Anh Nguyen\Desktop\iTunes.lnk
[2010/12/27 12:35:21 | 000,001,066 | ---- | C] () -- C:\Users\Anh Nguyen\Desktop\Aimersoft DVD Studio Pack.lnk
[2010/12/27 02:01:29 | 000,675,840 | ---- | C] () -- C:\Windows\System32\ac3filter.ax
[2010/12/27 02:01:29 | 000,496,640 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2010/12/21 10:38:12 | 003,393,043 | ---- | C] () -- C:\Users\Anh Nguyen\Presentation1.pptx
[2010/12/21 10:38:12 | 000,014,119 | ---- | C] () -- C:\Users\Anh Nguyen\Speech.docx
[2010/12/20 21:46:26 | 002,839,741 | ---- | C] () -- C:\Users\Anh Nguyen\Documents\Presentation1.pptx
[2010/12/20 18:30:59 | 000,001,900 | ---- | C] () -- C:\Users\Anh Nguyen\Desktop\Project64 1.6.lnk
[2010/12/20 18:19:09 | 000,002,039 | ---- | C] () -- C:\Users\Anh Nguyen\Desktop\VisualBoyAdvance.exe - Shortcut.lnk
[2010/12/17 16:21:46 | 000,012,456 | ---- | C] () -- C:\Users\Anh Nguyen\Documents\Speech.docx
[2010/12/13 16:47:11 | 3745,415,168 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/11 15:26:48 | 000,002,377 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/07 00:14:01 | 000,030,208 | ---- | C] () -- C:\Users\Anh Nguyen\Documents\Anh Nguyen _ Carnegie Recommendation.doc
[2010/12/07 00:13:16 | 000,030,208 | ---- | C] () -- C:\Users\Anh Nguyen\Documents\Letter of Recommendation _ DA.doc
[2010/12/06 21:46:41 | 000,013,858 | ---- | C] () -- C:\Users\Anh Nguyen\Documents\Letter of Recommendation _ DA.docx
[2010/11/04 09:08:35 | 000,001,356 | ---- | C] () -- C:\Users\Anh Nguyen\AppData\Local\d3d9caps.dat
[2010/09/15 23:05:39 | 000,004,990 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010/07/09 19:41:09 | 000,000,392 | ---- | C] () -- C:\ProgramData\DRMline.dat
[2009/09/28 09:00:21 | 003,756,032 | ---- | C] () -- C:\Users\Anh Nguyen\AppData\Local\filesync.metadata
[2009/09/22 04:58:29 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/08/31 00:43:25 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/08/31 00:43:25 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/08/31 00:43:24 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/31 00:43:23 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/08/31 00:43:23 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/15 22:03:50 | 000,000,883 | ---- | C] () -- C:\Windows\FOV2.ini
[2009/07/09 10:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/06/25 01:28:24 | 000,054,784 | ---- | C] () -- C:\Users\Anh Nguyen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/13 19:03:23 | 000,000,013 | ---- | C] () -- C:\Windows\System32\mrsipbk.ini
[2009/05/07 08:07:53 | 000,000,600 | ---- | C] () -- C:\Users\Anh Nguyen\AppData\Local\PUTTY.RND
[2009/05/02 08:28:37 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2009/05/02 08:28:37 | 001,507,328 | ---- | C] () -- C:\Windows\System32\nView.dll
[2009/05/02 08:28:37 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2009/05/02 08:28:37 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2009/05/02 05:57:55 | 000,341,930 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/02 05:57:54 | 000,341,930 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/05/02 05:54:24 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2009/05/02 04:18:17 | 000,000,000 | ---- | C] () -- C:\Users\Anh Nguyen\AppData\Local\WavXMapDrive.bat
[2009/04/28 15:31:57 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009/04/28 15:31:47 | 001,164,288 | ---- | C] () -- C:\Windows\System32\taboem.dll
[2009/04/28 07:57:01 | 000,279,888 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll
[2009/04/28 07:54:26 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2008/12/23 02:13:54 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2008/12/20 08:59:18 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2008/12/20 08:59:16 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2008/12/20 08:59:16 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2008/12/20 08:59:14 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2008/12/20 08:59:14 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2008/12/20 08:59:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2008/12/20 08:59:10 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2008/12/20 08:59:10 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2008/12/20 08:59:08 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2008/12/20 08:59:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2008/12/20 08:59:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2008/12/20 08:59:04 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2008/12/20 08:59:04 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2008/12/20 08:59:02 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2008/12/20 08:59:00 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2008/12/20 08:59:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2008/12/20 08:58:58 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2008/12/20 08:58:56 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2008/12/20 08:58:56 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2008/12/20 08:58:54 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2008/12/20 08:58:54 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2008/12/20 08:58:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2008/12/20 08:58:50 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2008/12/20 08:58:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2008/12/12 05:51:36 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2008/12/12 02:59:48 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll
[2008/12/12 02:59:46 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll
[2008/12/12 02:59:46 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll
[2008/12/12 02:59:46 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll
[2008/12/12 02:59:44 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll
[2008/12/12 02:59:44 | 000,503,808 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll
[2008/12/12 02:59:42 | 000,565,248 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll
[2008/12/12 02:59:42 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll
[2008/12/12 02:59:40 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_da.dll
[2008/12/12 02:59:40 | 000,479,232 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll
[2008/12/12 02:59:40 | 000,475,136 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll
[2008/12/12 02:59:38 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_nl.dll
[2008/12/12 02:59:38 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_no.dll
[2008/12/12 02:59:36 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_pl.dll
[2008/12/12 02:59:36 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_sv.dll
[2008/12/12 02:59:36 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_ar.dll
[2008/12/12 02:59:34 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_el.dll
[2008/12/12 02:59:34 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_cs.dll
[2008/12/12 02:59:34 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_fi.dll
[2008/12/12 02:59:34 | 000,503,808 | ---- | C] () -- C:\Windows\System32\AmRes_he.dll
[2008/12/12 02:59:32 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_pt-PT.dll
[2008/12/12 02:59:32 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_hu.dll
[2008/12/12 02:59:30 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_ro.dll
[2008/12/12 02:59:30 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_tr.dll
[2008/12/12 02:56:30 | 000,544,768 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll
[2008/10/07 22:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 22:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 22:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 22:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 22:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 22:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 22:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 22:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 22:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 22:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/10/07 08:36:56 | 000,839,680 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2008/03/25 23:46:00 | 000,077,536 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2007/04/19 19:52:16 | 000,080,720 | ---- | C] () -- C:\Windows\System32\AsfBios.dll
[2007/04/19 19:28:10 | 000,025,424 | ---- | C] () -- C:\Windows\System32\drivers\netamsg.dll
[2006/11/02 19:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 16:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/07/01 02:58:44 | 000,176,128 | R--- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2006/07/01 02:58:44 | 000,126,976 | R--- | C] () -- C:\Windows\System32\bioapi100.dll
[2004/09/11 03:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2004/09/11 03:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
[2001/11/15 03:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/10/30 02:35:46 | 000,000,040 | ---- | C] () -- C:\Windows\System32\sx5363.ini

========== LOP Check ==========

[2010/12/16 20:17:42 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\.anki
[2010/11/25 09:44:16 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\.matplotlib
[2009/05/02 12:16:26 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\acccore
[2010/05/20 10:16:18 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\Amazon
[2009/09/06 19:29:50 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\Ashampoo
[2009/10/02 09:27:06 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\Atari
[2009/05/02 04:18:13 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\Broadcom
[2010/05/20 06:56:26 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\calibre
[2010/09/15 23:05:39 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\Carambis
[2011/01/04 15:51:54 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\IrfanView
[2010/12/14 22:37:05 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\JAM Software
[2011/01/04 15:51:54 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\Launchy
[2009/09/12 19:54:06 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\Leadertech
[2010/06/02 16:20:42 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\NesterSoft
[2011/01/04 15:51:45 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\Nokia
[2011/01/04 15:51:46 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\OpenOffice.org
[2009/09/14 00:19:05 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\PPLiveVA
[2010/03/12 13:57:46 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\Sports Interactive
[2009/06/03 12:42:20 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\SQL Developer
[2009/09/14 00:37:36 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\StreamTorrent
[2009/05/02 08:19:40 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\SystemRequirementsLab
[2009/05/03 10:30:08 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\Thunderbird
[2009/05/02 06:36:13 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\Uniblue
[2011/01/03 16:33:31 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\uTorrent
[2009/05/02 04:18:34 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\Wave Systems Corp
[2009/05/02 07:58:40 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\wsInspector
[2009/09/11 22:32:10 | 000,000,000 | ---D | M] -- C:\Users\Anh Nguyen\AppData\Roaming\Xerox
[2011/01/05 01:26:21 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/01/02 22:10:53 | 000,000,024 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/11/02 18:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2011/01/04 13:14:14 | 000,025,098 | ---- | M] () -- C:\ComboFix.txt
[2006/09/19 06:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/04/28 15:32:08 | 000,005,001 | RH-- | M] () -- C:\dell.sdr
[2011/01/05 12:07:37 | 3745,415,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/29 20:00:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/28 09:59:17 | 000,001,056 | -H-- | M] () -- C:\IPH.PH
[2010/12/29 20:00:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/05 12:07:36 | 4059,160,576 | -HS- | M] () -- C:\pagefile.sys
[2010/07/25 16:28:46 | 000,000,252 | ---- | M] () -- C:\qhdebug.log
[2011/01/02 20:03:56 | 000,063,464 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_02.01.2011_20.02.55_log.txt
[2011/01/02 22:10:33 | 000,063,000 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_02.01.2011_22.08.06_log.txt
[2011/01/03 11:52:00 | 000,063,470 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_03.01.2011_11.51.11_log.txt
[2011/01/03 14:28:11 | 000,064,558 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_03.01.2011_14.27.32_log.txt
[2010/12/29 15:34:17 | 000,063,482 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_29.12.2010_15.33.31_log.txt
[2009/06/16 15:58:41 | 000,003,721 | ---- | M] () -- C:\WirelessDiagLog.csv

< %systemroot%\Fonts\*.com >
[2006/11/02 21:37:19 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 21:37:19 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 21:37:19 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 21:37:19 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/19 06:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 18:46:05 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 21:36:30 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2007/12/10 10:00:00 | 000,057,344 | ---- | M] (Zenographics, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\ZIMFPRNT.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/04/28 07:39:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2009/05/07 07:03:40 | 000,454,656 | ---- | M] (Simon Tatham) -- C:\Program Files\putty.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 19:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 19:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 19:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 19:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 19:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/02 02:12:15 | 000,000,221 | -HS- | M] () -- C:\Users\Anh Nguyen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2006/11/02 21:36:17 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/04/28 08:03:06 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2009/04/28 08:02:36 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2009/04/28 08:02:36 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/04/28 08:02:36 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2009/04/28 08:02:36 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2009/04/28 08:02:36 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/05/02 04:17:58 | 000,000,402 | -HS- | M] () -- C:\Users\Anh Nguyen\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/15 23:05:39 | 000,004,990 | ---- | M] () -- C:\ProgramData\mtbjfghn.xbe
[2011/01/05 12:10:02 | 000,341,930 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP74B6CF5

< End of report >

superpig10000 · 2011/01/04

Extras.txt Part 1

OTL Extras logfile created on: 1/5/2011 12:15:58 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Anh Nguyen\Calibre Library\Downloads
Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.43 Gb Total Space | 13.82 Gb Free Space | 19.07% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.36 Gb Free Space | 68.20% Space Free | Partition Type: NTFS

Computer Name: PU121126 | User Name: Anh Nguyen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1783976355-914737711-2657614627-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F64376-308F-48B4-8DBC-A089897DD784}" = lport=57655 | protocol=6 | dir=in | name=pando media booster |
"{1901685D-3674-4101-A098-86BB5ABA2077}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1A56EFAF-0074-46C3-B2AC-0066B16C257E}" = lport=57655 | protocol=17 | dir=in | name=pando media booster |
"{2842E026-C5D0-446E-A978-9EBEA26BD3F8}" = rport=445 | protocol=6 | dir=out | app=system |
"{2E3E9808-966E-46C8-ABFD-51A8D1AEACEF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4C94449B-D0A1-4725-B8B8-DF3A6CC1D682}" = lport=138 | protocol=17 | dir=in | app=system |
"{4EB2316D-96F2-445C-9B8E-06F8D8B80958}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4F9E2200-34B7-4B89-BF61-7831D43B167F}" = lport=139 | protocol=6 | dir=in | app=system |
"{6E965CCB-E2C6-4860-84CA-81C600885A8B}" = lport=137 | protocol=17 | dir=in | app=system |
"{81156FDA-1F9F-4827-9A02-F0364B05BAEB}" = rport=138 | protocol=17 | dir=out | app=system |
"{93521B0D-E366-4611-80B3-72503659FE46}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC9A0F8E-66E5-4C18-BC73-7D9A90907EF2}" = lport=57655 | protocol=6 | dir=in | name=pando media booster |
"{D8C4145B-ACA6-4172-8B57-059A5DD30A9F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E04201F1-0B32-4063-A3FE-E751908CB7DD}" = lport=57655 | protocol=17 | dir=in | name=pando media booster |
"{E23B8761-B2F0-4ACC-9E83-01789E079081}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3E910A6-813F-4B7D-9448-17079E4AAA75}" = rport=139 | protocol=6 | dir=out | app=system |
"{E72ECAFF-C641-46FE-9733-C8E2DC438DF9}" = lport=445 | protocol=6 | dir=in | app=system |
"{F132C936-64DA-4B31-8A0E-457B8C8D9F80}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0267EE08-B4A5-48E1-9943-55E1AAD824A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05201129-A366-472A-BD6F-F7B3116A0B1E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05B64891-FE58-4430-BCB8-AF3B2A2A6F0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06482976-7E7E-49A0-B609-34D6F48ECDDA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06A9F71B-23E2-4917-B1B9-53FF07796C07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{082C52D0-6768-4FB3-9866-B49061C4A5F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0911BC80-482D-4287-B325-43C51F6E45A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09124007-DF2B-4B1E-A04C-166ADE395059}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09A902D1-682B-423B-94DE-464002A67A6F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AB05693-B0E3-44CE-83FB-1AE7B4771659}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B46DD51-82CA-48AA-8E54-4B9E0D3A5CA5}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{0B8F1AD1-EBE0-4EDB-829E-E46396C8147F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C14D662-3D01-4BA0-B74B-3D57281411E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C230BCB-F7FD-4182-A4D5-6FA8602829D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C9C2468-3AC3-4250-B337-9000CEC22D3E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CBE0506-49D2-4C8C-AC3C-9A212468736C}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{0D07B8D6-C82F-4715-801B-C3B40692FD36}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D57C46D-3AA8-4A19-81E2-4322C4741856}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D6841AC-725D-4DE0-9B5D-B4AEF2B49BB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D782B3C-33C1-4AA2-ADFB-768DBD3832F8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E043247-56B8-4F2E-A291-9EB3D3CEF5B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E3F9DD1-25B5-43A4-8B46-0B5B5671883D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E44F5EF-ECE1-4E07-8394-939C4C712C19}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0EFA89DF-3849-4856-84CB-EF4D12A5D0D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1114D73D-ACB1-4C8A-AF76-E12E248D1A0D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12776AE9-1E19-4626-898F-B302D829A9D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12A01696-2B33-4AF7-BE7D-01D8721071D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12C0D3BA-EDB6-44F3-8972-DC309F9809E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1311B152-0223-46FB-BFA6-1257B7AE226B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{13D051D9-9512-42A2-8D7D-84FCC1AACAC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1586F83B-52CE-4E0E-B5C7-C5576C1AAF12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{159B6C32-2B11-4D92-9B9A-5FD6D3567B94}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1624D138-3824-451B-ABCC-7AE6045F2835}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{167CEB99-988A-4AFB-A1E1-7B9658CB2D22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1680A4CB-A16D-49BF-AC5B-AB1FAB43A9A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16B5CD3C-BC28-4307-AE68-F9672EBEEDFD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1730CFEF-001A-48B2-8329-428B5893B579}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{175C2C24-AFAA-451A-B2DC-70A4395C3844}" = protocol=6 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |
"{1886A634-C952-4A89-9121-87415A3543CF}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{189FF569-B5DA-4188-A66B-CEE0E9CBF64B}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{18AD3C37-F0BD-4883-B36C-3E0F5746D39A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1AA37D4D-5B8C-4F30-964A-466B4A9DB05E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1ABCA35F-1CAD-466E-99FC-45B58D61EB36}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1AF79601-4508-4BE4-88AB-8288F09F853F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B4F577C-9055-442B-B952-663CC5C457ED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B70B4A4-E397-48A3-BFA2-C16D5C1C19A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C6E1A60-23B5-4912-844A-D340740175E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D11E276-84B5-46A8-A858-C04FD3366CFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D3B6922-76A5-4CA7-85AD-42F758CC01AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DC9D28A-634B-42A8-89F5-9F07484BEF25}" = protocol=6 | dir=in | app=c:\program files\ppliveva\download.exe |
"{1EF0DF19-DB21-4BE3-9C4B-AFEB2E66AB6B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F7BA50C-629D-4B51-8CF3-FC2F8E404F3D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20CD5532-5B39-4100-98DE-D8149BDFD3DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{21E31571-6652-4DA8-90BF-DB801C8B758A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{22E14A1A-33F6-4056-AA97-F7E62FC8BE67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2367122F-7403-4A3F-B89E-9112022687FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2380E2F5-5458-4E14-9E55-10BCB9C6B948}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{23822379-1758-46C6-B64F-C7C6704714DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24AB4AE3-87C2-4DEE-9222-EFD3E78A56E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24D05FBC-D771-4C1E-A59D-B139D976023A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{264548C4-5C65-49BC-A82B-ADCEB9743994}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{295FD805-588C-4D6B-A0F1-61C46AB237B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{298A7A99-6BB9-4C5E-B2D4-B81F8FDDD853}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29B9ACF9-64AD-49F8-B543-B67F9F523FD1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29D1F785-1B8C-40F7-B5ED-E47722438ABF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A839B51-DA3A-4374-B8F5-8AFE9014E1F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AA9EBF1-CF01-43D1-8DC2-11695FE65165}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C29F4A3-E835-43D3-A5E0-E70E79B296D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C4326D5-BE1E-456F-81D5-E07ED0480BB9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2CF9E08D-7C40-4E89-BB64-9C003EBBA9C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D325C14-1D98-4732-A353-F63B6B1D5B55}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D44E8FF-A24D-4A5D-A50C-FD906389A5C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D68521C-ACFE-4B4D-B089-FACA10435C07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F07B6ED-18A5-4CEE-9313-C3C5FC870EFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F5FAAD7-D422-404A-B59C-F1C829F4B230}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
"{2F8EAECA-FD53-414B-BEE0-E43B6019C11C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F97FF79-8CE9-4479-98D8-7F474879E023}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FC1D0E7-0EFC-4587-A698-BAFE56054E94}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FD80BFD-0BBD-47A1-8618-F0BEBBAF2889}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{302BEB85-CF87-4134-B491-2F11D8CD41E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{31F2E783-A19F-4F88-81C8-08A917097419}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{32255C76-A763-46E2-9981-B97AE8714567}" = protocol=6 | dir=in | app=c:\users\anh nguyen\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{3255AA21-60B9-430F-88BB-34BD4B873C71}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{332BAE67-AFFB-455C-BF02-CA3E51505341}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3345C576-DD40-4DA6-9274-9ACE1EB857AD}" = protocol=17 | dir=in | app=c:\program files\vtcgame\fifa online 2\ff2client.exe |
"{3374180F-C4BB-4DD5-81EC-17DD668CB90C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{337BEC64-B8FE-45C6-97E3-26F648FDBBF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{346DFCE9-F99E-4FD4-BA80-6CCB781A1B17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35589CF9-D2EF-48B1-A52B-35FEAA3EB294}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36182E37-32EF-4871-9D93-0EDDF34608A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36652A40-8FD7-4D92-B7CD-EDCFE37E42B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36DEDFD2-A2AC-4E0A-87B4-86954825B377}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36EBF203-482B-491B-BD5C-2D45BE225A1E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36F53C67-597A-44EC-8FA2-FBF291373822}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37C9406F-9134-4E48-888B-510C4BE18529}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37FB0064-80AC-415F-AD08-9C85E3FD70EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38B4D420-ABD7-41A0-86A0-49C4FC75CD14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3959B50F-3EBF-43C3-9049-E5A5A6E6B713}" = protocol=6 | dir=in | app=c:\program files\pplive\ppliveu.exe |
"{3A74FF9E-7019-46C1-ACE0-A0DEC5975F67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A82C78A-0A0C-4A54-A68E-EB4C13A07C44}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A9FF83F-2F5C-4288-AC2B-04E567E7ED42}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3BFD9BC7-F43F-4758-8FAC-C6C561FE4291}" = protocol=6 | dir=in | app=c:\users\anh nguyen\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{3C199151-CC10-4CDD-98C6-4113BAD01D71}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D5155A2-6CC6-4897-B758-49993BA4080F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E0481A0-6D9D-430F-86E0-DB850871FE69}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E3B203D-53A7-4B9B-AA18-4989EDDDEB58}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E5F3230-A4CE-4FFE-9397-0722F098FB25}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EC44671-1066-4BCD-BF06-BE931BE2C3C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F528927-249C-4E4D-A240-94E1B870DF31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F864467-B5CE-48AE-96B6-4990E7450129}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{415E2C65-8025-40AF-9A85-F301ACB2BA4A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{419F716A-9912-426E-839A-4FFF439F504F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4278CF85-8482-4D1A-95D7-1DB21475FBE7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42DED37D-1A4E-4888-861B-A1CAB5E39975}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{432ADBC6-2652-4602-AC51-3FAE78EB6DE4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46AAC2EE-3C39-4861-85F8-9218858A188A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4825B944-5B31-46B6-B534-04C9742EFEFA}" = protocol=6 | dir=in | app=c:\users\anh nguyen\desktop\pes2009.exe |
"{48364367-A010-4303-9F9B-EC5B9AD25F3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4856C22E-7D6B-4D98-BE7D-69CB0E411730}" = protocol=17 | dir=in | app=c:\programdata\ppliveva\application\pplap.exe |
"{493CCE61-B9A3-4A4B-87F3-F6B76B4AF63D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49618876-6F3D-4E10-A23A-61A5772BF9A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4B11D8B3-F39A-4362-A631-DD8CEE8FF8E4}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4C1F3AED-31A2-4B55-ACD4-D5C1AB3F43B1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4CCD94B7-F89F-4241-B402-54C78E753034}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4DB8D0FB-0439-43CD-AF2B-50FA7A01D343}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{4ECA66E0-FDAE-4812-9249-23D66CA3713F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4FC7BBF1-27D7-4D8F-B05C-65774820C89A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{511741C0-A458-4554-BF85-E1F1D8E37CED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{515BB01C-D37F-4994-B588-DA2D9B457B88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{519A933C-924F-49A2-9837-8C2BF4D8DB38}" = protocol=17 | dir=in | app=h:\games\vtcgame\fifa online 2\ff2client.exe |
"{522BCA50-375C-487B-9AFC-3BB105754F2F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54D0B065-6F00-4330-9399-0ACED9765D95}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55F62996-9DEC-4F7F-ABBF-4D25CCA34FD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55FF0FE0-D942-4E5F-AED2-A812B40397F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56BA83D3-FB05-4AB6-88BB-0AEBEE4479D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5709305E-5703-4EBB-B1C1-D4A931A1D7BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57672E5F-26FA-4C45-9BD7-9440EA4903F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{579E0228-1146-43AD-B188-CCEBF0A857FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58138405-E3FB-47FB-A20E-21825A68A251}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58E2816C-43BA-40A1-A71A-00BF68D5971D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59927156-FC80-41CE-A384-10C5930785AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A1005D0-88AC-4CF6-99B0-74EF539B1CC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A3408A6-98E4-46D3-8C56-B7F8E7C05D8E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B225FBF-9A85-44E8-9CBB-6A900F2E9F52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5BA47B39-FA40-4B0B-8E67-3BD8E620B385}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C57E98E-AC9B-476F-9808-AE7E01ED0A8E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C8E3B2A-83AE-43C0-83E5-D015F9966D8F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5C94D6FE-10FD-44C7-B8C0-703E2B0C7D98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D9266B4-6DAE-4DA4-9F4F-4C514547C7D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E253888-6A9E-4838-81E0-7E21A73E116A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5EB660DC-FAB2-4B83-B25C-6234F1D97492}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F19DC6C-6681-4A02-AC3B-98BEFFA54C77}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{606C4108-71C5-4163-9EF8-75783D47FF11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{60C958DE-41E7-40D0-AF9D-8C3BBFFDBDF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62506720-4880-4889-B625-38DE3B731D42}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6280142F-BE61-47E4-A620-EA8D9EC36275}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6287C2CC-4083-43D1-B9C1-250066E91721}" = protocol=6 | dir=in | app=c:\programdata\ppliveva\application\pplap.exe |
"{635BD9EB-3A89-4C93-A909-02F8E1ACBE98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6392D682-07FE-4C12-BCC8-BDDFD4C404E3}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{65D6C065-FB33-4934-BA26-7860B8E6158A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65F81EAC-5DB8-48DC-B499-8E0D4C5EC0AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6683F838-5652-4516-A336-3AD660FC1882}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{669DBF19-4F0C-4347-A592-98A05866B035}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{66C2F63A-D750-44E4-B4CF-E018A55584B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{66FC5619-6B20-4989-8138-5C75CA1F649E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{682EB9F3-A7DA-45E4-AFE5-C16E221378B1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6830DD34-A367-4705-B74B-592FF7208380}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{686E064B-CDDE-43F9-A9CF-97E40EF25180}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{69D5797B-EB5E-40F2-8319-43609DCD11B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A19B7DC-CDA2-4164-8407-B6CC7455C332}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6B72D939-3448-487C-8DFC-A51D761926CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6BA20402-07E6-437C-80BB-7072DF27411A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6BD71EBA-D9B3-4046-BEBB-1153C75D86AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C13A763-E575-40F1-8FCD-E2FF05CCE507}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C4F3EA4-DEE3-4EDA-85DB-F861790EBEDC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D1AA583-AC0B-468D-9EEF-AF8989FDF838}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"{6DC129BA-6A54-4A05-8E53-925FD203BEA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6DD47417-F87D-42D8-A5A8-3E5E0E1BEC4E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E599D2C-8D0E-4918-B800-DDFF095D6880}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6EC8D5BC-919B-47C1-95F4-C5C3BF599356}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |
"{6EE6BC39-E6EC-47C9-A3DA-D6E2E95EC536}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F1E846D-CB0A-4F59-B540-F53DFB561FC9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F29ED39-3E2F-41AA-9AFC-A1E6F927B3DC}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{6F4CA32D-50CC-4035-AE43-A5C0869EFE58}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6FAD69FC-C2B1-4742-BFD2-C7A8A43291E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{707D84CF-CA25-4C7C-AB53-07B18DB3FAC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{71068B93-446E-45DA-A06F-EAA7106F54DE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7157396A-BE86-49D4-969D-EDB2D22B2FB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{716244CD-7C49-4C94-A8D6-39BF94E79A46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{735F8119-C9A5-4FE9-8300-84B08F6D9FCA}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{73E97123-960C-4E69-A98E-5FE5AB562A0C}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
"{74375C2F-AD5B-47EB-98A3-9FB22DA4B50A}" = protocol=17 | dir=in | app=c:\users\anh nguyen\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{74931F85-02EA-42FB-A1DE-C285B0BE0694}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75C87E91-2763-4917-B794-5126A7D54B55}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75DB79A5-17AB-4B53-8B12-8DEAC15213CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{760B47F9-D963-4441-AEBE-D765F4063757}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{76A6E7E2-EEFA-4375-AEE2-6B74F47B62AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76DE3DE0-3F17-4751-B191-186A29627D44}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{770ECC6B-2CAD-414D-8EAF-D09318EB9796}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77304556-2CC7-4F75-A669-8232C03B9DFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78417AF1-C99F-4E77-9CA8-7087DDF2D8EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78B2CF5C-B6E4-4304-B40A-1119046945D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78D700DA-D125-4E59-9B5E-4EF6F8F59032}" = protocol=17 | dir=in | app=c:\users\anh nguyen\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{79029880-E635-41A8-9212-176DC1F42139}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7A1F6C86-9BA0-46EB-8724-EB1F22773E9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7AA75023-047E-4653-894C-52A7711279D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B91F452-E668-48A1-8D25-F5193608C063}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B926351-B7E6-408D-AAAD-9D4505CDE113}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7CC75EBF-F74D-44A6-9988-186772008D27}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7ED57CB4-47C6-4433-BDBF-BDCC6DEDFD87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F00FED0-AB2E-493A-A098-67EA34D94FEF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7F8FB06C-4542-4211-B266-9E8CD8D85DF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{809935BC-C779-486E-B220-9CE7EEB87C8D}" = protocol=6 | dir=in | app=c:\users\anh nguyen\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{80E12939-7B1E-479E-808C-28CE863958AE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8105DBFA-B81E-418F-9F48-DF06B55F1B52}" = protocol=17 | dir=in | app=c:\users\anh nguyen\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{815DBDBD-70E9-4BF2-9215-AE80815A43E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8242605A-25E1-4B1C-86C7-210EACC56040}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{824B0FAB-AA0A-467E-BCCB-D9968D7D7682}" = protocol=17 | dir=in | app=c:\program files\ppliveva\downloadprogress.exe |
"{832AD628-F78D-4CD5-8758-D8340CE92F7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{846F3C31-FF3E-46A9-8D44-5653D6FFD0AC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{851C2C56-F72B-440D-9803-1672EE3453C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{851ED4F8-432A-4BAD-9DD3-38B9EF569FBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8587849D-F580-454C-87AB-7185B9245E3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85C22557-2FB2-4595-B5A4-5ABD5CDECFAD}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{85E876A7-E961-4DFC-B4AA-CBE8BE80123C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85F41E5C-779B-4229-BAF6-84350AA602E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8662D4C5-8C57-4002-A8CB-B202EE90223B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87F6977C-9FBF-4F46-AFE0-60D25B9278B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88D05FBB-DB79-452E-AF42-7BE1E8D67E0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89145CDB-5DE5-4DFC-94C1-52FD004BBDCB}" = protocol=6 | dir=in | app=c:\vtcgame\fifa online 2\ff2client.exe |
"{8915482A-24F9-4F02-B222-9BB43057303A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8919F996-F834-43AB-BADC-0AC96BC3E249}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{8939DD6A-B72D-4497-A598-449F75A8619D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B1CA06E-DB86-4D9C-AC6A-46508A84D0A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B35034A-C88D-4739-87B8-4847ACE2A096}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BA37181-110C-4DA3-9D1D-CA405ECD55AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BE160CD-F7CA-4BBF-A9C1-2C285C3DC655}" = protocol=17 | dir=in | app=c:\program files\ppliveva\crashupload.exe |
"{8C629629-6F97-4866-A0FC-9F3DE70346D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8CCB2149-AFA0-4CF0-8002-A754BE7BAA04}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |
"{8D0CA3DD-ED3F-4B21-B676-83527F0F812F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D5F43AD-A10F-439A-805F-403D86456A31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E06F11D-7D69-463C-ADC0-0050E1FD9804}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E6EB1E9-7BB4-429B-9942-72AC5705D470}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8F1C9C10-10F5-47FD-BEC1-D69960DEED12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FA6E1A8-BDBB-48E8-9C1B-BBCC7693D4E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FF41E31-3FF5-4804-8FC5-93DA9C5D5406}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9031058E-201A-4171-8E32-087A62FA54AD}" = protocol=17 | dir=in | app=c:\users\anh nguyen\desktop\pes2009.exe |
"{9088E49F-5DC1-4601-8321-02DE405A4285}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9133A372-3175-4DE4-9A99-97B88E3481A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{91CEB1FC-5C58-4955-81B7-E828DDFC23A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9278D9D9-8B8E-429A-9846-A0995A371C3F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{946B2A0A-1B41-4AFF-BACC-60102352C93B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9480D102-B46F-420B-9E19-1F633D2C27E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9552F4AE-CD70-47B7-AABF-A9ED1D8400C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9749603D-EED9-4215-BC26-7C64CE018916}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{97A70369-C923-4A74-8CBE-046B6EAB6160}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98314FF6-5F11-4F42-A8C1-72D8D927DAAC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{984C77B5-CF50-4419-A358-9D50AEC9981B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{988D7C89-8530-45D8-8732-2CD827895470}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98FF798F-A357-4638-A924-FC09B76CA561}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{991192EB-30FE-493D-8333-95CBE647607D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A44C1CD-777A-4E84-A7AC-C048494EADD6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A5C2ECF-47DF-463B-BBC4-7E7047177020}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9AE14442-28DA-494D-93D4-D4914D531E65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9AFE9D86-53DA-468F-81C1-F5213288565E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B51E579-92A4-44CE-B154-4EFF3589F9A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9BE52145-66A6-41A8-93F6-1258F05969DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C26DAA5-CA1D-466E-AA01-7D9550638E4D}" = protocol=6 | dir=in | app=c:\program files\ppliveva\downloadprogress.exe |
"{9C4E0B07-1991-44ED-A651-886A89B4741A}" = protocol=6 | dir=in | app=c:\users\anh nguyen\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{9D8BDD00-6BF4-4B89-8B00-3A2478579398}" = protocol=6 | dir=in | app=c:\program files\vtcgame\fifa online 2\ff2client.exe |
"{9E7A834B-5100-4061-A621-9C35823CE2AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F7E13DA-E21B-4517-B323-80E5601ABD5E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A00BFB2E-1E62-40AA-8778-CC9C138F6FB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A09199FF-094D-4BBF-8C87-D37D7F947FE9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A0FDDD3C-A368-42C4-8593-7C2A9F777FCE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A183441A-95C3-4D49-8C57-BC6A41EA12E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2104E22-48DF-4014-A5BB-800D22B13F10}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{A2609E72-8E21-449D-805C-7077C4D4F15B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A28BEA17-1F7A-4C56-B599-AA82A13BBBF3}" = protocol=17 | dir=in | app=c:\vtcgame\fifa online 2\ff2client.exe |
"{A3C09C0C-4B4D-4D45-95E6-08C067B14BB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A421650A-D29D-4089-AD68-3AB1BCCF44F3}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"{A517BC7E-4512-4151-BBED-40D76C096EF8}" = protocol=17 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |
"{A57AA9E8-9B25-4643-BC0C-1CDD461162A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A6082541-8488-43A1-BB42-8B41A509702E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A69BD388-8EB8-4E29-AB52-D7DD03127F46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A8AA7A04-45F5-4D3B-AAF8-0291D59F21F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9306E4D-A91C-45BA-9EBE-5DDCEEDC6B51}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A97E75C0-0CE1-4D74-8A66-F274245D94A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A981EB5E-831B-4073-9B48-9C8CFD5A1DF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9F28F0C-F4D6-4957-9C18-5837F6D0261E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA9147DF-7843-43E3-9753-C52FE8DB7F9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AAD0C4D8-2ED8-4AAE-9F8A-BF158834C245}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABF57155-9955-4AA4-B7E1-A5A0E88E471D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC4768B5-0975-4C97-B9CF-E9FC4F61D598}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC92DA87-A9BC-4E57-B212-4CC70F653B03}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACB5E554-90A1-4657-94B0-4ECE256A845B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACBBE9C5-8042-4C8F-B44C-D79E82B14A0D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD0AF595-0847-46AA-B685-4BF4FDCDBFDF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD66DB0D-D5D1-4AF7-BB02-A2F0E59B444A}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{AE8F47CD-08E4-4685-905D-04C358B3DF12}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AEA300CD-2EFD-4723-819E-1A5C72BDA035}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFC6F375-E069-4036-8074-DFC91808D087}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0182FB3-6084-46F1-8B6D-9EABCDF3E6C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B113EF81-87DA-4121-909E-91894159B7DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2135D19-4ABD-4213-936E-8BF16C148630}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3557531-49E7-4891-9807-35EF6AA49A6B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B44BCC62-7459-4A13-9720-844EB14F15FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B44F745A-092C-4A9A-853B-009368F1F047}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B47E6C9F-3EA2-4DAB-98A1-4DC16CA8E2A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6319D6A-44EC-4E36-A815-F649625C7F65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B76E831B-6CEB-44B9-9BAD-03303FF106C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7750016-B301-4F45-B66F-F4A89613748D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B789082C-2D90-40D6-8725-FE62D278BCB3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B82C7B99-C39E-4B31-B7DC-21C9C7449CF7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B844F791-667B-49DB-9B78-1C6D4AF1A808}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8BA294A-5043-464E-B81E-6B79743A749E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9B5F8A4-4E2B-4654-85ED-9F1F2DA51ED6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9D1BD0E-AC85-48BB-9D6C-6B42A73236FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA91C393-F758-4AB0-ACBB-EECE664D82FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB2979F6-6EF8-46A4-B37E-B6B176DA93F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC000B85-8D1B-456B-A8EE-69C3EEEC794C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BCD7AAC7-A8C7-493E-9FF3-7FF8DB084548}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE9C75AE-64F2-40AD-8287-696A03FD4E9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BEAB865E-FD12-4BC9-8548-7F54F65EDE54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BECDDA7C-E785-40F1-9229-0EE7FB6C6D2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF47D73C-5FE0-48D6-B4FA-13D14193823B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0FD6B14-1B69-472C-84B4-ADBB9CEE8B5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C10D290D-0BAB-49B2-BD79-9C9CF560F00D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1A83F51-0598-4383-9F36-B1F9AB8126B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1A9274C-51A7-41A4-9C7E-022DCFB4A3E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1FA86E1-392F-443D-8574-4A17D74F379A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C23D297F-81F8-4822-828D-1FF3F1D1004F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C29CE237-586E-4439-8BE0-44DFB0DD61B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C40A41EE-E119-45C7-9E36-247DDA9F35F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C40BA1FD-446A-43D5-80E9-47F2D4762B09}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4252873-8854-4CA0-B0CB-10C60BFE8A13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C44AC5D5-D7EC-4D5F-BA0F-513846087EAC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C554A3B1-25AF-4CD9-AF4E-5EEEE9F760AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C59BECD1-7165-4179-A170-1678C76B3024}" = protocol=17 | dir=in | app=c:\program files\ppliveva\download.exe |
"{C5A69F24-A487-4520-8BF5-2ED33E074178}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C68C772A-4A74-4009-ABCF-B3A885A94862}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7570EE9-ED25-494A-A772-4F325EB13160}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C77CFD74-B5D5-490C-AF1A-87120A253DA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C77E2332-0ADC-4270-B99A-47315DEFF53B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7E35073-33E0-4357-999A-03EDF2B84F57}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C82033D3-1F62-47E9-AFB1-58EFB60814F2}" = protocol=17 | dir=in | app=c:\program files\pplive\ppliveu.exe |

superpig10000 · 2011/01/04

Extra.txt Part 2

"{C8F9457F-FC08-43F8-91BE-AA0B365A6F7C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA79AA4D-2267-497A-B864-1D741E67796C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CAC0A140-DEEF-403F-A690-07A61B1D17C4}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{CAC1AB81-3EE0-4601-9FB9-782DE5FC94FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB00106D-6085-4988-A399-AD080554B75A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB4276D8-B487-4F97-BE9C-333813EE7D6D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB5AAB94-23B0-4F75-A78F-9570211BC4CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CBAA612A-5451-44FC-A9AB-5D8344DE2F95}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC982A68-4E3A-4560-B80F-2E74C8B96721}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF392C55-F734-4814-A11B-4B3317119D9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFD93623-7881-4A7F-AB61-B6491262B3BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFFE05DF-9830-4EFA-B160-DC98BACD78E0}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D0107031-EF60-4202-AE19-80FF737037CC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D02E249B-DE27-4314-B6AD-71D8039333D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D044E92A-2D3C-4551-9AC7-FA2327E8960A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D054DA88-D0F0-4007-8C04-F8397DF707F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D0791B1F-9C7A-4E00-A897-FB0CFF95A514}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D08B76A8-DD97-4D35-9679-7D5E259AAB68}" = protocol=17 | dir=in | app=c:\users\anh nguyen\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{D0AFA001-125D-4752-B1C9-DAD6E5E84687}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D14C83A6-EAF7-4C7D-A0D8-AE39FFD8ACD7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2696FC9-796A-44BC-A6A8-F869039D8663}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D297D9BF-D550-4CB4-9230-476ABE8E5054}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2D9C058-9542-424B-B6AA-60260EB80BF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D363733B-7C06-48FF-9052-501C26AE05E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3D1E292-86F9-4B1E-ADC3-8DCF7AC5A1C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D437B44F-8889-4072-A932-9EB75C4493C0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5C82F61-1E76-44BB-8338-68AB512C5292}" = protocol=6 | dir=in | app=h:\games\vtcgame\fifa online 2\ff2client.exe |
"{D5E58D8C-E782-4D4C-9A71-2A173F9CEE5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D603B314-90C9-4F60-8BBF-7591D75F3109}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D74F1DD8-0F83-4B2A-9A68-94B2FC2647D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D75DD885-D5AB-4DA0-B6AE-823D2BB105EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D83CD60A-BA12-4170-B1AA-68732AA21413}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8470203-4A6D-4C83-996F-520B816A8060}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8CE8EA4-7AC3-458B-9142-2CA0370B1D8F}" = protocol=6 | dir=in | app=c:\program files\ppliveva\crashupload.exe |
"{D9A5F0D7-DE1D-4D52-B80A-A0DFC2CEBB72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA0F9BF0-6F1B-474B-9F69-E0554FC4A271}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DAF62991-7D6E-41B7-8E53-66902CF08B23}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DB52300E-3CE4-4211-968C-6B6478C37636}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB587294-1CDF-405E-BCB6-5373A3DFF3F8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB6E6250-C929-4889-8655-7488BF19B897}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC4FCB06-A3BB-4702-B469-9B475E5A269A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DCFB0038-80E9-422D-9E57-140CBF0FA02A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE3AA2BD-AF51-4E09-84E0-42D5B07A67F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DF1957A3-0C28-44FA-84B9-6EB7D410A832}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DFF92F19-D41F-478F-A5B7-ED5B2A55234F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E048C885-65F2-42AD-96CB-BFD82178F4CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E058AD63-37FE-4E18-BABD-C45097DCF84F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0C3B951-DC9F-403A-9831-ED2DAB61C75E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0FD9CF0-9C63-4DA4-B492-1799DA099171}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1B4A958-E151-4799-9412-B8963892BD75}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E3E62A96-C536-4EFF-97C3-89C4D4FAE176}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E478A5DF-1094-4AAF-92A8-567A4FB6A566}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E5A06BDD-0516-4E17-BFC9-38659877D605}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E631FC27-AAF6-467A-B3B0-2F209C3B3C2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E638C71D-24F9-40AA-AA99-9426AF25191B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6E84E1B-EB90-4636-AA3F-3E1DAB3BBD4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7D091EF-8009-48E6-8254-5C440B4B4671}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E840EB30-0AE4-452A-905E-91ED4EC25824}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EAEB19CD-B1B0-41CD-BD1A-AF8CCD809F57}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC83C6CC-D557-4133-AD76-B84229EE4783}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE8022AC-91EB-4E86-AAB2-B96A43B4A0A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EEA471C0-00C0-4A02-8198-1E9E5DE30E5E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EEF8267C-789F-4240-8F4E-385130A71EEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF630690-E05E-401C-A495-4796E9257CBD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF709544-F134-4CAF-802C-EBA214CA4A02}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0257025-3B35-41FC-B5C3-C48201AE0E61}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F04D0A8D-9216-44E9-AB7B-76FFEC7FFBEF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F07E7B38-55CA-4BD1-A1B3-0E55A59E51C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F12C3E11-4078-4B5A-A3C9-50558EB1CAFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F23FBD9A-788B-4FE1-9872-0A376A2D41EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2D3DC34-D667-4262-BC59-276B97C44E0D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4A45D37-4663-4E56-BFE7-1ADC2FCF9F0B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4F9F3D2-078A-4ECA-ACE8-65EA399E76F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5C9E95D-C8F2-4FD1-B26B-BD0F214CB5BE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7D4EDB6-DA82-4D81-A0E7-04492D9200D7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F7F82ED7-FC18-426A-B2A6-81C76B6BE4D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8B95287-0AA9-45E1-9441-329B8D08A4E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8F80F03-93B9-4AD8-8D66-569554B40355}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F91F2F1C-8B18-4A7C-960C-64807D9482C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F95E45BD-E4F1-465F-9283-7E8868B55EB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9911453-74E4-46A3-9606-C6774DCAF35A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9BA46A9-A1E4-463D-AC90-5CB3F66F090B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FAF42508-9FD5-41BD-A45D-DA337B1E267D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB97A76A-56F2-48D5-974B-11AA85C521AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FBFBA607-FD71-4931-BDC8-D871FFC361F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC667C31-6982-4ABF-A338-D914B8049214}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC679896-5274-4AFA-9C24-9F6D8EAD679F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC7D3EA3-6EF3-425D-AAE1-E176FDC5F6E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC7EFB3A-F31D-49D3-BD70-DE28CBDAF8BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCA4F513-B11E-447E-A3FF-59AF608C226B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD5950DA-E058-4547-A8A5-C30588E8D469}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD8E6787-245B-4406-A1DE-2EBCF48BDFE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FED66307-ACA2-407B-89CD-38CBA0258910}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FFDED0F6-693D-40DA-9800-4C4911FF4D79}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0463A3B3-10C6-40CB-8DCE-49BE8B65A3DA}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{166F96EA-9149-488F-94DB-9B4288F951FE}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{24AEF744-A40E-4A1B-BC1E-9E23930FF477}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{272E98D4-3F01-403A-9FA3-F691CE3E818B}C:\users\anh nguyen\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\anh nguyen\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{42FBB933-B3CE-4F97-A146-B9361CE3E6AF}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{54B5E0F1-83E4-4E1B-B1FC-F7D8571F3338}C:\program files\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files\xming\xming.exe |
"TCP Query User{6243555C-954E-41D6-B4B3-5961444C54E8}H:\games\warcraft\war3.exe" = protocol=6 | dir=in | app=h:\games\warcraft\war3.exe |
"TCP Query User{78EA9AC5-E85F-402B-9333-BBD147EB476F}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{7F99737D-B3CC-4AF1-A962-0B87A452170E}C:\users\anh nguyen\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\anh nguyen\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{80030891-B007-4A5E-8064-D1C144AAA3D0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{86E15F5B-1634-4CD5-B353-406F2BC16D97}C:\warcraft\war3.exe" = protocol=6 | dir=in | app=c:\warcraft\war3.exe |
"TCP Query User{8D5DF32E-98EC-44A6-86B7-F24CBEBD3675}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{956E6BBB-D0B1-4375-8459-2C5E9E697FEB}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{9F898DF2-1139-43EC-B325-68768C62AAD9}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{A44C5CED-B797-4E54-93EF-1FD176A2EAFA}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{ACA4022C-84F9-4250-92C3-B3970C6B23BE}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{B5500FB2-AF02-4664-AA38-510C85A0D857}C:\users\anh nguyen\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\anh nguyen\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{C3D9D99D-83A8-4790-B89C-C5A182BD8A61}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2010 9.0.0.679\english\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2010 9.0.0.679\english\setup.exe |
"TCP Query User{D949992E-EDB6-405A-AB96-AF029907FD84}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{E5FBE4D6-F241-47D7-A618-234242FA35EF}C:\worm\worm world party\wwp.exe" = protocol=6 | dir=in | app=c:\worm\worm world party\wwp.exe |
"TCP Query User{EB878F1F-EA99-4FEF-AABE-27C41F4326B9}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{F032DF1F-10B0-4C3B-A82F-163F0B63B0A7}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{0D333242-354E-4EA0-A084-779C24B17E27}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{2BDCBF51-4FDC-42C6-9DF1-FAAC11114017}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{34AB8F40-0E30-4D0D-90A3-51D64ED5C34D}C:\warcraft\war3.exe" = protocol=17 | dir=in | app=c:\warcraft\war3.exe |
"UDP Query User{360F78B9-C2B7-41DE-9B4F-74EA93FBE309}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{5D2D0F7F-CE9A-40D9-AED2-AD5A8523C281}C:\users\anh nguyen\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\anh nguyen\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{5F3F7E62-6BE3-48D9-AF3C-9619849AC744}H:\games\warcraft\war3.exe" = protocol=17 | dir=in | app=h:\games\warcraft\war3.exe |
"UDP Query User{5FFC573B-0907-4F3B-9F3B-2D95B055C201}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{60BA9B70-80B0-46AD-AA60-EAB626EF84A3}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{63E98F93-1CBD-47EB-8BB3-1E13380BC4C1}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{6B46FF4D-65A8-4C78-89E7-24418C23D5DB}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{6FBCEC38-F8EE-424E-97E0-5088521AC031}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{8F51360E-2D79-4F1C-B593-BBCA79F2E44B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{9CB35904-9B55-46EC-8C0D-9FBFFBA95E35}C:\program files\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files\xming\xming.exe |
"UDP Query User{AF4318B0-3241-4DC7-BBCB-B66B8A206441}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{B4D51868-C964-4035-AF81-7F156124C98B}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{BB3986BA-A6CC-4009-BD19-BD510627F672}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2010 9.0.0.679\english\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2010 9.0.0.679\english\setup.exe |
"UDP Query User{C22D668F-0823-4B51-A936-3A4136B52ACD}C:\worm\worm world party\wwp.exe" = protocol=17 | dir=in | app=c:\worm\worm world party\wwp.exe |
"UDP Query User{C47D085F-0A7F-4D51-8446-01972E1A257B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{D1C4ADF4-CC41-4416-AF88-0CF2D58CC97D}C:\users\anh nguyen\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\anh nguyen\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{E9FC4E21-6DD3-431E-8208-0F57CBB84C4B}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{EBA71C3F-1D7F-4735-A156-473BD027D36A}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{F7A8E002-2BE2-4C93-97F0-C836B6988FFB}C:\users\anh nguyen\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\anh nguyen\appdata\local\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{173497F1-F291-4AA7-943E-61CB9378771D}" = SO32MMWrapper
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4277D135-5E38-4A5C-B5FB-F6EA03B72283}" = calibre
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4994A7CB-2BF4-4664-8FCE-DB66055ECEBC}" = Broadcom USH Host Components
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AF4F4C5-C71C-418F-B0B1-3903A345BD71}" = Ambient Light Sensor
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63AF7EF8-0416-4465-9DAD-2678780F05D5}" = Reader Library by Sony
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6705BBE4-4664-40C6-9C1B-0330FA300A5C}" = DCP32MMWrapper
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel(R) PRO Alerting Agent
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CB7F4E6-73AE-4D8F-86A2-EAE39CE72FD1}" = Intel(R) PROSet/Wireless WiFi API
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E1E6C75-D67B-48B0-B539-EDCA99C29C9E}" = Dell Control Point
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9AE41AF3-FAD1-4A34-8976-747FDC19FE08}" = Intel(R) PROSet/Wireless WiFi Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A23C3636-4F99-4A34-972C-F395E85DFEC0}" = Wave Infrastructure Installer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{C3AE9DA1-2E44-4F11-803E-20977F0FE6B9}" = Safari
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DF9079AC-086C-48A7-8F87-11E2199F6D99}" = Dell ControlPoint System Manager
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Aimersoft Audio Converter_is1" = Aimersoft Audio Converter(Build 1.1.52)
"Aimersoft DVD Creator_is1" = Aimersoft DVD Creator(Build 1.1.52)
"Aimersoft DVD Ripper_is1" = Aimersoft DVD Ripper(Build 1.1.52)
"Aimersoft DVD Studio Pack_is1" = Aimersoft DVD Studio Pack(Build 1.1.52)
"Aimersoft Video Converter_is1" = Aimersoft Video Converter(Build 1.1.52)
"Anki" = Anki
"A-PDF Split_is1" = A-PDF Split 2.6
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Audacity_is1" = Audacity 1.2.6
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CCleaner" = CCleaner (remove only)
"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HotspotShield" = Hotspot Shield 1.17
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NVIDIA Drivers" = NVIDIA Drivers
"nView Desktop Manager" = NVIDIA nView Desktop Manager
"PowerISO" = PowerISO
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 13.0.42.0
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SystemRequirementsLab" = System Requirements Lab
"TIMELEFT3_is1" = TimeLeft
"TreeSize Free_is1" = TreeSize Free V2.5
"UniKey" = UniKey 3.63
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.15
"Veoh Web Player Beta" = Veoh Web Player
"Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"Wakan" = Wakan 1.67
"WinRAR archiver" = WinRAR archiver
"Write-N-Cite" = Write-N-Cite
"Xming_is1" = Xming 6.9.0.31
"Xming-fonts_is1" = Xming-fonts 7.4.0.3
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/3/2011 5:48:11 AM | Computer Name = PU121126 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1154

Error - 1/3/2011 5:48:12 AM | Computer Name = PU121126 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/3/2011 5:48:12 AM | Computer Name = PU121126 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2153

Error - 1/3/2011 5:48:12 AM | Computer Name = PU121126 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2153

Error - 1/3/2011 9:18:55 AM | Computer Name = PU121126 | Source = System Restore | ID = 8193
Description =

Error - 1/3/2011 9:30:35 AM | Computer Name = PU121126 | Source = System Restore | ID = 8193
Description =

Error - 1/3/2011 9:45:42 AM | Computer Name = PU121126 | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6000.16771, time stamp
0x0006c465, faulting module Explorer.EXE, version 6.0.6000.16771, time stamp 0x0006c465,
exception code 0xc0000005, fault offset 0x00002916, process id 0x708, application
start time 0x01cbab4c8214f254.

Error - 1/3/2011 9:48:33 AM | Computer Name = PU121126 | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6000.16771, time stamp
0x0006c465, faulting module Explorer.EXE, version 6.0.6000.16771, time stamp 0x0006c465,
exception code 0xc0000005, fault offset 0x00002916, process id 0x340, application
start time 0x01cbab4ce93fbbca.

Error - 1/3/2011 10:39:13 AM | Computer Name = PU121126 | Source = Perflib | ID = 1008
Description =

Error - 1/3/2011 10:39:13 AM | Computer Name = PU121126 | Source = Perflib | ID = 1010
Description =

[ OSession Events ]
Error - 3/15/2010 7:24:16 AM | Computer Name = PU121126 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/17/2010 6:20:01 AM | Computer Name = PU121126 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/17/2010 6:34:55 AM | Computer Name = PU121126 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/17/2010 6:54:35 AM | Computer Name = PU121126 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 44
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/24/2010 9:10:26 AM | Computer Name = PU121126 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 267
seconds with 60 seconds of active time. This session ended with a crash.

Error - 3/24/2010 9:10:38 AM | Computer Name = PU121126 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/25/2010 12:51:37 PM | Computer Name = PU121126 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 110
seconds with 60 seconds of active time. This session ended with a crash.

Error - 3/31/2010 12:03:46 AM | Computer Name = PU121126 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/31/2010 11:53:50 PM | Computer Name = PU121126 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1651
seconds with 180 seconds of active time. This session ended with a crash.

Error - 7/9/2010 2:59:38 AM | Computer Name = PU121126 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1591
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/4/2011 12:25:27 AM | Computer Name = PU121126 | Source = Service Control Manager | ID = 7024
Description =

Error - 1/4/2011 12:27:22 AM | Computer Name = PU121126 | Source = Service Control Manager | ID = 7001
Description =

Error - 1/4/2011 12:27:22 AM | Computer Name = PU121126 | Source = Service Control Manager | ID = 7000
Description =

Error - 1/4/2011 12:26:13 PM | Computer Name = PU121126 | Source = DCOM | ID = 10010
Description =

Error - 1/4/2011 12:26:20 PM | Computer Name = PU121126 | Source = Service Control Manager | ID = 7024
Description =

Error - 1/4/2011 11:08:48 PM | Computer Name = PU121126 | Source = Service Control Manager | ID = 7001
Description =

Error - 1/4/2011 11:08:48 PM | Computer Name = PU121126 | Source = Service Control Manager | ID = 7000
Description =

Error - 1/4/2011 11:22:01 PM | Computer Name = PU121126 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.95.3152.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 1/4/2011 11:22:01 PM | Computer Name = PU121126 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.95.3152.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 1/4/2011 11:22:01 PM | Computer Name = PU121126 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.95.3152.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

< End of report >

broni · 2011/01/04

I don't see any AV program running.
Please, install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

===============================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

===============================================================

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ( "drive-by-install ") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

===============================================================

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
SRV - File not found [Auto | Stopped] -- C:\Users\Anh Nguyen\Downloads\Movie Stuff\CyberLink POWER DVD Ultra DELUXE(extended edition)(with serial key)\CyberLink POWER DVD Ultra DELUXE(extended edition)(with serial key)\RichVideo\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
[2010/12/28 22:14:11 | 000,001,068 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-zugo.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - Startup: C:\Users\Anh Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = C:\Users\Anh Nguyen\AppData\Local\Temp\{33600947-4941-46A7-A818-FFDD60AC87AA}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Anh Nguyen\Documents\*.tmp files -> C:\Users\Anh Nguyen\Documents\*.tmp -> ] 
[2011/01/05 12:20:31 | 000,759,808 | ---- | M] () -- C:\Windows\System32\drivers\ejnnfk.sys
[2011/01/02 20:01:33 | 000,000,046 | ---- | M] () -- C:\Windows\qqtX4
[2011/01/02 20:01:33 | 000,000,046 | ---- | M] () -- C:\Windows\6OMU44uWOW
[2011/01/02 20:01:33 | 000,000,044 | ---- | M] () -- C:\Windows\cNY4SQa1ek
[2011/01/02 20:01:33 | 000,000,043 | ---- | M] () -- C:\Windows\RuCWc
[2011/01/02 20:01:33 | 000,000,043 | ---- | M] () -- C:\Windows\8DDlY
[2011/01/02 20:01:33 | 000,000,042 | ---- | M] () -- C:\Windows\oF1CKLrj
[2011/01/02 20:01:33 | 000,000,042 | ---- | M] () -- C:\Windows\KJLfO5
[2011/01/02 20:01:33 | 000,000,040 | ---- | M] () -- C:\Windows\HfSCj
[2011/01/02 20:01:33 | 000,000,038 | ---- | M] () -- C:\Windows\M5UPkoM
[2011/01/02 20:01:33 | 000,000,038 | ---- | M] () -- C:\Windows\bfxio
[2011/01/02 20:01:33 | 000,000,037 | ---- | M] () -- C:\Windows\Xs6kVY
[2011/01/02 20:01:33 | 000,000,037 | ---- | M] () -- C:\Windows\EsxjCr
[2011/01/02 20:01:33 | 000,000,036 | ---- | M] () -- C:\Windows\xcYbidTs
[2011/01/02 20:01:33 | 000,000,036 | ---- | M] () -- C:\Windows\O7E1iaf22s
[2011/01/02 20:01:33 | 000,000,036 | ---- | M] () -- C:\Windows\CmEm4WQT1
[2011/01/02 20:01:33 | 000,000,035 | ---- | M] () -- C:\Windows\8EAjHymp
[2011/01/02 20:01:33 | 000,000,034 | ---- | M] () -- C:\Windows\jvCdUC
[2011/01/02 20:01:33 | 000,000,032 | ---- | M] () -- C:\Windows\qF7MFv
[2011/01/02 20:01:33 | 000,000,029 | ---- | M] () -- C:\Windows\v7VdnYqe
[2011/01/02 20:01:33 | 000,000,027 | ---- | M] () -- C:\Windows\xNiEn
[2011/01/02 20:01:33 | 000,000,027 | ---- | M] () -- C:\Windows\jNINWpX8E
[2011/01/02 20:01:33 | 000,000,026 | ---- | M] () -- C:\Windows\xO8HATyLOY
[2011/01/02 20:01:33 | 000,000,026 | ---- | M] () -- C:\Windows\T3kUj
[2011/01/02 20:01:33 | 000,000,026 | ---- | M] () -- C:\Windows\qWab5IJ
[2011/01/02 20:01:33 | 000,000,026 | ---- | M] () -- C:\Windows\1caPV
[2011/01/02 20:01:33 | 000,000,025 | ---- | M] () -- C:\Windows\kXEPL1AT3
[2011/01/02 20:01:33 | 000,000,024 | ---- | M] () -- C:\Windows\icybByB7U
[2011/01/02 20:01:32 | 000,000,049 | ---- | M] () -- C:\Windows\aGAhEhsUk
[2011/01/02 20:01:32 | 000,000,047 | ---- | M] () -- C:\Windows\rAN7VLcsJi
[2011/01/02 20:01:32 | 000,000,047 | ---- | M] () -- C:\Windows\kTetkiUNn5
[2011/01/02 20:01:32 | 000,000,046 | ---- | M] () -- C:\Windows\phEx45E
[2011/01/02 20:01:32 | 000,000,046 | ---- | M] () -- C:\Windows\AE5mB2cG7
[2011/01/02 20:01:32 | 000,000,046 | ---- | M] () -- C:\Windows\A5RpSGbTV4
[2011/01/02 20:01:32 | 000,000,045 | ---- | M] () -- C:\Windows\wFyfJt
[2011/01/02 20:01:32 | 000,000,045 | ---- | M] () -- C:\Windows\kkU1VPSLP
[2011/01/02 20:01:32 | 000,000,044 | ---- | M] () -- C:\Windows\4i2CHc316
[2011/01/02 20:01:32 | 000,000,043 | ---- | M] () -- C:\Windows\e2BRs7XCOc
[2011/01/02 20:01:32 | 000,000,041 | ---- | M] () -- C:\Windows\XeBrLSBhFa
[2011/01/02 20:01:32 | 000,000,041 | ---- | M] () -- C:\Windows\TtMYc336j
[2011/01/02 20:01:32 | 000,000,040 | ---- | M] () -- C:\Windows\pXNtfL
[2011/01/02 20:01:32 | 000,000,040 | ---- | M] () -- C:\Windows\kAcXHdPa
[2011/01/02 20:01:32 | 000,000,040 | ---- | M] () -- C:\Windows\7BP46dfh
[2011/01/02 20:01:32 | 000,000,040 | ---- | M] () -- C:\Windows\31smHNO
[2011/01/02 20:01:32 | 000,000,039 | ---- | M] () -- C:\Windows\xWab4
[2011/01/02 20:01:32 | 000,000,039 | ---- | M] () -- C:\Windows\nlFAbIa
[2011/01/02 20:01:32 | 000,000,039 | ---- | M] () -- C:\Windows\iMBu3o
[2011/01/02 20:01:32 | 000,000,034 | ---- | M] () -- C:\Windows\MAGsm
[2011/01/02 20:01:32 | 000,000,033 | ---- | M] () -- C:\Windows\vxy1p3
[2011/01/02 20:01:32 | 000,000,033 | ---- | M] () -- C:\Windows\JMuXAGjvk
[2011/01/02 20:01:32 | 000,000,032 | ---- | M] () -- C:\Windows\Xpf2Mm2KO
[2011/01/02 20:01:32 | 000,000,031 | ---- | M] () -- C:\Windows\QBlXkV4
[2011/01/02 20:01:32 | 000,000,031 | ---- | M] () -- C:\Windows\BKESmNn
[2011/01/02 20:01:32 | 000,000,029 | ---- | M] () -- C:\Windows\tYPYrCGdab
[2011/01/02 20:01:32 | 000,000,029 | ---- | M] () -- C:\Windows\k2UcdPmmu
[2011/01/02 20:01:32 | 000,000,029 | ---- | M] () -- C:\Windows\5hhALccVlp
[2011/01/02 20:01:32 | 000,000,029 | ---- | M] () -- C:\Windows\1QlCEMCW
[2011/01/02 20:01:30 | 000,000,046 | ---- | M] () -- C:\Windows\mAn1T2tUw
[2011/01/02 20:01:30 | 000,000,044 | ---- | M] () -- C:\Windows\eXywNfD
[2011/01/02 20:01:30 | 000,000,043 | ---- | M] () -- C:\Windows\w3Sya
[2011/01/02 20:01:30 | 000,000,042 | ---- | M] () -- C:\Windows\DX7CfXOvPi
[2011/01/02 20:01:30 | 000,000,042 | ---- | M] () -- C:\Windows\C7XHWqda3J
[2011/01/02 20:01:30 | 000,000,041 | ---- | M] () -- C:\Windows\SHAcB
[2011/01/02 20:01:30 | 000,000,041 | ---- | M] () -- C:\Windows\OerVNcIU
[2011/01/02 20:01:30 | 000,000,041 | ---- | M] () -- C:\Windows\fAmoEI
[2011/01/02 20:01:30 | 000,000,041 | ---- | M] () -- C:\Windows\aMk1aAKjeK
[2011/01/02 20:01:30 | 000,000,040 | ---- | M] () -- C:\Windows\Ggic7
[2011/01/02 20:01:30 | 000,000,039 | ---- | M] () -- C:\Windows\VYheTgWVhv
[2011/01/02 20:01:30 | 000,000,039 | ---- | M] () -- C:\Windows\qqvYDwBc1
[2011/01/02 20:01:30 | 000,000,038 | ---- | M] () -- C:\Windows\u8Qfaq
[2011/01/02 20:01:30 | 000,000,037 | ---- | M] () -- C:\Windows\y4FDpTTw
[2011/01/02 20:01:30 | 000,000,036 | ---- | M] () -- C:\Windows\djc3GMAv
[2011/01/02 20:01:30 | 000,000,032 | ---- | M] () -- C:\Windows\BNL5qes
[2011/01/02 20:01:30 | 000,000,030 | ---- | M] () -- C:\Windows\QcFIC
[2011/01/02 20:01:30 | 000,000,030 | ---- | M] () -- C:\Windows\8PpDHAfK3i
[2011/01/02 20:01:30 | 000,000,028 | ---- | M] () -- C:\Windows\UouBhbn
[2011/01/02 20:01:30 | 000,000,028 | ---- | M] () -- C:\Windows\bw8VjavCUR
[2011/01/02 20:01:30 | 000,000,027 | ---- | M] () -- C:\Windows\fyPWpUc
[2011/01/02 20:01:30 | 000,000,025 | ---- | M] () -- C:\Windows\78ErIXU
[2011/01/02 20:01:28 | 000,000,047 | ---- | M] () -- C:\Windows\wMhwL
[2011/01/02 20:01:28 | 000,000,045 | ---- | M] () -- C:\Windows\Tclwf
[2011/01/02 20:01:28 | 000,000,045 | ---- | M] () -- C:\Windows\AqcTjYS4
[2011/01/02 20:01:28 | 000,000,044 | ---- | M] () -- C:\Windows\Y6NxdTNG
[2011/01/02 20:01:28 | 000,000,044 | ---- | M] () -- C:\Windows\N5hbL6aH
[2011/01/02 20:01:28 | 000,000,044 | ---- | M] () -- C:\Windows\dUxpqMMDA
[2011/01/02 20:01:28 | 000,000,044 | ---- | M] () -- C:\Windows\BliukY4HP
[2011/01/02 20:01:28 | 000,000,043 | ---- | M] () -- C:\Windows\gy8PxTd2
[2011/01/02 20:01:28 | 000,000,043 | ---- | M] () -- C:\Windows\3tDqVkUOoG
[2011/01/02 20:01:28 | 000,000,041 | ---- | M] () -- C:\Windows\U5DiVlAr
[2011/01/02 20:01:28 | 000,000,041 | ---- | M] () -- C:\Windows\iW1xkQGf
[2011/01/02 20:01:28 | 000,000,040 | ---- | M] () -- C:\Windows\144jkRfYe5
[2011/01/02 20:01:28 | 000,000,039 | ---- | M] () -- C:\Windows\K1288ihQ
[2011/01/02 20:01:28 | 000,000,038 | ---- | M] () -- C:\Windows\JnGCQ
[2011/01/02 20:01:28 | 000,000,037 | ---- | M] () -- C:\Windows\KKYECa7cX
[2011/01/02 20:01:28 | 000,000,037 | ---- | M] () -- C:\Windows\6foPCe7qNo
[2011/01/02 20:01:28 | 000,000,035 | ---- | M] () -- C:\Windows\pLjsPVkfn1
[2011/01/02 20:01:28 | 000,000,035 | ---- | M] () -- C:\Windows\CCLOgpM
[2011/01/02 20:01:28 | 000,000,035 | ---- | M] () -- C:\Windows\8AM1o
[2011/01/02 20:01:28 | 000,000,034 | ---- | M] () -- C:\Windows\gNADHr
[2011/01/02 20:01:28 | 000,000,032 | ---- | M] () -- C:\Windows\urWpo
[2011/01/02 20:01:28 | 000,000,032 | ---- | M] () -- C:\Windows\JsIqItNQ
[2011/01/02 20:01:28 | 000,000,032 | ---- | M] () -- C:\Windows\JGgYi
[2011/01/02 20:01:28 | 000,000,032 | ---- | M] () -- C:\Windows\ekHFhX4c
[2011/01/02 20:01:28 | 000,000,030 | ---- | M] () -- C:\Windows\oSIru3SWY
[2011/01/02 20:01:28 | 000,000,029 | ---- | M] () -- C:\Windows\ObunXm6t
[2011/01/02 20:01:28 | 000,000,028 | ---- | M] () -- C:\Windows\BhsWaf
[2011/01/02 20:01:28 | 000,000,025 | ---- | M] () -- C:\Windows\vARUH
[2011/01/02 20:01:28 | 000,000,024 | ---- | M] () -- C:\Windows\kc5EkqCghH
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

broni · 2011/01/09

Are you still out there?

Log in or Sign up

Inactive Another redirection virus case

superpig10000 Inactive Thread Starter

superpig10000 Inactive Thread Starter

PeteC SuperGeek Staff

superpig10000 Inactive Thread Starter

broni Moderator Malware Analyst

superpig10000 Inactive Thread Starter

broni Moderator Malware Analyst

superpig10000 Inactive Thread Starter

broni Moderator Malware Analyst

superpig10000 Inactive Thread Starter

superpig10000 Inactive Thread Starter

superpig10000 Inactive Thread Starter

superpig10000 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Another redirection virus case

superpig10000 Inactive Thread Starter

superpig10000 Inactive Thread Starter

PeteC SuperGeek Staff

superpig10000 Inactive Thread Starter

broni Moderator Malware Analyst

superpig10000 Inactive Thread Starter

broni Moderator Malware Analyst

superpig10000 Inactive Thread Starter

broni Moderator Malware Analyst

superpig10000 Inactive Thread Starter

superpig10000 Inactive Thread Starter

superpig10000 Inactive Thread Starter

superpig10000 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches