InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : fake windows security page? |
|
Answer» Could you please delete ComboFix from your desktop. It's supposed to work with Vista. Let's try downloading it again.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.[/b]
Scan saved at 8:28:00 AM, on 6/6/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files (x86)\SGPSA\SearchAssistant.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Calorie Count Plus Toolbar - {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\PROGRA~2\ccptb\ccptb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Calorie Count Plus Toolbar - {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\PROGRA~2\ccptb\ccptb.dll O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed LAUNCHER] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [iLike] C:\Program Files (x86)\iLike\1.2.16\ilikesidebar.exe /checkforupdate O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: CurseClientStartup.ccip O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe O23 - Service: lxdf_device - - C:\Windows\system32\lxdfcoms.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SAS Core Service (SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\system32\STacSV64.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 12415 bytes Please go to VirSCAN.org FREE on-line scan service (If more than one file needs scanned they must be done separately and logs posted for each one) 1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page. Code: [Select]C:\Program Files\SGPSA\ie3sh.exe 2. At the upload site, click once inside the window next to Browse. 3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window. 4. Click on the Upload button. This will perform a scan across multiple different virus scanning engines. Your file will possibly be entered into a queue which normally takes less than a minute to clear. Important: Wait for all of the scanning engines to complete. 5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard. 6. Paste the contents of the Clipboard in your next reply. =========================== Did you try running ComboFix again? Open HijackThis and select Do a system scan only Place a check mark next to the following entries: (if there) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file) O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. Combofix takes me to a page for geek police asking me to register for forum use... and as before vira scan will not let me paste using control +V nor the old fashioned way of just right clicking to paste... BOTH instances are greyed out. I will do the hyjack thing again.Ok. Forget about ComboFix and try this: Download OTL to your desktop. * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. * When the window appears, underneath Output at the top change it to Minimal Output. * Check the boxes beside LOP Check and Purity Check. * Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy and pate the contents of these files, one at a time, into your next reply. Note: You may need two or more posts to fit them all in.TL logfile created on: 6/6/2010 7:43:06 PM - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\christal\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free 8.00 Gb Paging File | 7.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283.34 Gb Total Space | 175.17 Gb Free Space | 61.82% Space Free | Partition Type: NTFS Drive D: | 14.75 Gb Total Space | 7.97 Gb Free Space | 54.05% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHRISTAL-PC Current User Name: christal Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\christal\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.) PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\christal\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\STacSV64.exe (IDT, Inc.) SRV:64bit: - (lxdf_device) -- C:\Windows\SysNative\lxdfcoms.exe ( ) SRV:64bit: - (lxdfCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdfserv.exe () SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (lxdf_device) -- C:\Windows\SysWow64\lxdfcoms.exe ( ) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 09:34:14 | 000,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () ========== Driver Services (SafeList) ========== DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek ) DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys (Microsoft Corporation) DRV:64bit: - (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys (Microsoft Corporation) DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys (Microsoft Corporation) DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys (Microsoft Corporation) DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation) DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.) DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\DRIVERS\SiRemFil.sys (Silicon Image, Inc.) DRV:64bit: - (Si3531) -- C:\Windows\SysNative\DRIVERS\Si3531.sys (Silicon Image, Inc) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems) DRV:64bit: - (UMPass) -- C:\Windows\SysNative\DRIVERS\umpass.sys (Microsoft Corporation) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\Drivers\usbvideo.sys (Microsoft Corporation) DRV:64bit: - (BthPan) Bluetooth Device (Personal Area Network) -- C:\Windows\SysNative\DRIVERS\bthpan.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation) DRV:64bit: - (NETw4v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys (Intel Corporation) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (UVCFTR) -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation) DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation) DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 81 51 63 B3 05 27 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{018F2688-3B85-4961-9B20-8D80113AA792}" = lport=445 | protocol=6 | dir=in | app=system | "{02004DB0-A953-485D-9CB2-0CB6D9FB486E}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{08643C05-553D-4F93-A8C3-BB5CE32F659F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{16D45D6E-1930-4950-B1A9-A84C82FC4377}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{199ED1AC-A398-4C60-B3F9-E84BC042F614}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{1A93C711-5374-4108-B058-93E09BCB0148}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{1FB44374-74FF-4C52-AC1A-A84F0EA35DFB}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{2216986F-8490-4ACA-A930-D984947498EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2370027C-B2D9-4EEF-89E3-943FDF773FB0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{23DA0C2C-8687-4DF2-940C-72CE6378A66C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2607EC0B-F5CD-4791-BC93-574476980CF4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2D202A91-807E-4856-BFC1-F6CD9BFAD113}" = lport=10244 | protocol=6 | dir=in | app=system | "{327C8253-C22F-47F5-AD0A-EB90F4F099C8}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{359A734F-2BEB-4696-A1FE-23CE3F8E1890}" = lport=137 | protocol=17 | dir=in | app=system | "{36038A39-E85A-4C0F-9679-EFD21FF37123}" = lport=138 | protocol=17 | dir=in | app=system | "{36C87270-6BA9-49C4-851C-C7F2F77A1BD2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{401E6089-4DCD-4770-AB24-3B021BF416A3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4130BBF7-D67B-4F3E-B548-DE529EF971C5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4BED0BE5-68BF-44C9-8853-4C59E90EEA1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{51C77E64-4F38-489F-9495-6DE7B81BE094}" = lport=10244 | protocol=6 | dir=in | app=system | "{6B06D71A-BB1B-4284-B09E-1B7AC703F775}" = lport=139 | protocol=6 | dir=in | app=system | "{6DCC3E73-71C7-428A-A697-1F67CEE05533}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{6F75A199-9237-4F63-9096-6635DCD56261}" = rport=10244 | protocol=6 | dir=out | app=system | "{7030D9DD-7810-4477-8B53-5F1DFD1B26F9}" = rport=138 | protocol=17 | dir=out | app=system | "{72E93761-5963-4D8C-9632-A333445FC9DA}" = lport=2869 | protocol=6 | dir=in | app=system | "{78C988E2-F1E4-4214-8C1D-2ACF0146D1D9}" = rport=445 | protocol=6 | dir=out | app=system | "{7F9DC1B5-DD32-48B5-A46E-87DC5433BDA4}" = rport=10244 | protocol=6 | dir=out | app=system | "{83907F7F-08E5-457F-9559-FE7569FDD4B2}" = lport=3390 | protocol=6 | dir=in | app=system | "{870D5452-50DA-4908-A7D2-62D7B4D69998}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8C768901-0669-424E-AB5D-23091AF2B13A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [emailprotected],-28539 | "{8D28730A-5BE9-4826-BB5F-F44EDA4EDF9F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{93A24FDB-447A-4661-8F2F-CAEEDDEF50F1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{98A4744D-114B-4DFD-88F5-47DAEE05F8CD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{A6E1F317-9D42-4948-A361-7018F985D5B3}" = rport=139 | protocol=6 | dir=out | app=system | "{AEB723E4-8BBE-48D5-AF7A-5A45D75428CA}" = lport=9420 | protocol=6 | dir=in | name=akamai network manager | "{B5A34DC5-A21E-402B-84B3-FFDF8E22D692}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D24330F8-9CA9-474F-B6AC-EF3C14882657}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D453BBDA-0A6D-4C92-81D1-D465B4D2B0A4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D51CBD42-4267-435B-9614-3BBF17699780}" = rport=137 | protocol=17 | dir=out | app=system | "{DB128F4E-9443-4C5C-B537-EAAC24384C8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{DFA6066D-C9C7-4C24-A410-C9F9F43B72B8}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{E0A13B46-3B08-407E-A342-285EFAE082DE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ED1508CC-D2F5-46B0-AC49-9DB9DBB3D874}" = lport=5000 | protocol=17 | dir=in | name=akamai network manager | "{F5EBE828-ED52-4AEE-B5E1-6976476C9C9D}" = lport=3390 | protocol=6 | dir=in | app=system | "{F70D102C-A3FC-4025-ABF8-EBD94639DD74}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FA19479-159E-4F8B-A181-3AF1C7714F0B}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdfcoms.exe | "{176928C1-0872-4E95-992D-009F1FDC81E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{1D4698D0-D73D-4A06-868B-8505C3F7F1FC}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{1E23F6D9-0ACE-4B63-A4F6-C321FF6F07B7}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfamon.exe | "{20951D0C-45A2-406D-B069-970321D3C850}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "{3549372B-02EB-447B-A536-55D93C8A6516}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfjswx.exe | "{36F18110-25B7-4C25-9583-D017EBC7FD43}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{42458B3B-3F8F-4CF1-B6A2-E7C5D1E2C4A0}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{4AF88C93-E78C-4791-A5C9-4FD1E08B10C3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe | "{4DA7F2FC-D919-4994-8614-4452F8D188CF}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe | "{5141C9EC-D5A2-4F48-AF4E-BDEF1FB6724D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfpswx.exe | "{57007F84-B333-4DAD-AF54-C289EFEC758E}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{5CD7D776-3C94-4E86-8656-0E12877C0AF3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{606031B5-2FA7-451E-AE12-693A14DE70A4}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{63C3240C-9C66-4B61-87B3-DED6DBFBCE50}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{749B947B-A023-473A-9640-E787C646A73E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdftime.exe | "{74A17DE9-C954-464F-90A7-FC12161C3C22}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe | "{79B9B7A3-E7CF-4812-800B-FFDCE078453D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{7AD06813-D418-4B9A-AE16-4FA3B38975C2}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfmon.exe | "{7C987659-0F92-4528-869F-915689FB8601}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe | "{7F512E54-86F5-4CEE-AD1A-14B15C38AAF8}" = protocol=17 | dir=in | app=c:\windows\system32\lxdfcoms.exe | "{7F5987A1-410A-4CB1-BE98-2BB6FB449B55}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\frun.exe | "{8137BF57-1B23-4372-9913-26605C1E4CAE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8287E80D-C9E5-4C3D-B135-8C5D24BEC809}" = protocol=17 | dir=in | app=c:\windows\system32\lxdfcfg.exe | "{8519AB2F-31B6-48E4-B247-A83BA37FEF35}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{8A822B07-A07C-4BF0-A94F-8A2FAF23C2C1}" = protocol=58 | dir=out | [emailprotected],-28546 | "{8AAC1F04-53E2-4D11-A608-A0DF321703CF}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{9C9884C0-BFD3-4F1D-91A8-506AC94AAA6A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{A5319875-9864-4290-B399-FB316B1AA4C3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe | "{A74F24AE-78EC-4972-A724-547207FFD681}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{AD8020EA-4AC7-4942-9317-533595AA5F2A}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{AF635B43-6720-4FF8-BA8E-8A5E13346B20}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe | "{B1E5B761-56FA-46A7-B15C-35CD71876993}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe | "{B86DA11C-0BD0-4323-BE9C-9D9902DDCB37}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfmon.exe | "{BBD8111B-3EF9-4D95-8EEC-66D491D6E385}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdfcoms.exe | "{CE1EECA4-7EC3-4CC5-B12E-65266294C182}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfjswx.exe | "{D040D1B1-4BF4-4693-83B8-E72690DEFFDF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfpswx.exe | "{D3857ACA-9849-4D84-8702-4FD9A7004AE2}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfamon.exe | "{D4F85714-3825-48BE-9CC4-32D4D9E9375B}" = protocol=6 | dir=in | app=c:\windows\system32\lxdfcoms.exe | "{D86AB65E-3B3D-43B4-8039-89DF2886580B}" = protocol=1 | dir=in | [emailprotected],-28543 | "{D8F73BD4-F78E-403D-BD99-C6EAA2175EF7}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe | "{D8FBFD1B-27D8-4BF0-BA8D-F2FF8CDFB4CF}" = protocol=1 | dir=out | [emailprotected],-28544 | "{D93871D1-0EE4-4B57-A1BC-EC38C6AEBA74}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{E7D77EFB-1EE0-4BCF-B927-C00F98733934}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{EC8AF866-5C8F-49CE-9AFF-33CEB3947787}" = protocol=6 | dir=in | app=c:\windows\system32\lxdfcfg.exe | "{ECD049FA-CADF-4750-916A-131074685E95}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "{EE63EBC9-96CB-4F91-AADA-0C1CD4D2AD16}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe | "{F0F66782-BC17-4B79-947C-031F429D7EFF}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\frun.exe | "{F7521E49-EE30-4886-A455-334F5B2DD901}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdftime.exe | "{FBAFC9D9-6E09-4F04-A269-683B4AAA4C19}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe | "{FC426CB0-5E4F-43F8-B2CF-05796EB02FD8}" = protocol=58 | dir=in | [emailprotected],-28545 | "{FD76F04C-B588-40AB-A4CA-98CA87909301}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "TCP Query User{0295F370-36ED-41F5-A59C-5DA507EA08FB}C:\program files (x86)\firesky\stargate worlds\working\binaries\sgw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firesky\stargate worlds\working\binaries\sgw.exe | "TCP Query User{04A80907-7DFD-4E5B-9CAD-7C1F6376524A}C:\users\christal\appdata\local\temp\blizzard launcher temporary - 070345d8\launcher.exe" = protocol=6 | dir=in | app=c:\users\christal\appdata\local\temp\blizzard launcher temporary - 070345d8\launcher.exe | "TCP Query User{2034B9D4-08A7-4DC6-BBF1-AEBEE7BE9A64}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{2B6F2197-F16D-46BA-807A-FB97F3F2438F}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "TCP Query User{3C7A2B0E-D0FF-4277-90B5-5B8CF2E760DC}C:\program files (x86)\firesky\stargate worlds\working\binaries\sgw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firesky\stargate worlds\working\binaries\sgw.exe | "TCP Query User{6ABBB54B-96DF-429B-AEA8-7DD09A5CE241}C:\users\christal\appdata\local\temp\blizzard launcher temporary - 127956f0\launcher.exe" = protocol=6 | dir=in | app=c:\users\christal\appdata\local\temp\blizzard launcher temporary - 127956f0\launcher.exe | "TCP Query User{AF813B86-CD0F-4D8B-9A13-B5742FE69A80}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "TCP Query User{CB945C38-56AF-4EB8-9829-8F6EA6C17D80}C:\users\christal\desktop\ddi_cb.exe" = protocol=6 | dir=in | app=c:\users\christal\desktop\ddi_cb.exe | "TCP Query User{CC680EE5-990C-4DCF-A5C4-0E67DDC49D64}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{CF07B12E-8288-4794-9B39-6F1CF5F3AEE4}C:\windows\system32\spool\drivers\x64\3\lxdfpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfpswx.exe | "TCP Query User{D10AC1D1-415E-41E6-A9AE-408BDD859129}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "UDP Query User{18E23A06-4688-4C10-8594-3E7A12ADBA3E}C:\users\christal\appdata\local\temp\blizzard launcher temporary - 127956f0\launcher.exe" = protocol=17 | dir=in | app=c:\users\christal\appdata\local\temp\blizzard launcher temporary - 127956f0\launcher.exe | "UDP Query User{2B62C20B-5D11-4F29-AE51-6BD59BD09CA0}C:\users\christal\appdata\local\temp\blizzard launcher temporary - 070345d8\launcher.exe" = protocol=17 | dir=in | app=c:\users\christal\appdata\local\temp\blizzard launcher temporary - 070345d8\launcher.exe | "UDP Query User{32DC9B8C-CC6D-41D2-B6C5-89F6009A0E1C}C:\program files (x86)\firesky\stargate worlds\working\binaries\sgw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firesky\stargate worlds\working\binaries\sgw.exe | "UDP Query User{51D54237-BACB-43F0-AB6E-06BD22EC48A3}C:\users\christal\desktop\ddi_cb.exe" = protocol=17 | dir=in | app=c:\users\christal\desktop\ddi_cb.exe | "UDP Query User{525A2B4C-B5E5-43C9-9404-82C07725ADA0}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{896BCD68-F38C-425D-BA51-36AF8326DBF2}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "UDP Query User{9058C6A4-0FAF-4B28-A59A-A1B0C5C2CC15}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{97AD2B18-0520-4D47-9D6C-5364F954404C}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "UDP Query User{C30C57AB-079E-4108-A0A8-BFF8DF2A8666}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "UDP Query User{EE3A05DC-D794-4C40-8FA7-9B94815EFDDE}C:\program files (x86)\firesky\stargate worlds\working\binaries\sgw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firesky\stargate worlds\working\binaries\sgw.exe | "UDP Query User{F5D6CC3E-01FE-4CA9-B512-E94F07DFFA73}C:\windows\system32\spool\drivers\x64\3\lxdfpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfpswx.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5400 "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "Agere Systems Soft Modem" = Agere Systems HDA Modem "Lexmark 6500 Series" = Lexmark 6500 Series "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Essentials" = Microsoft Security Essentials "NVIDIA Drivers" = NVIDIA Drivers "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup PACKAGE (x64) "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0 "{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 version 1.1 "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001 "{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink "{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse "{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13 "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3 "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar "{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page "{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "BookSmart® 2.6.0 2.6.0" = BookSmart® 2.6.0 2.6.0 "ccptb" = Calorie Count Plus Toolbar "Digital Editions" = Adobe Digital Editions "FMOD Designer" = FMOD Designer "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (2.0.0.3)" = Mozilla Firefox (2.0.0.3) "SystemRequirementsLab" = System Requirements Lab "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "World of Warcraft" = World of Warcraft "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Mail" = Yahoo! Internet Mail "Yahoo! Mail Advisor" = Yahoo! Mail Advisor "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client "NCsoft-Aion" = Aion ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/6/2010 5:38:52 PM | Computer Name = christal-PC | Source = WinMgmt | ID = 10 Description = Error - 6/6/2010 6:41:45 PM | Computer Name = christal-PC | Source = Perflib | ID = 1008 Description = Error - 6/6/2010 6:41:45 PM | Computer Name = christal-PC | Source = Perflib | ID = 1010 Description = Error - 6/6/2010 6:41:45 PM | Computer Name = christal-PC | Source = Perflib | ID = 1008 Description = Error - 6/6/2010 6:41:46 PM | Computer Name = christal-PC | Source = Perflib | ID = 1008 Description = Error - 6/6/2010 6:41:47 PM | Computer Name = christal-PC | Source = Perflib | ID = 1008 Description = Error - 6/6/2010 6:41:48 PM | Computer Name = christal-PC | Source = Perflib | ID = 1008 Description = Error - 6/6/2010 6:41:49 PM | Computer Name = christal-PC | Source = Perflib | ID = 1005 Description = Error - 6/6/2010 6:41:49 PM | Computer Name = christal-PC | Source = Perflib | ID = 1018 Description = Error - 6/6/2010 6:41:50 PM | Computer Name = christal-PC | Source = Perflib | ID = 1008 Description = [ Media Center Events ] Error - 3/19/2010 11:18:21 PM | Computer Name = christal-PC | Source = McrMgr | ID = 107 Description = [ System Events ] Error - 6/6/2010 7:18:59 PM | Computer Name = christal-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 6/6/2010 7:22:02 PM | Computer Name = christal-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 6/6/2010 7:25:05 PM | Computer Name = christal-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 6/6/2010 7:28:07 PM | Computer Name = christal-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 6/6/2010 7:31:10 PM | Computer Name = christal-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 6/6/2010 7:34:14 PM | Computer Name = christal-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 6/6/2010 7:37:16 PM | Computer Name = christal-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 6/6/2010 7:40:19 PM | Computer Name = christal-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 6/6/2010 7:43:21 PM | Computer Name = christal-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 6/6/2010 7:46:23 PM | Computer Name = christal-PC | Source = WMPNetworkSvc | ID = 866333 Description = < End of report > OTL logfile created on: 6/6/2010 7:43:06 PM - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\christal\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free 8.00 Gb Paging File | 7.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283.34 Gb Total Space | 175.17 Gb Free Space | 61.82% Space Free | Partition Type: NTFS Drive D: | 14.75 Gb Total Space | 7.97 Gb Free Space | 54.05% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHRISTAL-PC Current User Name: christal Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\christal\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.) PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\christal\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\STacSV64.exe (IDT, Inc.) SRV:64bit: - (lxdf_device) -- C:\Windows\SysNative\lxdfcoms.exe ( ) SRV:64bit: - (lxdfCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdfserv.exe () SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (lxdf_device) -- C:\Windows\SysWow64\lxdfcoms.exe ( ) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 09:34:14 | 000,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () ========== Driver Services (SafeList) ========== DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek ) DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys (Microsoft Corporation) DRV:64bit: - (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys (Microsoft Corporation) DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys (Microsoft Corporation) DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys (Microsoft Corporation) DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation) DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.) DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\DRIVERS\SiRemFil.sys (Silicon Image, Inc.) DRV:64bit: - (Si3531) -- C:\Windows\SysNative\DRIVERS\Si3531.sys (Silicon Image, Inc) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems) DRV:64bit: - (UMPass) -- C:\Windows\SysNative\DRIVERS\umpass.sys (Microsoft Corporation) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\Drivers\usbvideo.sys (Microsoft Corporation) DRV:64bit: - (BthPan) Bluetooth Device (Personal Area Network) -- C:\Windows\SysNative\DRIVERS\bthpan.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation) DRV:64bit: - (NETw4v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys (Intel Corporation) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (UVCFTR) -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation) DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation) DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginen ame: "Fast Browser Search" FF - prefs.js..browser.search.order.1: "Fast Browser Search" FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..browser.search.defaultEngine: "Yahoo" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.defaultenginen ame: "Yahoo" FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&type=&p=" FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/10/24 11:32:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/02 22:55:42 | 000,000,000 | ---D | M] [2009/12/13 11:45:31 | 000,000,000 | ---D | M] -- C:\Users\christal\AppData\Roaming\Mozilla\Firefox\Profiles\hdkuc1vc.default\extensions [2009/10/24 11:33:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\christal\AppData\Roaming\Mozilla\Firefox\Profiles\hdkuc1vc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/08/18 06:53:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\christal\AppData\Roaming\Mozilla\Firefox\Profiles\hdkuc1vc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010/05/31 09:50:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/05/31 09:50:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2009/10/24 11:32:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\[emailprotected] [2009/10/24 11:32:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\[emailprotected] [2009/10/24 11:32:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\[emailprotected] [2009/08/18 17:26:26 | 002,619,266 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\components\1249345.dll [2007/03/12 05:01:33 | 000,066,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\jar50.dll [2007/03/12 05:01:34 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\jsd3250.dll [2007/03/12 05:01:36 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\myspell.dll [2007/03/12 05:01:38 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\spellchk.dll [2007/03/12 05:01:40 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\xpinstal.dll [2010/05/31 09:50:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2009/10/24 11:32:41 | 000,003,700 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fast.png [2009/10/24 11:32:40 | 000,001,963 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fast.xml O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files (x86)\SGPSA\SearchAssistant.dll (Make The Web Better, LLC) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Calorie Count Plus Toolbar) - {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\Program Files (x86)\ccptb\ccptb.dll ( ) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Calorie Count Plus Toolbar) - {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\Program Files (x86)\ccptb\ccptb.dll ( ) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Calorie Count Plus Toolbar) - {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - C:\Program Files (x86)\ccptb\ccptb.dll ( ) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.) O4 - HKCU..\Run: [iLike] C:\Program Files (x86)\iLike\1.2.16\ilikesidebar.exe File not found O4 - HKCU..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O4 - Startup: C:\Users\christal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (CDownloadCtrl Object) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12 O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\christal\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\christal\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/04/30 04:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/06 19:41:38 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\christal\Desktop\OTL.exe [2010/06/06 18:27:45 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2010/06/05 17:45:24 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010/06/02 22:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS [2010/06/02 17:41:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010/06/02 17:41:04 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\christal\Desktop\HijackThisInstaller.exe [2010/06/02 06:35:45 | 000,000,000 | ---D | C] -- C:\Users\christal\AppData\Roaming\SUPERAntiSpyware.com [2010/06/02 06:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010/06/02 06:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SASCORE [2010/06/02 06:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010/06/02 06:34:37 | 008,924,856 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\christal\Desktop\SUPERAntiSpyware.exe [2010/05/31 09:53:43 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\christal\Desktop\JavaRa.exe [2010/05/31 09:50:44 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010/05/31 09:50:44 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010/05/31 09:50:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010/05/31 09:50:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010/05/30 20:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware [2010/05/30 20:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010/05/28 18:44:29 | 000,000,000 | -HSD | C] -- C:\found.000 [2010/05/18 18:21:46 | 000,000,000 | ---D | C] -- C:\Users\christal\Documents\My Digital Editions [2010/05/09 20:04:12 | 000,000,000 | ---D | C] -- C:\Users\christal\Documents\BookSmartData [2010/05/09 20:04:00 | 000,000,000 | ---D | C] -- C:\Users\christal\.blurb [2010/05/09 20:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BookSmart [2008/06/15 11:43:17 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfserv.dll [2008/06/15 11:43:17 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfusb1.dll [2008/06/15 11:43:17 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfpmui.dll [2008/06/15 11:43:17 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdflmpm.dll [2008/06/15 11:43:17 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfinpa.dll [2008/06/15 11:43:17 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfiesc.dll [2008/06/15 11:43:17 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfprox.dll [2008/06/15 11:43:15 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfhbn3.dll [2008/06/15 11:43:14 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfcomc.dll [2008/06/15 11:43:14 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfcomm.dll [135 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [135 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/06 19:43:13 | 002,359,296 | -HS- | M] () -- C:\Users\christal\ntuser.dat [2010/06/06 19:42:53 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6C0934CF-0A85-42F1-A2BE-C48A6A068357}.job [2010/06/06 19:41:46 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\christal\Desktop\OTL.exe [2010/06/06 19:38:20 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/06/06 19:38:20 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/06/06 18:30:52 | 000,000,828 | ---- | M] () -- C:\Users\christal\Desktop\World of Warcraft.lnk [2010/06/06 17:40:23 | 000,028,124 | ---- | M] () -- C:\Users\christal\AppData\Roaming\nvModes.001 [2010/06/06 17:38:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/06/06 17:38:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/06/05 22:03:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010/06/05 22:03:29 | 000,524,288 | -HS- | M] () -- C:\Users\christal\ntuser.dat{0169a828-6a9b-11df-b100-c6f226c58229}.TMContainer00000000000000000001.regtrans-ms [2010/06/05 22:03:29 | 000,065,536 | -HS- | M] () -- C:\Users\christal\ntuser.dat{0169a828-6a9b-11df-b100-c6f226c58229}.TM.blf [2010/06/05 22:03:20 | 003,340,508 | -H-- | M] () -- C:\Users\christal\AppData\Local\IconCache.db [2010/06/05 17:41:42 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010/06/05 17:21:02 | 000,028,124 | ---- | M] () -- C:\Users\christal\AppData\Roaming\nvModes.dat [2010/06/04 23:00:15 | 001,208,320 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb [2010/06/04 23:00:15 | 000,686,080 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb [2010/06/02 22:38:54 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/06/02 18:40:29 | 000,000,104 | ---- | M] () -- C:\Users\christal\Desktop\Recycle Bin - Shortcut.lnk [2010/06/02 18:03:24 | 000,867,892 | ---- | M] () -- C:\Users\christal\Desktop\SecurityCheck.exe [2010/06/02 17:41:23 | 000,001,939 | ---- | M] () -- C:\Users\christal\Desktop\HijackThis.lnk [2010/06/02 17:41:06 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\christal\Desktop\HijackThisInstaller.exe [2010/06/02 06:35:40 | 000,001,767 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010/06/02 06:34:46 | 008,924,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\christal\Desktop\SUPERAntiSpyware.exe [2010/05/31 09:50:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010/05/31 09:50:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010/05/31 09:50:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010/05/31 09:50:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010/05/30 21:36:04 | 000,000,736 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin [2010/05/30 21:35:48 | 000,000,736 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin [2010/05/30 20:18:57 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010/05/28 21:58:45 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job [2010/05/28 18:31:50 | 000,524,288 | -HS- | M] () -- C:\Users\christal\ntuser.dat{0169a828-6a9b-11df-b100-c6f226c58229}.TMContainer00000000000000000002.regtrans-ms [2010/05/28 17:00:38 | 000,524,288 | -HS- | M] () -- C:\Users\christal\ntuser.dat{8e8fd9bf-59fa-11df-b248-001dd9fcfe43}.TMContainer00000000000000000001.regtrans-ms [2010/05/28 17:00:38 | 000,065,536 | -HS- | M] () -- C:\Users\christal\ntuser.dat{8e8fd9bf-59fa-11df-b248-001dd9fcfe43}.TM.blf [2010/05/18 18:24:07 | 000,001,334 | ---- | M] () -- C:\Users\christal\Desktop\vegS 4 DUMB.acsm [2010/05/18 18:21:34 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk [2010/05/17 17:47:30 | 000,000,168 | ---- | M] () -- C:\Users\christal\AppData\Roaming\wklnhst.dat [2010/05/09 20:03:52 | 000,001,763 | ---- | M] () -- C:\Users\Public\Desktop\BookSmart.lnk [2010/05/07 23:02:19 | 000,524,288 | -HS- | M] () -- C:\Users\christal\ntuser.dat{8e8fd9bf-59fa-11df-b248-001dd9fcfe43}.TMContainer00000000000000000002.regtrans-ms [135 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [135 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/02 22:38:54 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/06/02 18:40:29 | 000,000,104 | ---- | C] () -- C:\Users\christal\Desktop\Recycle Bin - Shortcut.lnk [2010/06/02 18:03:21 | 000,867,892 | ---- | C] () -- C:\Users\christal\Desktop\SecurityCheck.exe [2010/06/02 17:41:23 | 000,001,939 | ---- | C] () -- C:\Users\christal\Desktop\HijackThis.lnk [2010/06/02 06:35:40 | 000,001,767 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010/05/31 09:53:43 | 000,245,103 | ---- | C] () -- C:\Users\christal\Desktop\JavaRa.def [2010/05/30 20:18:57 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010/05/28 17:05:23 | 000,524,288 | -HS- | C] () -- C:\Users\christal\ntuser.dat{0169a828-6a9b-11df-b100-c6f226c58229}.TMContainer00000000000000000002.regtrans-ms [2010/05/28 17:05:23 | 000,524,288 | -HS- | C] () -- C:\Users\christal\ntuser.dat{0169a828-6a9b-11df-b100-c6f226c58229}.TMContainer00000000000000000001.regtrans-ms [2010/05/28 17:05:23 | 000,065,536 | -HS- | C] () -- C:\Users\christal\ntuser.dat{0169a828-6a9b-11df-b100-c6f226c58229}.TM.blf [2010/05/18 18:22:56 | 000,001,334 | ---- | C] () -- C:\Users\christal\Desktop\vegS 4 DUMB.acsm [2010/05/18 18:21:34 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk [2010/05/09 20:03:52 | 000,001,763 | ---- | C] () -- C:\Users\Public\Desktop\BookSmart.lnk [2009/08/27 06:23:53 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/08/27 06:22:21 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008/12/24 09:36:14 | 000,339,968 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll [2008/12/24 09:36:14 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll [2008/06/15 11:43:17 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdfcomx.dll [2008/06/15 11:43:17 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdfinst.dll [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll ========== LOP Check ========== [2008/06/09 19:58:32 | 000,000,000 | ---D | M] -- C:\Users\christal\AppData\Roaming\Acreon [2010/04/13 06:58:17 | 000,000,000 | ---D | M] -- C:\Users\christal\AppData\Roaming\ccptb [2009/08/26 07:08:21 | 000,000,000 | ---D | M] -- C:\Users\christal\AppData\Roaming\GetRightToGo [2010/03/18 05:52:28 | 000,000,000 | ---D | M] -- C:\Users\christal\AppData\Roaming\iLike [2008/06/30 06:49:31 | 000,000,000 | ---D | M] -- C:\Users\christal\AppData\Roaming\Lexmark Productivity Studio [2008/10/05 20:04:35 | 000,000,000 | ---D | M] -- C:\Users\christal\AppData\Roaming\SampleView [2009/04/25 12:59:49 | 000,000,000 | ---D | M] -- C:\Users\christal\AppData\Roaming\Skinux [2008/06/30 06:48:01 | 000,000,000 | ---D | M] -- C:\Users\christal\AppData\Roaming\Template [2009/05/21 23:03:16 | 000,000,000 | ---D | M] -- C:\Users\christal\AppData\Roaming\Windows Live Writer [2010/05/28 21:58:45 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job [2010/06/05 22:03:37 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/06/06 19:42:53 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6C0934CF-0A85-42F1-A2BE-C48A6A068357}.job ========== Purity Check ========== < End of report > Add or Remove Programs 1. Click on the Windows Start button and click on the Control Panel 2. In the Control Panel window, double-click Add or Remove Programs icon. In Vista, Programs and Features 3. When the Add or Remove Programs window has fully populated, check for Java(TM) 6 Update 4 Java(TM) 6 Update 5 Java(TM) 6 Update 7 SGPSA and uninstall them. ================================== I'd like us to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Hello, your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. If you want to help, please go here. Superdave.No threats were found using EST so they only left me with the option of pushing finish.That looks good. If there are no other issues, let's do some clean-up. Download OTC by OldTimer and save it to your desktop. 1. Double-click OTC to run it. 2. Click the CleanUp! button. 3. Select Yes when the "Begin cleanup Process?" prompt appears. 4. If you are prompted to Reboot during the cleanup, select Yes 5. OTC should delete itself once it finishes, if not delete it yourself. ================================ Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. =============================== Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. ================================ Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! OK, I have downloaded all you have suggested. What remains on my desktop? I have super antispyware Hyjack this TFC Eset is still installed malwarebytes microsoft security essentials spyware doctor pc tools firewall Wot security check spyware blaster Of the above which ones do I need to uninstall?Uninstall HJT, ESET, TFC, Security Check. You may keep SAS and MBAM, if you wish. Update them and run it on a regular basis. SpywareBlaster needs to be updated every so often. I usually do mine about once a month. All the rest are need and can stay. |
|