Hi,

I've been infected with Adware.Agent.BN.
Tried to remove it with Spyware Doctor, but it returns.

here is the HickjackThis Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:50 AM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SogouInput\ImeUtil.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\StormII\stormliv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\CRavgas.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineTrayIcon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\gigi\Desktop\hijackthis.exe

O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\WINDOWS\system32\SSup.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live μ???°??ú3ìDò - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: DVA Gate - {DB9D1BB8-3615-48A6-BF50-5CB45AB28230} - C:\WINDOWS\gndarmblaor.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: wxdbpfvo - {E1B2B64B-E123-4A7A-98D7-C51065DF3249} - C:\WINDOWS\wxdbpfvo.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [stup.exe] Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows木马防火墙] C:\Documents and Settings\gigi\Desktop\rj07091004\112777_Windows???í??μà·ò 8[1].8é?í?±?±??ìé?×￠2á?ééy??°?\www.asp1.com.cn\ftcsetup\Trojanwall.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\CRavgas.exe" /minimized
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [VirusIsolator.exe] C:\Program Files\VirusIsolator\VirusIsolator.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O21 - SSODL: qadovnel - {9E95F92C-5707-4860-A38A-42ED99A719A1} - C:\WINDOWS\qadovnel.dll
O21 - SSODL: bdkpfxqw - {4F5963B1-99E5-4CD0-80CE-9EDDE131ACB9} - C:\WINDOWS\bdkpfxqw.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - C:\Program Files\StormII\stormliv.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 11113 bytes








at the same time, I cant open any web with IE7







please help me step by step, Thanks

Hi, and Welcome to WhatTheTech

My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

As I am still training, my posts to you will be checked by an Expert member. This will ensure that all advice and instructions I give you are accurate and safe. This may mean that my replies may take a little longer.

jpshortstuff

thank u so much I'm waiting for ur help~~~

Hi

Please download SmitfraudFix (by S!Ri), saving to your desktop.
Extract the contents of SmitFraudFix.exe to your desktop.

Open the SmitFraudFix folder on your desktop and double-click SmitfraudFix.cmd.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.

Thanks.

result on SmitfraudFix
SmitFraudFix v2.319

Scan done at 22:04:55.56, 05/02/2008 Fri
Run from C:\Documents and Settings\gigi\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

换换换换换换换换换换换换 Process


换换换换换换换换换换换换 hosts


换换换换换换换换换换换换 C:\


换换换换换换换换换换换换 C:\WINDOWS

C:\WINDOWS\qadovnel.dll FOUND !
C:\WINDOWS\spwoqbmv.exe FOUND !
C:\WINDOWS\xbaqktfv.exe FOUND !

换换换换换换换换换换换换 C:\WINDOWS\system


换换换换换换换换换换换换 C:\WINDOWS\Web


换换换换换换换换换换换换 C:\WINDOWS\system32


换换换换换换换换换换换换 C:\WINDOWS\system32\LogFiles


换换换换换换换换换换换换 C:\Documents and Settings\gigi


换换换换换换换换换换换换 C:\Documents and Settings\gigi\Application Data


换换换换换换换换换换换换 Start Menu


换换换换换换换换换换换换


换换换换换换换换换换换换 Desktop


换换换换换换换换换换换换 C:\Program Files


换换换换换换换换换换换换 Corrupted keys


换换换换换换换换换换换换 Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

换换换换换换换换换换换换 IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


换换换换换换换换换换换换 VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: gndarmblaor.dll
BHO: DVA Gate - {DB9D1BB8-3615-48A6-BF50-5CB45AB28230}
TypeLib: {40CA3D09-9ABB-4038-967E-7B2933168902}
Interface: {4E493E24-27F2-4749-8F73-5E775A238EE3}
Interface: {F4626DC1-0AF5-433A-A016-9B9C35D5D405}

[!] Suspicious: wxdbpfvo.dll
Toolbar: wxdbpfvo - {E1B2B64B-E123-4A7A-98D7-C51065DF3249}
TypeLib: {2D61E3DA-5106-489B-8282-A28F1197CDD6}
Interface: {480B1A9B-6AC6-43D9-A6EF-4A9410F74426}
Classe: wxdbpfvo.btbv
Classe: wxdbpfvo.ToolBar.1

[!] Suspicious: qadovnel.dll
SSODL: qadovnel - {9E95F92C-5707-4860-A38A-42ED99A719A1}

[!] Suspicious: bdkpfxqw.dll
SSODL: bdkpfxqw - {4F5963B1-99E5-4CD0-80CE-9EDDE131ACB9}


换换换换换换换换换换换换 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


换换换换换换换换换换换换 Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


换换换换换换换换换换换换 AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


换换换换换换换换换换换换 Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


换换换换换换换换换换换换 Rustock



换换换换换换换换换换换换 DNS



换换换换换换换换换换换换 Scanning for wininet.dll infection


换换换换换换换换换换换换 End




result on dss

extra
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
CPU 1: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 3069.97 MiB / 2270.57 MiB
Pagefile Memory (total/avail): 5978.61 MiB / 5169.08 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903 MiB

C: is Fixed (NTFS) - 109.21 GiB total, 59.63 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1246GSX - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 78.41 MiB
\PARTITION1 (bootable) - Installable File System - 109.21 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 2.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"="C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Tencent\\QQDownload\\QQDownload.exe"="C:\\Program Files\\Tencent\\QQDownload\\QQDownload.exe:*:Enabled:超级旋风"
"C:\\Program Files\\Tencent\\QQDownload\\QDAutoUpdate.exe"="C:\\Program Files\\Tencent\\QQDownload\\QDAutoUpdate.exe:*:Enabled:AutoUpdate Module"
"C:\\Program Files\\FlashGet Network\\Flashget\\FlashGet.exe"="C:\\Program Files\\FlashGet Network\\Flashget\\FlashGet.exe:*:Enabled:Flashget2"
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdate.exe"="C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe"="C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Tencent\\QQ\\QQ.exe"="C:\\Program Files\\Tencent\\QQ\\QQ.exe:*:Enabled:QQ"
"C:\\Program Files\\Tencent\\QQ\\QZone\\Qzone.exe"="C:\\Program Files\\Tencent\\QQ\\QZone\\Qzone.exe:*:Enabled:QzoneClient1.3Beta04 V01.3.104.021"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\StormII\\Storm.exe"="C:\\Program Files\\StormII\\Storm.exe:*:Enabled:暴风影音"
"C:\\Program Files\\StormII\\stormliv.exe"="C:\\Program Files\\StormII\\stormliv.exe:*:Enabled:暴风影音媒体控制中心"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Kingsoft\\Powerword 2007\\xdict.exe"="C:\\Program Files\\Kingsoft\\Powerword 2007\\xdict.exe:*:Enabled:Kingsoft PowerWord"
"C:\\Program Files\\Kingsoft\\Powerword 2007\\update.exe"="C:\\Program Files\\Kingsoft\\Powerword 2007\\update.exe:*:Enabled:Kingsoft PowerWord Online Update"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\gigi\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DGY0LZF1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\gigi
LOGONSERVER=\\DGY0LZF1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\StormII\Codec;C:\Program Files\StormII
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\gigi\LOCALS~1\Temp
TMP=C:\DOCUME~1\gigi\LOCALS~1\Temp
USERDOMAIN=DGY0LZF1
USERNAME=gigi
USERPROFILE=C:\Documents and Settings\gigi
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

gigi (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{61E8B062-51F9-4BBB-B1FC-E2A4A40944F5}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\SETUP.EXE" -l0x9
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced Audio FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000f5.INF
Dell Automated PC TuneUp --> MsiExec.exe /X{FE34691C-4298-4667-9758-D7F534DD0B94}
Dell DataSafe Online --> MsiExec.exe /I{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}
Dell Network Assistant --> MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Resource CD --> MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
eMule VeryCD版 --> C:\Program Files\eMule\uninstall.exe
Encyclopaedia Britannica 2008 Ultimate Reference Suite --> "C:\Program Files\Britannica 8.0\Encyclopaedia Britannica 2008 Ultimate Reference Suite\Uninstall_Encyclopaedia Britannica 2008 Ultimate Reference Suite\Uninstall Encyclopaedia Britannica 2008 Ultimate Reference Suite.exe"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\gigi\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IntelliSonic Speech Enhancement --> MsiExec.exe /X{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Laptop Integrated Webcam Driver (1.03.02.0719) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Learning Essentials for Microsoft Office --> MsiExec.exe /X{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Math --> MsiExec.exe /I{07043840-959A-4B0D-8825-2C533F0DDB19}
Microsoft Student 2007 for Learning Essentials --> RunDll32.exe advpack.dll, LaunchINFSectionEx C:\Program Files\Learning Essentials\1.0\en\US\Microsoft Student 2007\Uninstall\Uninstall.inf,Uninstall,,,N
Microsoft Student with Encarta Premium 2008 --> MsiExec.exe /I{08041881-FCA5-44A7-B863-D66037A16AAF}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mouse Suite for Laptop Computers --> C:\Program Files\InstallShield Installation Information\{BF13AA9D-E4CE-4015-9778-ECC1D4FB06E4}\setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox (3.0b5) --> C:\Program Files\Mozilla Firefox 3 Beta 5\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Powerword 2007 --> "C:\Program Files\Kingsoft\Powerword 2007\unins000.exe"
QQ2007II 正式版 --> C:\Program Files\Tencent\QQ\uninst.exe
QQ游戏 --> C:\Program Files\Tencent\QQGame\Uninstall.EXE
QuickSet --> C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype? 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sogou Chinese Input 3.2 (3.2.0.0605) --> "C:\Program Files\SogouInput\Uninstall.exe"
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SOSO AddressBar Search --> Rundll32.exe C:\WINDOWS\system32\Scrax.dll,Uninstall
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
Versal FileDownload ActiveX Control Trial Version --> C:\Program Files\Universal\UFileDownloadD\USetup.exe
Windows Live installer --> MsiExec.exe /X{75F9C7CC-1EF0-4E03-BCD5-DF715CD7AFD1}
Windows Live Messenger --> MsiExec.exe /X{3DD5CE10-6673-499D-8FC0-66C953121B1D}
Windows Live 登录助手 --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR 压缩文件管理器 --> C:\Program Files\WinRAR\uninstall.exe
快车(FlashGet)2-正式版 --> C:\Program Files\FlashGet Network\Flashget\uninst.exe
暴风影音 --> C:\Program Files\StormII\uninst.exe
超级旋风 1.8.195.202 --> C:\Program Files\Tencent\QQDownload\uninst.exe
飞速土豆 1.10 --> C:\Program Files\Tudou\飞速Tudou\uninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1642 / Error
Event Submitted/Written: 05/01/2008 10:36:35 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Microsoft Office PowerPoint Viewer 2007 (English) -- Error 1706. An installation package for the product Microsoft Office PowerPoint Viewer 2007 (English) cannot be found. Try the installation again using a valid copy of the installation package 'ppviewer.msi'.

Event Record #/Type1641 / Warning
Event Submitted/Written: 05/01/2008 10:36:28 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{95120000-00AF-0409-0000-0000000FF1CE}', feature 'PPTViewerWebDownloadFiles' failed during request for component '{FB8E9B43-0B6F-4159-91D6-E6CF414A4E03}'

Event Record #/Type1640 / Warning
Event Submitted/Written: 05/01/2008 10:36:28 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{95120000-00AF-0409-0000-0000000FF1CE}', feature 'PPTViewerWebDownloadFiles', component '{32497290-AB4C-48D2-A95D-E82C68DA659E}' failed. The resource 'C:\Program Files\Microsoft Office\Office12\INTLDATE.DLL' does not exist.

Event Record #/Type1603 / Error
Event Submitted/Written: 04/30/2008 03:44:25 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
发现威胁！威胁： Trojan Horse 位于文件: C:\Documents and Settings\gigi\Desktop\Spyware.Doctor\keygen.exe 由: 自动防护 扫描。操作: 隔离 成功 : 拒绝访问。操作说明: 已成功地隔离了文件。

Event Record #/Type1586 / Success
Event Submitted/Written: 04/30/2008 08:19:28 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4867 / Error
Event Submitted/Written: 05/02/2008 08:15:44 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

Event Record #/Type4822 / Error
Event Submitted/Written: 05/02/2008 02:19:01 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest.
Reference error message: The operation completed successfully.
.

Event Record #/Type4821 / Error
Event Submitted/Written: 05/02/2008 02:19:01 PM
Event ID/Source: 58 / SideBySide
Event Description:
Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
1" on line The manifest file contains one or more syntax errors.
2.

Event Record #/Type4820 / Error
Event Submitted/Written: 05/02/2008 02:19:01 PM
Event ID/Source: 61 / SideBySide
Event Description:
Syntax error in manifest or policy file "assemblyIdentity1" on line assemblyIdentity2.
The required attribute version is missing from element assemblyIdentity.

Event Record #/Type4819 / Error
Event Submitted/Written: 05/02/2008 02:19:00 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest.
Reference error message: The operation completed successfully.
.



-- End of Deckard's System Scanner: finished at 2008-05-02 21:47:17 ------------




main
Deckard's System Scanner v20071014.68
Run by gigi on 2008-05-02 21:49:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as gigi.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:19 PM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\StormII\stormliv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineTrayIcon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Kingsoft\Powerword 2007\xdict.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\gigi\Desktop\dss.exe
C:\DOCUME~1\gigi\Desktop\gigi.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\WINDOWS\system32\SSup.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live μ???°??ú3ìDò - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: DVA Gate - {DB9D1BB8-3615-48A6-BF50-5CB45AB28230} - C:\WINDOWS\gndarmblaor.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: wxdbpfvo - {E1B2B64B-E123-4A7A-98D7-C51065DF3249} - C:\WINDOWS\wxdbpfvo.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [stup.exe] Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows木马防火墙] C:\Documents and Settings\gigi\Desktop\rj07091004\112777_Windows???í??μà·ò 8[1].8é?í?±?±??ìé?×￠2á?ééy??°?\www.asp1.com.cn\ftcsetup\Trojanwall.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\CRavgas.exe" /minimized
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [KuGoo3] C:\PROGRA~1\KUGOO2~1\KuGoo.exe
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [VirusIsolator.exe] C:\Program Files\VirusIsolator\VirusIsolator.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: qadovnel - {9E95F92C-5707-4860-A38A-42ED99A719A1} - C:\WINDOWS\qadovnel.dll
O21 - SSODL: bdkpfxqw - {4F5963B1-99E5-4CD0-80CE-9EDDE131ACB9} - C:\WINDOWS\bdkpfxqw.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - C:\Program Files\StormII\stormliv.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 11548 bytes

-- Files created between 2008-04-02 and 2008-05-02 -----------------------------

2008-06-28 15:22:45 0 d-------- C:\Program Files\Enigma Software Group
2008-06-28 14:26:57 0 d-------- C:\Documents and Settings\gigi\Application Data\TrojanHunter
2008-06-28 12:56:50 0 d-------- C:\Program Files\Iparmor
2008-06-28 12:55:00 0 d-------- C:\Documents and Settings\gigi\update
2008-06-28 12:44:18 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-28 12:31:00 0 d-------- C:\Documents and Settings\gigi\Application Data\TmpRecentIcons
2008-06-28 11:47:10 0 d-------- C:\WINDOWS\empty
2008-06-28 10:52:25 94208 --a------ C:\WINDOWS\xbaqktfv.exe
2008-06-28 10:52:25 151552 --a------ C:\WINDOWS\wxdbpfvo.dll
2008-06-28 10:52:25 81920 --a------ C:\WINDOWS\spwoqbmv.exe
2008-06-28 10:52:25 167936 --a------ C:\WINDOWS\qadovnel.dll
2008-06-28 10:52:25 217088 --a------ C:\WINDOWS\gndarmblaor.dll
2008-06-28 10:52:25 212992 --a------ C:\WINDOWS\bdkpfxqw.dll
2008-06-27 20:07:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-27 17:24:10 0 d-------- C:\Documents and Settings\gigi\Application Data\Reallusion
2008-06-27 17:24:09 0 d-------- C:\Documents and Settings\gigi\Application Data\tmp
2008-05-02 21:34:58 4924 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-02 21:34:33 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-02 21:34:33 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-02 21:34:33 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-02 21:34:33 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-02 21:34:33 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-02 21:34:33 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-02 21:34:33 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-02 21:34:32 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-02 20:29:56 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-02 20:29:54 0 d-------- C:\Documents and Settings\gigi\Application Data\skypePM
2008-05-02 20:25:38 0 d-------- C:\Documents and Settings\gigi\Application Data\Skype
2008-05-02 20:25:17 0 d-------- C:\Program Files\Skype
2008-05-02 20:25:17 0 d-------- C:\Program Files\Common Files\Skype
2008-05-02 20:25:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-02 14:29:01 0 d-------- C:\KuGoo
2008-05-02 14:26:28 6096 --a------ C:\WINDOWS\LoginUsers.dat
2008-05-01 22:03:01 0 d-------- C:\Program Files\Universal
2008-04-30 16:07:25 0 d-------- C:\Program Files\Spyware Doctor
2008-04-30 16:07:25 0 d-------- C:\Documents and Settings\gigi\Application Data\PC Tools
2008-04-29 12:18:22 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-29 12:18:05 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-28 22:41:34 0 --a------ C:\WINDOWS\system32\cid_store.dat
2008-04-28 21:15:51 0 d-------- C:\WINDOWS\pss
2008-04-28 19:23:09 0 d-------- C:\Documents and Settings\gigi\Application Data\Grisoft
2008-04-28 19:22:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-28 19:18:58 0 d-------- C:\Documents and Settings\gigi\Application Data\MxBoost
2008-04-28 19:18:41 0 d-------- C:\Program Files\Maxthon2
2008-04-26 23:04:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-04-26 23:04:05 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-26 11:55:13 0 d-------- C:\Program Files\Microsoft Student
2008-04-26 11:54:36 0 d-------- C:\Program Files\Learning Essentials
2008-04-26 11:08:16 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-26 11:07:14 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-26 10:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-24 23:09:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-04-24 22:48:38 0 d-------- C:\Documents and Settings\gigi\Application Data\Apple Computer
2008-04-24 22:39:35 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-04-24 21:58:04 0 d-------- C:\Documents and Settings\gigi\Application Data\Mozilla
2008-04-24 21:49:55 0 d-------- C:\Program Files\QuickTime
2008-04-24 21:49:38 0 d-------- C:\Program Files\Apple Software Update
2008-04-24 21:49:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-24 21:40:37 0 d--h----- C:\Program Files\Zero G Registry
2008-04-24 21:40:37 0 d-------- C:\Program Files\Britannica 8.0
2008-04-24 21:38:45 0 d--h----- C:\Documents and Settings\gigi\InstallAnywhere
2008-04-24 12:41:31 0 d-------- C:\Program Files\Tudou
2008-04-22 20:31:50 41984 --a------ C:\WINDOWS\system32\drivers\AdProt.sys <Not Verified; 腾讯科技（深圳）有限公司; >
2008-04-22 14:24:02 0 d-------- C:\Program Files\EPSON
2008-04-22 08:25:09 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-20 21:12:33 12720 --a------ C:\WINDOWS\system32\drivers\prfnifp.sys
2008-04-19 10:46:28 7904 --a------ C:\WINDOWS\system32\BDGuardS.DAT
2008-04-19 10:46:28 1464 --a------ C:\WINDOWS\system32\BDGuard.DAT
2008-04-18 22:51:44 0 d-------- C:\Program Files\eREAD
2008-04-18 22:27:11 0 d-------- C:\Program Files\MSXML 4.0
2008-04-18 20:26:47 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-04-18 12:39:27 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-18 12:39:24 0 d-------- C:\Documents and Settings\gigi\Application Data\DAEMON Tools
2008-04-18 09:31:22 0 d-------- C:\WINDOWS\system32\Redist
2008-04-18 09:31:21 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-04-18 09:31:21 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-04-18 09:31:11 1712128 --a------ C:\WINDOWS\system32\GdiPlus.dll <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-04-18 09:30:53 0 d-------- C:\Program Files\Common Files\Kingsoft
2008-04-17 20:40:28 0 d-------- C:\Documents and Settings\gigi\Application Data\Real
2008-04-15 20:47:33 0 d-------- C:\Program Files\Common Files\Real
2008-04-15 20:46:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Storm
2008-04-15 20:46:55 0 d-------- C:\Documents and Settings\gigi\Application Data\Application Data
2008-04-15 20:46:36 0 d-------- C:\Program Files\StormII
2008-04-15 20:37:14 0 d-------- C:\Program Files\eMule
2008-04-13 09:28:01 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-12 21:54:50 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-04-12 21:54:50 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-04-12 21:54:50 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-04-12 21:54:50 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-04-12 21:54:49 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-04-12 21:54:47 0 d-------- C:\Documents and Settings\gigi\Application Data\Simply Super Software
2008-04-11 22:21:41 0 d-------- C:\WINDOWS\Sun
2008-04-11 22:21:41 0 d-------- C:\Documents and Settings\gigi\Application Data\Sun
2008-04-11 21:39:13 0 d-------- C:\Documents and Settings\gigi\Application Data\DataSafeOnline
2008-04-10 20:10:42 274800 --ahs---- C:\WINDOWS\system32\FffgPXbc.ini2
2008-04-08 22:02:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-07 07:38:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-05 08:39:41 0 d-------- C:\Downloads
2008-04-05 08:39:24 0 d-------- C:\Documents and Settings\gigi\Application Data\BITS
2008-04-05 08:38:47 0 d-------- C:\Program Files\FlashGet Network
2008-04-05 08:37:37 0 d-------- C:\QQDownload
2008-04-05 08:26:17 0 d-------- C:\Program Files\Symantec
2008-04-05 08:26:13 0 d-------- C:\Program Files\Symantec AntiVirus
2008-04-05 08:26:13 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-05 08:26:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 08:19:13 0 d-------- C:\Documents and Settings\gigi\Application Data\Kingsoft
2008-04-05 08:18:20 0 d-------- C:\Program Files\Kingsoft
2008-04-05 07:59:08 0 d-------- C:\Documents and Settings\NetworkService\Application Data\SogouPY
2008-04-05 07:59:08 0 d-------- C:\Documents and Settings\NetworkService\Application Data\SogouPY.users
2008-04-04 22:45:06 0 d-------- C:\Documents and Settings\gigi\Application Data\QQUpdate
2008-04-04 22:38:54 0 d-------- C:\Documents and Settings\gigi\Application Data\QQDoctor
2008-04-04 22:38:05 0 d-------- C:\Documents and Settings\gigi\Application Data\QQ
2008-04-04 22:38:03 0 d-------- C:\Documents and Settings\gigi\Application Data\Tencent
2008-04-04 22:32:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\SogouPY
2008-04-04 22:32:40 0 d-------- C:\Documents and Settings\LocalService\Application Data\SogouPY.users
2008-04-04 22:13:56 147456 --a------ C:\WINDOWS\system32\Scrax.dll <Not Verified; Tencent; >
2008-04-04 22:13:28 0 d-------- C:\WINDOWS\system32\qqedit
2008-04-04 22:13:22 0 d-------- C:\Program Files\Tencent
2008-04-04 22:13:08 0 d-------- C:\Program Files\SogouInput
2008-04-04 22:13:08 0 d-------- C:\Documents and Settings\gigi\Application Data\SogouPY.users
2008-04-04 22:12:53 0 d-------- C:\Documents and Settings\gigi\Application Data\SogouPY
2008-04-04 21:45:07 0 d-------- C:\Documents and Settings\gigi\Contacts
2008-04-04 21:27:02 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-04 21:26:58 0 d-------- C:\Program Files\Windows Live
2008-04-04 21:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-02 17:57:54 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-02 17:28:12 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-02 16:26:23 0 d-------- C:\Documents and Settings\gigi\Application Data\Macromedia
2008-04-02 16:13:51 0 d-------- C:\Documents and Settings\gigi\Application Data\MSNInstaller


-- Find3M Report ---------------------------------------------------------------

2008-06-28 15:17:06 51528 --a------ C:\WINDOWS\system32\nvModes.dat
2008-06-28 13:03:31 0 d-------- C:\Program Files\Google
2008-06-28 13:03:31 0 d-------- C:\Program Files\Creative
2008-06-28 12:48:28 0 d--h----- C:\Program Files�