Jump to content

Build Theme!
  •  
  • Infected?

Welcome Guest to What the Tech - Register now for FREE

We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

Create an Account Login to Account


Photo

[Resolved]áComputer calling me a loser ><;;


  • This topic is locked This topic is locked
31 replies to this topic

#1 meepmeep1101

meepmeep1101

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 28 October 2009 - 07:03 PM

So for about the past 2-3 weeks...very randomly my computer calls me a loser..and its only when I'm listening to music or watching a video and I am the only one in the room..hah...And also recently a windows box comes up and says that "windows explorer is not working"...so i press the restart button. It just makes my screen blink and everything is still there, but after that, my "My documents" window comes up too.

I ran the scan, and this is what I got:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:17 PM, on 10/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\iTHINK\iThink.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll
O2 - BHO: BabyMaker Toolbar - {ee1cf5ae-0ceb-491d-9485-7f5c01cdd895} - C:\Program Files (x86)\BabyMaker\tbBaby.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: VDict toolbar - {DF8BE390-5F8A-4890-8212-7427B5048607} - C:\PROGRA~2\VDICTT~1\vdict.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [iTHINK] "C:\Program Files (x86)\iTHINK\iThink.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Codec\divxdec.ax] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Codec\divxdec.ax",DllRegisterServer
O4 - HKLM\..\RunOnce: [NSIS.Library.RegTool.v3] "C:\Program Files (x86)\DivX\DivX Codec\X64\NSIS.Library.RegTool.v3.{2D2F560C-D0AC-42D8-8520-BC43F620991E}.exe" /S
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [myQuickFind] c:\program files\hanmesoft\myquickfind2\myQuickUpdate.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - https://secwebclinic...ugin/aosmgr.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www2.stlu.com...eetnoagent7.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/Leeloo's%20Talent%20Agency/Images/stg_drm.ocx
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.star.haw...Script/smsx.cab
O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillu...yDancer1020.cab
O16 - DPF: {3270EED1-B285-4828-A0A7-F55913A9B724} (S2PlayerPan Class) - http://listen.daum.n...MusicPlayer.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgre...eensActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.h...ads/sysinfo.cab
O16 - DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} (nPCom2 Control) - http://update.nprote...n/npstarter.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritag...EngineQuery.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {858F06DE-CE31-491F-83AA-EADBCEB27548} (PrunaDownloadControl Control) - http://download.prun...loadControl.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://mail.daum.net...cab?ver=2,0,0,5
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillu...Updater1034.cab
O16 - DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} (MOPlayerWnd2 Class) - http://www.melon.com...lWebInstall.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/Merriam%20Webster's%20Spell-Jam/Images/armhelper.ocx
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://player.muz.co...03/p3Instal.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprote...pusan/npkcx.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://poipubeach.se...activex/AMC.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: AT&T Con App Svc (CAATT) - PCTEL - C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19864 bytes


And this is my startup list

StartupList report, 10/28/2009, 2:42:40 PM
StartupList version: 1.52.2
Started from : C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows Vista SP1 (WinNT 6.00.1905)
Detected: Internet Explorer v8.00 (8.00.6001.18828)
* Using default options
==================================================

Running processes:

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\iTHINK\iThink.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DVDAgent = "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
TSMAgent = "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
CLMLServer for HP TouchSmart = "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
TVAgent = "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
UpdateLBPShortCut = "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
UpdatePSTShortCut = "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
QlbCtrl.exe = "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
UpdateP2GoShortCut = "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
UpdatePDIRShortCut = "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
SunJavaUpdateSched = "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
HP Software Update = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
hpWirelessAssistant = C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
iTHINK = "C:\Program Files (x86)\iTHINK\iThink.exe"
ShStatEXE = "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE" /STANDALONE
McAfeeUpdaterUI = "C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
(Default) =
AT&T Communication Manager = "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a
Adobe Reader Speed Launcher = "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
PC Alarm Clock = "C:\Program Files (x86)\PC Alarm Clock\pcalarmclock.exe"
QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
UCam_Menu = "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
HP Health Check Scheduler = c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

B Register C:\Program Files (x86)\DivX\DivX Codec\divxdec.ax = "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Codec\divxdec.ax",DllRegisterServer
NSIS.Library.RegTool.v3 = "C:\Program Files (x86)\DivX\DivX Codec\X64\NSIS.Library.RegTool.v3.{2D2F560C-D0AC-42D8-8520-BC43F620991E}.exe" /S

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

LightScribe Control Panel = C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
ehTray.exe = C:\Windows\ehome\ehTray.exe
Messenger (Yahoo!) = "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
Aim6 =
DAEMON Tools Pro Agent = "C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe" -autorun
myQuickFind = c:\program files\hanmesoft\myquickfind2\myQuickUpdate.exe
VeohPlugin = "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
AdobeUpdater6 = "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=C:\Windows\system32\MONKEY~1.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670}
AcroIEHelperStub - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - (no file) - {5C255C8A-E604-49b4-9D64-90988571CECB}
(no name) - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
scriptproxy - C:\Program Files (x86)\McAfee\VirusScan Enterprise\Scriptcl.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
(no name) - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll - {d2ce3e00-f94a-4740-988e-03dc2f38c34f}
(no name) - C:\Program Files (x86)\free-downloads.net\tbfree.dll - {ecdee021-0d17-467f-a1ff-c7a115230949}
(no name) - C:\Program Files (x86)\BabyMaker\tbBaby.dll - {ee1cf5ae-0ceb-491d-9485-7f5c01cdd895}

--------------------------------------------------

Enumerating Task Scheduler jobs:

HPCeeScheduleForChae Eun.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files (x86)\QuickTime\QTPlugin.ocx
CODEBASE = http://appldnld.appl...ex/qtplugin.cab

[{063F7D71-5E0B-48F2-87D5-F63C5917947E}]
CODEBASE = https://secwebclinic...ugin/aosmgr.cab

[Street Technologies ActiveX Control Object]
InProcServer32 = C:\Windows\Downloaded Program Files\iestm32.dll
CODEBASE = http://www2.stlu.com...eetnoagent7.cab

[Facebook Photo Uploader 5 Control]
InProcServer32 = C:\Windows\Downloaded Program Files\PhotoUploader5.ocx
CODEBASE = http://upload.facebo...toUploader5.cab

[SpinTop DRM Control]
InProcServer32 = C:\Windows\DOWNLO~1\CONFLICT.1\stg_drm.ocx
CODEBASE = file:///C:/Program%20Files%20(x86)/Leeloo's%20Talent%20Agency/Images/stg_drm.ocx

[MeadCo ScriptX]
InProcServer32 = C:\Windows\SysWow64\MCScripX.dll
CODEBASE = https://www.star.haw...Script/smsx.cab
OSD = C:\Windows\Downloaded Program Files\smsx.osd

[Shockwave ActiveX Control]
InProcServer32 = C:\Windows\SysWow64\Adobe\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\Windows\SysWow64\LegitCheckControl.DLL
CODEBASE = http://download.micr...heckControl.cab

[myDancerCTL Class]
InProcServer32 = C:\Windows\Downloaded Program Files\myDancer1020.dll
CODEBASE = http://web.spaceillu...yDancer1020.cab

[S2PlayerPan Class]
InProcServer32 = C:\Windows\Downloaded Program Files\S2MusicPlayer.dll
CODEBASE = http://listen.daum.n...MusicPlayer.dll

[Snapfish Activia]
InProcServer32 = C:\Windows\Downloaded Program Files\SnapfishActivia1000.ocx
CODEBASE = http://photo2.walgre...eensActivia.cab

[DLM Control]
InProcServer32 = C:\Windows\DOWNLO~1\DOWNLO~1.OCX
CODEBASE = http://dlm.tools.aka...vex-2.2.4.1.cab

[MySpace Uploader Control]
InProcServer32 = C:\Windows\Downloaded Program Files\MySpaceUploader.ocx
CODEBASE = http://lads.myspace....ploader1006.cab

[SysData Class]
InProcServer32 = C:\Windows\DOWNLO~1\SysInfo.dll
CODEBASE = https://wimpro.cce.h...ads/sysinfo.cab

[nPCom2 Control]
InProcServer32 = C:\Windows\SysWow64\NPSTAR~1.OCX
CODEBASE = http://update.nprote...n/npstarter.cab

[CSEQueryObject Object]
InProcServer32 = C:\Windows\Downloaded Program Files\SearchEngineQuery.dll
CODEBASE = http://www.myheritag...EngineQuery.dll

[DivXBrowserPlugin Object]
InProcServer32 = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CODEBASE = http://download.divx...owserPlugin.cab

[Facebook Photo Uploader 5 Control]
InProcServer32 = C:\Windows\Downloaded Program Files\PhotoUploader55.ocx
CODEBASE = http://upload.facebo...oUploader55.cab

[PrunaDownloadControl Control]
InProcServer32 = C:\Windows\SysWow64\PRUNAD~1.OCX
CODEBASE = http://download.prun...loadControl.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.ma...r/ultrashim.cab

[Daum ActiveX manager Class]
InProcServer32 = C:\Windows\SysWow64\DaumActiveX.dll
CODEBASE = http://mail.daum.net...cab?ver=2,0,0,5

[SiUpdaterCtrl Class]
InProcServer32 = C:\Windows\Downloaded Program Files\iDanceUpdater1034.dll
CODEBASE = http://web.spaceillu...Updater1034.cab

[MOPlayerWnd2 Class]
InProcServer32 = C:\Windows\SysWow64\MelonWebPlayer.dll
CODEBASE = http://www.melon.com...lWebInstall.cab

[ArmHelper Control]
InProcServer32 = ./Images/armhelper.ocx
CODEBASE = file:///C:/Program%20Files%20(x86)/Merriam%20Webster's%20Spell-Jam/Images/armhelper.ocx

[PcubeSet Class]
InProcServer32 = C:\Windows\p3instl1.dll
CODEBASE = http://player.muz.co...03/p3Instal.cab

[Shockwave Flash Object]
InProcServer32 = C:\Windows\SysWow64\Macromed\Flash\Flash10c.ocx
CODEBASE = http://fpdownload2.m...ash/swflash.cab

[NPKCX Control]
InProcServer32 = C:\Windows\SysWow64\npkcx.ocx
CODEBASE = http://update.nprote...pusan/npkcx.cab

[AxisMediaControlEmb Class]
InProcServer32 = C:\Program Files (x86)\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll
CODEBASE = http://poipubeach.se...activex/AMC.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\system32\napinsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\pnrpnsp.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\Windows\SysWOW64\webcheck.dll

--------------------------------------------------
End of report, 13,976 bytes
Report generated in 0.203 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only







Please and thankyou^O^
Help me please

Advertisement

    Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 20,644 posts
  • MVP

Posted 29 October 2009 - 06:27 AM

Hi,

Please do the following:

  • Please download OTL from HERE
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


#3 meepmeep1101

meepmeep1101

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 29 October 2009 - 10:53 AM

Its scanning now, and I'll paste it when I get out of class in 5 hours ^O^

NVM...Here you go:

OTL logfile created on: 10/29/2009 6:51:21 AM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\Chae Eun\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 31.79% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.97 Gb Total Space | 82.66 Gb Free Space | 37.58% Space Free | Partition Type: NTFS
Drive D: | 12.91 Gb Total Space | 2.02 Gb Free Space | 15.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.92 Gb Total Space | 1.91 Gb Free Space | 99.69% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHAEEUN-PC
Current User Name: Chae Eun
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/29 06:50:36 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\OTL.exe
PRC - [2009/10/12 18:03:52 | 17,507,000 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2009/10/05 14:14:22 | 02,075,384 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/08/26 19:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/05/18 19:23:16 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM6\aim6.exe
PRC - [2009/05/11 16:45:30 | 00,202,024 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/02/20 08:22:34 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/02/06 12:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009/01/27 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2009/01/27 17:37:24 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/01/27 17:30:20 | 02,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/11/06 07:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM6\aolsoftware.exe
PRC - [2008/10/06 06:54:52 | 00,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/09/26 00:36:40 | 01,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 16:42:24 | 00,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/25 16:41:44 | 01,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/24 16:08:26 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/09/24 16:08:26 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/08/01 13:14:02 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008/06/29 13:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
PRC - [2008/06/10 01:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/06/10 01:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2008/05/01 13:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/04/15 11:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2008/04/11 06:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/04/03 08:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/01/20 16:49:12 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2007/10/25 04:05:40 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007/10/25 04:04:56 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2007/10/25 04:03:28 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/09/26 04:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
PRC - [2007/05/08 13:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/06/03 20:43:18 | 00,239,104 | ---- | M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV [Auto | Running])
SRV:64bit: - [2009/03/02 18:42:58 | 00,089,600 | ---- | M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe -- (AESTFilters [Auto | Running])
SRV:64bit: - [2008/12/10 08:04:58 | 00,935,424 | ---- | M] () -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
SRV:64bit: - [2008/03/18 14:25:40 | 00,023,040 | ---- | M] () -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv [Auto | Running])
SRV:64bit: - [2008/01/20 16:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV:64bit: - [2008/01/20 16:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:64bit: - [2007/12/11 10:11:30 | 00,015,872 | ---- | M] () -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2009/07/16 13:16:44 | 00,250,616 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2009/02/19 17:22:23 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/01/27 20:50:00 | 00,154,432 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield [Auto | Running])
SRV - [2009/01/27 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager [Auto | Running])
SRV - [2009/01/27 17:37:24 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/11/20 09:18:52 | 00,136,120 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/11/03 19:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2008/10/09 07:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/10/06 06:54:52 | 00,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
SRV - [2008/09/24 16:08:26 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc [Auto | Running])
SRV - [2008/09/24 16:08:26 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched [Auto | Running])
SRV - [2008/07/27 08:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 08:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/06/29 13:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2008/06/19 15:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/06/19 15:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/05/01 13:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2008/04/03 08:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
SRV - [2008/03/06 10:10:52 | 00,106,496 | ---- | M] (PCTEL) -- C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc [On_Demand | Stopped])
SRV - [2008/03/06 10:09:50 | 00,118,784 | ---- | M] (PCTEL) -- C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT [On_Demand | Stopped])
SRV - [2008/01/20 16:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 16:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2007/10/25 04:03:28 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2007/05/31 04:11:54 | 00,443,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm [Auto | Running])
SRV - [2007/05/31 04:11:46 | 00,225,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr [Auto | Running])
SRV - [2007/01/02 05:35:24 | 00,074,656 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2006/11/02 05:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2006/11/02 03:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2006/11/01 20:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/01 20:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Running])
SRV - [2006/10/26 11:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/10/22 00:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/06/24 03:28:32 | 00,871,408 | ---- | M] () -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV:64bit: - [2009/06/03 20:43:18 | 00,486,400 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA [On_Demand | Running])
DRV:64bit: - [2009/05/25 06:51:00 | 00,207,872 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])
DRV:64bit: - [2009/05/23 05:09:38 | 00,029,704 | ---- | M] () -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt [On_Demand | Stopped])
DRV:64bit: - [2009/01/27 20:50:00 | 00,259,656 | ---- | M] () -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
DRV:64bit: - [2009/01/27 20:50:00 | 00,094,280 | ---- | M] () -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV:64bit: - [2009/01/27 20:50:00 | 00,081,096 | ---- | M] () -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
DRV:64bit: - [2009/01/27 20:50:00 | 00,067,272 | ---- | M] () -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik [System | Running])
DRV:64bit: - [2008/12/10 09:31:26 | 04,993,024 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])
DRV:64bit: - [2008/11/21 22:05:22 | 01,253,376 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem [On_Demand | Running])
DRV:64bit: - [2008/10/23 02:16:34 | 01,526,776 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX [On_Demand | Running])
DRV:64bit: - [2008/10/16 23:00:00 | 00,179,768 | ---- | M] () -- C:\Windows\SysNative\drivers\Mkd3kfNt.sys -- (Mkd3kfNt [On_Demand | Stopped])
DRV:64bit: - [2008/10/16 23:00:00 | 00,106,040 | ---- | M] () -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr [On_Demand | Stopped])
DRV:64bit: - [2008/07/20 23:53:04 | 00,145,496 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR [On_Demand | Running])
DRV:64bit: - [2008/06/27 01:51:10 | 00,088,632 | ---- | M] () -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs [Auto | Running])
DRV:64bit: - [2008/05/28 12:54:18 | 00,026,168 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter [On_Demand | Running])
DRV:64bit: - [2008/04/27 22:25:06 | 00,016,400 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie [Boot | Running])
DRV:64bit: - [2008/03/30 23:36:18 | 00,195,120 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV:64bit: - [2008/03/27 10:10:56 | 00,026,984 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV:64bit: - [2008/03/27 10:10:14 | 00,040,296 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV:64bit: - [2008/03/06 09:57:32 | 00,042,784 | ---- | M] () -- C:\Windows\SysNative\PCTINDIS5X64.SYS -- (PCTINDIS5X64 [On_Demand | Stopped])
DRV:64bit: - [2008/01/24 02:24:24 | 00,060,928 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir [On_Demand | Running])
DRV:64bit: - [2008/01/20 16:49:47 | 00,011,264 | ---- | M] () -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV:64bit: - [2008/01/20 16:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
DRV:64bit: - [2008/01/20 16:46:57 | 03,154,432 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64 [On_Demand | Stopped])
DRV:64bit: - [2008/01/20 16:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus [On_Demand | Stopped])
DRV:64bit: - [2008/01/20 16:46:52 | 00,019,456 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV:64bit: - [2008/01/20 16:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Running])
DRV:64bit: - [2007/06/27 03:47:14 | 00,089,216 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\swumx56.sys -- (SWUMX56 [On_Demand | Stopped])
DRV:64bit: - [2007/06/27 03:46:24 | 00,114,688 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\swnc8u56.sys -- (SWNC8U56 [On_Demand | Stopped])
DRV:64bit: - [2007/06/18 14:13:12 | 00,018,432 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running])
DRV:64bit: - [2007/01/18 09:10:22 | 00,030,336 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort [On_Demand | Running])
DRV:64bit: - [2006/11/01 19:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Running])
DRV:64bit: - [2006/10/03 15:45:36 | 00,273,408 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand | Stopped])
DRV - [2009/01/27 20:50:00 | 00,038,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mferkdk.sys -- (mferkdk [System | Stopped])
DRV - [2008/09/26 00:36:34 | 00,027,632 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49} [Auto | Running])
DRV - [2006/09/18 11:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot | Running])
DRV - [2006/09/18 11:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2005/02/01 09:55:40 | 00,021,442 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files (x86)\Gravity\RO\npkcrypt.sys -- (npkcrypt [On_Demand | Stopped])

========== Modules (SafeList) ==========

MOD - [2009/10/29 06:50:36 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\OTL.exe
MOD - [2008/01/20 16:50:45 | 00,545,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\imekr8\imkrtip.dll
MOD - [2008/01/20 16:49:57 | 00,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\shared\imjkapi.dll
MOD - [2008/01/20 16:49:46 | 00,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\shared\imetip.dll
MOD - [2008/01/20 16:49:02 | 00,113,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\imekr8\imkrapi.dll
MOD - [2008/01/20 16:48:06 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2008/01/20 16:47:36 | 00,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\IME\SpTip.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {ee1cf5ae-0ceb-491d-9485-7f5c01cdd895} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\S-1-5-21-1699190045-97685707-2489270049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/10 21:01:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/20 21:35:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/27 23:02:26 | 00,000,000 | ---D | M]

[2009/04/24 18:27:39 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Extensions
[2009/04/24 18:27:39 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/07 10:27:03 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2009/10/28 21:08:22 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions
[2009/07/12 19:34:28 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/09 14:47:15 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/10/28 21:08:22 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}
[2009/05/09 06:34:41 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/04/24 18:27:29 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/09/18 09:25:28 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/18 09:25:24 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/09/18 09:25:24 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/09/25 06:41:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll
[2009/09/25 06:41:24 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 12:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/09/18 09:25:26 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2007/04/16 07:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2009/09/25 06:41:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll
[2009/04/08 19:51:14 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/08 19:51:14 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/04/08 19:51:14 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/08 19:51:14 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/04/08 19:51:14 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/04/08 19:51:14 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/29 08:35:18 | 00,000,787 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\Scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll ()
O3 - HKLM\..\Toolbar: (VDict toolbar) - {DF8BE390-5F8A-4890-8212-7427B5048607} - C:\Program Files (x86)\VDict toolbar\vdict.dll (Kamejoko Network)
O3 - HKLM\..\Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - No CLSID value found.
O3 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\..\Toolbar\WebBrowser: (no name) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - No CLSID value found.
O3 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\..\Toolbar\WebBrowser: (no name) - {EE1CF5AE-0CEB-491D-9485-7F5C01CDD895} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [AdobeUpdater6] C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [myQuickFind] c:\program files\hanmesoft\myquickfind2\myQuickUpdate.exe File not found
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [oovoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKLM..\RunOnce: [NSIS.Library.RegTool.v3] C:\Program Files (x86)\DivX\DivX Codec\X64\NSIS.Library.RegTool.v3.{2D2F560C-D0AC-42D8-8520-BC43F620991E}.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} https://secwebclinic...ugin/aosmgr.cab (Reg Error: Key error.)
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} http://www2.stlu.com...eetnoagent7.cab (Street Technologies ActiveX Control Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Leeloo's%20Talent%20Agency/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.star.haw...Script/smsx.cab (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} http://web.spaceillu...yDancer1020.cab (myDancerCTL Class)
O16 - DPF: {3270EED1-B285-4828-A0A7-F55913A9B724} http://listen.daum.n...MusicPlayer.dll (S2PlayerPan Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} http://update.nprote...n/npstarter.cab (nPCom2 Control)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritag...EngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {858F06DE-CE31-491F-83AA-EADBCEB27548} http://download.prun...loadControl.cab (PrunaDownloadControl Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net...cab?ver=2,0,0,5 (Daum ActiveX manager Class)
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} http://web.spaceillu...Updater1034.cab (SiUpdaterCtrl Class)
O16 - DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} http://www.melon.com...lWebInstall.cab (MOPlayerWnd2 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Merriam%20Webster's%20Spell-Jam/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} http://player.muz.co...03/p3Instal.cab (PcubeSet Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprote...pusan/npkcx.cab (NPKCX Control)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://poipubeach.se...activex/AMC.cab (AxisMediaControlEmb Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.171.3.13 128.171.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6b259e79-0998-11de-9c6e-00235a207d20}\Shell\AutoRun\command - "" = F:\squdq.com -- File not found
O33 - MountPoints2\{6b259e79-0998-11de-9c6e-00235a207d20}\Shell\open\Command - "" = F:\squdq.com -- File not found
O33 - MountPoints2\{c02ea824-91cc-11de-98dc-00235a207d20}\Shell - "" = AutoRun
O33 - MountPoints2\{c02ea824-91cc-11de-98dc-00235a207d20}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e2dfff9b-435b-11de-9cee-00235a207d20}\Shell - "" = AutoRun
O33 - MountPoints2\{e2dfff9b-435b-11de-9cee-00235a207d20}\Shell\AutoRun\command - "" = G:\WIN\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/28 21:08:20 | 00,000,000 | ---D | C] -- C:\ProgramData\EmailNotifier
[2009/10/28 21:08:54 | 00,000,000 | ---D | C] -- C:\Users\Chae Eun\AppData\Roaming\ooVoo Details
[2009/10/18 18:50:49 | 00,000,000 | ---D | C] -- C:\Users\Chae Eun\AppData\Local\AIM
[2009/10/22 20:01:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Daum
[2009/10/13 19:47:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub
[2009/10/10 10:07:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2009/10/28 21:07:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
[2009/10/28 21:08:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\oovootb
[2009/10/28 14:28:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/10/29 06:50:30 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\OTL.exe
[2009/10/13 12:27:04 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/13 12:26:56 | 05,940,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/13 12:26:52 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/13 12:26:51 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/10/13 12:26:50 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/13 12:26:50 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/13 12:26:49 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/10/13 12:26:49 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/10/13 12:26:49 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/10/13 12:26:48 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/10/13 12:26:48 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/10/13 12:26:48 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/10/13 12:26:47 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/10/13 12:26:46 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/10/13 12:26:46 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/10/13 12:26:46 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/10/13 12:26:45 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/10/13 12:26:44 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/10/13 12:26:44 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/10/13 12:26:44 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/10/13 12:26:44 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/10/13 12:24:06 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/13 12:23:54 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[2009/10/02 06:37:30 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2009/10/02 06:37:30 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2009/10/02 06:37:30 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2009/10/02 06:37:11 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2009/10/02 06:37:11 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2009/09/29 19:58:35 | 00,000,000 | -H-D | C] -- C:\Users\Chae Eun\Desktop\.picasaoriginals

========== Files - Modified Within 30 Days ==========

[2009/10/29 06:50:36 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\OTL.exe
[2009/10/29 06:33:28 | 00,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/29 06:33:28 | 00,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/28 21:07:36 | 00,000,591 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2009/10/28 14:59:17 | 00,019,866 | ---- | M] () -- C:\Users\Chae Eun\Desktop\OMGhijackthis
[2009/10/28 14:28:46 | 00,001,928 | ---- | M] () -- C:\Users\Chae Eun\Desktop\HijackThis.lnk
[2009/10/28 12:33:17 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/27 23:02:22 | 00,001,013 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/10/27 23:01:22 | 00,001,421 | ---- | M] () -- C:\Users\Chae Eun\Desktop\DivX Movies.lnk
[2009/10/27 19:31:32 | 00,000,026 | ---- | M] () -- C:\Windows\SysWow64\autoup.ini
[2009/10/25 19:38:30 | 00,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChae Eun.job
[2009/10/25 17:52:58 | 00,086,738 | ---- | M] () -- C:\Users\Chae Eun\Desktop\138.jpg
[2009/10/24 10:37:09 | 00,413,025 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0068.jpg
[2009/10/24 10:37:08 | 00,393,399 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0067.jpg
[2009/10/24 10:37:07 | 00,444,101 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0062.jpg
[2009/10/24 10:37:07 | 00,353,909 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0063.jpg
[2009/10/23 18:19:22 | 00,000,180 | ---- | M] () -- C:\Windows\win.ini
[2009/10/23 12:29:24 | 00,003,998 | ---- | M] () -- C:\Users\Chae Eun\AppData\Roaming\wklnhst.dat
[2009/10/22 22:35:06 | 00,016,528 | ---- | M] () -- C:\Users\Chae Eun\Desktop\Midterm_US_157[1][1].docx
[2009/10/22 22:35:06 | 00,012,689 | ---- | M] () -- C:\Users\Chae Eun\Desktop\final essay.docx
[2009/10/21 13:24:16 | 00,460,172 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0059.jpg
[2009/10/20 19:35:48 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/20 19:35:04 | 40,242,58560 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/19 16:56:37 | 00,027,648 | ---- | M] () -- C:\Users\Chae Eun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/18 18:25:11 | 00,013,880 | ---- | M] () -- C:\Users\Chae Eun\Documents\timmmmm.docx
[2009/10/18 18:18:29 | 00,011,284 | ---- | M] () -- C:\Users\Chae Eun\Documents\timmmmm..docx
[2009/10/18 15:36:09 | 98,750,464 | ---- | M] () -- C:\Users\Chae Eun\Documents\Produce.wmv
[2009/10/14 03:35:40 | 02,097,259 | -H-- | M] () -- C:\Users\Chae Eun\AppData\Local\IconCache.db
[2009/10/13 05:41:53 | 00,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/10/13 05:41:52 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/10/13 05:41:52 | 00,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/10/10 12:32:13 | 00,408,430 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0051.jpg
[2009/10/10 10:15:44 | 00,094,632 | ---- | M] () -- C:\Users\Chae Eun\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/10 10:15:05 | 02,955,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/10/07 20:25:18 | 00,326,343 | ---- | M] () -- C:\Users\Chae Eun\Desktop\RT_cascada.wma
[2009/10/02 08:40:19 | 26,575,296 | ---- | M] () -- C:\Windows\SysNative\mrt.exe
[2009/10/01 18:51:01 | 00,023,040 | ---- | M] () -- C:\Users\Chae Eun\Documents\dock,jessicaCL.doc
[2009/10/01 10:29:14 | 00,238,960 | ---- | M] () -- C:\Windows\SysNative\MpSigStub.exe
[2009/09/29 19:58:43 | 02,364,142 | ---- | M] () -- C:\Users\Chae Eun\Desktop\img017.jpg
[2009/09/29 19:58:36 | 02,292,107 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMG_4112.JPG

========== Files - No Company Name ==========
[2009/10/28 21:07:36 | 00,000,591 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2009/10/28 14:33:09 | 00,019,866 | ---- | C] () -- C:\Users\Chae Eun\Desktop\OMGhijackthis
[2009/10/28 14:28:46 | 00,001,928 | ---- | C] () -- C:\Users\Chae Eun\Desktop\HijackThis.lnk
[2009/10/27 23:02:22 | 00,001,013 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/10/25 17:52:58 | 00,086,738 | ---- | C] () -- C:\Users\Chae Eun\Desktop\138.jpg
[2009/10/24 10:37:09 | 00,413,025 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0068.jpg
[2009/10/24 10:37:08 | 00,393,399 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0067.jpg
[2009/10/24 10:37:07 | 00,444,101 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0062.jpg
[2009/10/24 10:37:07 | 00,353,909 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0063.jpg
[2009/10/22 22:21:51 | 00,000,026 | ---- | C] () -- C:\Windows\SysWow64\autoup.ini
[2009/10/22 19:35:32 | 00,016,528 | ---- | C] () -- C:\Users\Chae Eun\Desktop\Midterm_US_157[1][1].docx
[2009/10/22 19:35:32 | 00,012,689 | ---- | C] () -- C:\Users\Chae Eun\Desktop\final essay.docx
[2009/10/21 13:24:16 | 00,460,172 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0059.jpg
[2009/10/18 18:25:10 | 00,013,880 | ---- | C] () -- C:\Users\Chae Eun\Documents\timmmmm.docx
[2009/10/18 18:18:28 | 00,011,284 | ---- | C] () -- C:\Users\Chae Eun\Documents\timmmmm..docx
[2009/10/18 14:41:47 | 98,750,464 | ---- | C] () -- C:\Users\Chae Eun\Documents\Produce.wmv
[2009/10/13 12:27:32 | 04,691,016 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/13 12:27:02 | 00,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/13 12:26:55 | 09,236,992 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/10/13 12:26:53 | 12,461,568 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/10/13 12:26:51 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/10/13 12:26:50 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/10/13 12:26:50 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/10/13 12:26:50 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/10/13 12:26:49 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009/10/13 12:26:49 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009/10/13 12:26:48 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009/10/13 12:26:47 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009/10/13 12:26:46 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2009/10/13 12:26:46 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2009/10/13 12:26:46 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2009/10/13 12:26:46 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009/10/13 12:26:45 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2009/10/13 12:26:44 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/10/13 12:26:44 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009/10/13 12:26:44 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009/10/13 12:26:44 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009/10/13 12:26:44 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/10/13 12:24:10 | 00,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/13 12:24:06 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2009/10/13 12:23:54 | 00,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2009/10/10 12:32:13 | 00,408,430 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0051.jpg
[2009/10/07 20:25:16 | 00,326,343 | ---- | C] () -- C:\Users\Chae Eun\Desktop\RT_cascada.wma
[2009/10/02 12:37:55 | 00,238,960 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2009/10/02 06:38:14 | 02,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2009/10/02 06:38:14 | 00,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2009/10/02 06:38:14 | 00,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2009/10/02 06:38:13 | 02,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2009/10/02 06:37:42 | 00,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2009/10/02 06:37:30 | 00,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2009/10/02 06:37:30 | 00,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2009/10/02 06:37:11 | 00,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2009/10/02 06:37:11 | 00,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2009/09/29 19:58:42 | 02,364,142 | ---- | C] () -- C:\Users\Chae Eun\Desktop\img017.jpg
[2009/09/29 19:58:35 | 02,292,107 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMG_4112.JPG
[2009/08/29 15:57:59 | 00,000,137 | ---- | C] () -- C:\Windows\viet1000.ini
[2009/05/02 14:07:46 | 00,000,022 | ---- | C] () -- C:\Windows\SysWow64\win28c88_va.dll
[2009/05/02 14:06:51 | 00,974,848 | ---- | C] () -- C:\Windows\SysWow64\LtDlgRes14n.dll
[2009/04/13 11:11:44 | 00,000,680 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\d3d9caps.dat
[2009/04/13 10:32:42 | 00,000,280 | ---- | C] () -- C:\Windows\SysWow64\epoPGPsdk.dll.sig
[2009/04/11 15:27:39 | 00,000,000 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\FnF4.txt
[2009/04/11 12:52:42 | 00,667,648 | ---- | C] () -- C:\Windows\SysWow64\MRUpdate.dll
[2009/04/04 09:44:45 | 00,226,768 | ---- | C] () -- C:\Windows\SysWow64\MuzLyrcs.dll
[2009/04/04 09:44:45 | 00,034,256 | ---- | C] () -- C:\Windows\SysWow64\MzWhatImListen2.dll
[2009/03/03 14:14:31 | 00,000,237 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/03/03 08:21:58 | 00,492,256 | ---- | C] () -- C:\Windows\SysWow64\MelonWebPlayer.dll
[2009/02/28 14:42:01 | 00,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.DLL
[2009/02/28 14:12:13 | 00,213,072 | ---- | C] () -- C:\Windows\SysWow64\DNLEng.dll
[2009/02/28 14:12:12 | 02,433,024 | ---- | C] () -- C:\Windows\npdbplug.dll
[2009/02/08 10:09:31 | 00,003,998 | ---- | C] () -- C:\Users\Chae Eun\AppData\Roaming\wklnhst.dat
[2009/02/08 02:47:00 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/06 11:57:02 | 00,027,648 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/05 18:00:32 | 02,097,259 | -H-- | C] () -- C:\Users\Chae Eun\AppData\Local\IconCache.db
[2009/02/04 19:22:53 | 00,000,000 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\QSwitch.txt
[2009/02/04 19:22:53 | 00,000,000 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\DSwitch.txt
[2009/02/04 19:22:53 | 00,000,000 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\AtStart.txt
[2009/02/04 19:18:41 | 00,094,632 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/01/15 20:32:49 | 00,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/01/15 20:32:38 | 00,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/01/15 20:32:01 | 00,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/01/15 20:30:19 | 00,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/01/15 20:27:39 | 00,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2008/10/22 23:03:19 | 00,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/22 22:52:09 | 00,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/22 22:48:54 | 00,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/22 22:46:28 | 00,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 16:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 16:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 05:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 05:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 02:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 02:34:27 | 00,000,180 | ---- | C] () -- C:\Windows\win.ini
[2006/09/29 15:22:28 | 00,393,216 | ---- | C] () -- C:\Windows\SysWow64\INICRYPTOSDK.dll
[2005/05/18 21:38:01 | 00,000,208 | ---- | C] () -- C:\Windows\SysWow64\NDMMUpdate.ini
[2005/04/18 19:57:57 | 00,262,253 | ---- | C] () -- C:\Windows\SysWow64\NDM_LP3000.dll
[2005/04/18 19:57:57 | 00,233,472 | ---- | C] () -- C:\Windows\SysWow64\MSNetSync.dll
[2005/04/18 19:57:57 | 00,131,072 | ---- | C] () -- C:\Windows\SysWow64\NDM_MPIO.dll
[2005/04/18 19:57:57 | 00,126,976 | ---- | C] () -- C:\Windows\SysWow64\STLicCheck.dll
[2005/04/18 19:57:57 | 00,126,976 | ---- | C] () -- C:\Windows\SysWow64\NetSync14xs.dll
[2005/04/18 19:57:57 | 00,122,880 | ---- | C] () -- C:\Windows\SysWow64\TS-200USB.dll
[2005/04/18 19:57:57 | 00,077,900 | ---- | C] () -- C:\Windows\SysWow64\NDM_DEVICE.dll
[2005/04/18 19:57:57 | 00,077,882 | ---- | C] () -- C:\Windows\SysWow64\NDM_TS-200.dll
[2005/04/18 19:57:57 | 00,073,839 | ---- | C] () -- C:\Windows\SysWow64\NDM_TC100.dll
[2005/04/18 19:57:57 | 00,073,728 | ---- | C] () -- C:\Windows\SysWow64\TCC730USB.dll
[2005/04/18 19:57:57 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\USBDevice.dll
[2005/04/18 19:57:57 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\TuneCaption.dll
[2005/04/18 19:57:57 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\NDM_NMP300RA.dll
[2005/04/18 19:57:57 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\WrapperCtl.dll
[2005/04/18 19:57:57 | 00,040,960 | ---- | C] () -- C:\Windows\SysWow64\NED_v20.dll
[2005/04/18 19:57:57 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\NetSync_Dit.dll
[2005/04/18 19:57:57 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\NEDP_v13.dll
[2005/04/18 19:57:57 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\NEDH_v13.dll
[2005/04/18 19:57:57 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\NEDdll.dll
[2005/04/18 19:57:57 | 00,032,768 | ---- | C] () -- C:\Windows\SysWow64\YariMediaDRM.dll
[2005/04/18 19:57:57 | 00,032,768 | ---- | C] () -- C:\Windows\SysWow64\UsbDLL.dll
[2005/04/18 19:57:56 | 00,684,032 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2005/04/18 19:57:56 | 00,192,616 | ---- | C] () -- C:\Windows\SysWow64\FlashCtl.dll
[2005/04/18 19:57:56 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\MASWizPC.dll
[2005/04/18 19:57:56 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\DitDrm.dll
[2005/04/18 19:57:56 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\CTDRM.dll
[2005/04/18 19:57:56 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\FileTransfer.dll
[2005/02/16 03:55:25 | 00,077,824 | ---- | C] () -- C:\Windows\SysWow64\akrip.dll
[2005/01/27 00:20:10 | 00,099,840 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:182E7BAA
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\yoomin.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\Untitled (5).wma.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\merryxmas.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\lookanh.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\jasmine.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\heyasan.wav:TOC.WMV
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E80802C7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:50D4F48C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:74D9C82E

========== Files - Unicode (All) ==========
[2009/05/25 08:51:27 | 00,001,863 | ---- | M] ()(C:\Users\Public\Desktop\Audition ? Season 2.lnk) -- C:\Users\Public\Desktop\Audition ľ Season 2.lnk
[2009/05/25 08:51:27 | 00,001,863 | ---- | C] ()(C:\Users\Public\Desktop\Audition ? Season 2.lnk) -- C:\Users\Public\Desktop\Audition ľ Season 2.lnk
< End of report >



OTL Extras logfile created on: 10/29/2009 6:51:21 AM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\Chae Eun\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 31.79% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.97 Gb Total Space | 82.66 Gb Free Space | 37.58% Space Free | Partition Type: NTFS
Drive D: | 12.91 Gb Total Space | 2.02 Gb Free Space | 15.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.92 Gb Total Space | 1.91 Gb Free Space | 99.69% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHAEEUN-PC
Current User Name: Chae Eun
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* ()
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* ()
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* ()
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files (x86)\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files (x86)\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0054869A-0474-474E-9CC7-1AC338775621}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{046EC895-3267-4175-9652-67D6B8476329}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0BBD7B4A-3292-4167-9579-25A04FA60B33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0D8A4922-C01C-4F60-97E7-5C0A7DE54D1E}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{0F6677C6-C9C2-4861-8944-687A36EB8DCF}" = lport=5435 | protocol=17 | dir=in | name=monkey3 |
"{166647F2-1ACB-4FAB-85D6-54F60B395AE3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1D8DFDF6-EA52-4AD0-99DA-8A2DC96E3FDE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{25C7B4F7-382A-4441-A54D-34B0620B8066}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{34D54EF4-7EBA-4576-A63B-D8DE42F8BD96}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3BC16AB6-DF7A-40D2-A87B-2ADF4CC91737}" = lport=5435 | protocol=6 | dir=in | name=monkey3 |
"{4A16A4B5-1196-42CE-A272-99C26475A4ED}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{4D2AB1EC-96A1-45A9-AFB1-F65BDA43E6A0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{519436E6-852F-4D30-A7DF-A4BF982A78D2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{543D37F8-2396-4300-9089-237D2EFA41D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{544056EC-CF32-4B7C-B37D-D5258947C6DE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{59F3E2C5-7E24-4D16-B959-A226BD1C5CC7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6951AE03-4056-4708-8B50-E1CAF6305359}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6E698311-FCE6-4530-9136-5CE0AC71C187}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{716C10BD-8F66-41C7-94C9-001EB9987EC0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{725E3F27-3D23-44CD-83AE-D94D5C3610D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7335832B-8027-418F-B43A-F8892ABF4440}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7344003A-840D-4B06-986C-5DD473C33452}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{7D7EAED6-EF03-4647-941B-C477536C3CFC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{86796087-7B47-4003-8AA6-EA9CCE7436E3}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{914225AC-CAD0-45A7-9E13-77AF86189EA8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9524141C-EDAD-4356-942A-78A800962F1E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9544D27F-C074-4576-AC50-21BC640F9F3D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A01CE0FC-9A3F-4767-9C53-40522D40612F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A1593F68-EF73-4979-9F70-D65529729A53}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A2FA4DC7-7E3D-44BD-912B-8ACF5E717413}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{AB205E7B-6E30-4556-B79B-D33C98075213}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0DAFB6E-4E9D-4848-91F2-9521149293EE}" = lport=53444 | protocol=6 | dir=in | name=monkey3saver |
"{B28A1F4C-FBE2-4502-A99A-042914A5A247}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B72E5F12-7D5E-462A-A655-DA8E237965C8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BC3939A8-FFA5-47C8-B46A-1FB5DF978366}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8F9520D-E3BF-4207-B006-A803F95F90A6}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CBA2572B-707B-4580-BCC3-BF502F3D2BB7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CF0AA39F-A497-4BB1-943A-16D44CD5D4DC}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DF9E266B-6DDD-4F98-9148-BFC5EEF25920}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EEA89F0B-3124-4B0C-946A-363C98519F0A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F6ED6051-12ED-42B4-908D-1871D41CBE46}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0408DEC0-8B69-4C58-8880-CD36F4F7C52C}" = dir=in | app=c:\progra~2\b87d~1\soribada\soribada.exe |
"{06139018-B350-46D8-8132-237AB89FB577}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0E10CDCD-9A93-4B7D-B4B3-F29922BC1421}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10254B1F-6853-4D99-8FD3-CF999E1C8BED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{13979A1D-C977-43B2-BC61-09BB2B137209}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{193C77CF-86A4-4569-B760-E409358F86C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A82CAFE-9B8D-46DC-900D-971CA7F4A4DB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{266882BE-A413-4B64-BA94-FB8D7BAD0B80}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{2D95ECD3-5647-4EE1-9B8D-CFF01A8AD5B5}" = protocol=17 | dir=in | app=c:\windows\syswow64\muz.exe |
"{2DE6D6BF-C896-4AA4-B6F6-53DD6B90D69C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{2E3565CB-107C-4BE1-A427-C7042BBC296A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3411720A-F3AE-4798-B20E-0863331B742E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3E8E156B-D56F-44C8-A70C-EE784BF5997F}" = protocol=6 | dir=in | app=c:\program files (x86)\vinagame\boomonline\nmcosrv.exe |
"{48E3A10D-4F93-49F4-B33D-5C74E79B8362}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{4AFFAC3E-AD59-444B-9661-AFDEAD283369}" = protocol=17 | dir=in | app=c:\program files (x86)\vinagame\boomonline\ca.exe |
"{4DB29736-9649-4520-AC06-6AFADCBF8A4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53EBBD17-A587-4A70-8D01-347E0FED1BC1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{580C9849-F185-4B00-9990-69AF857B2859}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5831CED1-9621-40CB-8E3C-1F3F6FCCD871}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{58DDFCDE-48C4-43F9-87A5-C10C05A574D5}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{5DBCC832-E54B-402D-9341-6C0FD9029B5B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6003D2CC-C45F-49D1-A404-C0B92B616AD0}" = protocol=6 | dir=in | app=c:\program files (x86)\vinagame\boomonline\nmcosrv.exe |
"{6409B924-93EA-4618-97B1-FBB9B871015B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{6444DA3F-9E0C-4EF2-AD62-DE2F2A00EEBA}" = dir=in | app=c:\progra~2\b87d~1\soribada\soribada.exe |
"{66C13E40-8092-42DD-9B55-4524C5B767ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F8E5B96-9E9E-42BA-9F82-F0645884FD93}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{79B41B7E-CBAC-440D-9FE0-5BCD6B3505A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7B6AE095-8671-4AFA-8CD4-7790FE780E97}" = protocol=17 | dir=in | app=c:\program files (x86)\monkey3\monkey3.exe |
"{7F21D2F0-20AF-4D20-B510-34D698BE1B97}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{82AB00BF-1BCA-4AF8-A365-ECF3B9099344}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{82B630CB-9AFA-493D-95BB-AA57CAFC238C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{83FFC2FB-8730-4695-97A4-058DCC577032}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{84832CE4-3531-45BD-9ECE-CBAAEFF93DE1}" = protocol=6 | dir=in | app=c:\program files (x86)\vinagame\boomonline\ca.exe |
"{87BDA4DB-5A75-4343-999A-49075A44F3F3}" = protocol=6 | dir=out | app=system |
"{87ED0EAC-F77B-4434-B75C-2C26C9EEA01F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8DB69745-F2D5-4BAD-959D-9ED725FB1BF8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8F0B46D3-3E1B-42B0-97B7-FB1B838512FD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{90D1FE22-4644-4662-8982-12364381A138}" = protocol=6 | dir=in | app=c:\windows\syswow64\muz.exe |
"{93DB6E34-0845-4D5E-99E9-ABA2DF3AF00A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{946C0122-4EEF-4513-B6FB-46DB7A4263E6}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{969A5755-5E27-4924-95DB-683E18D4A42D}" = protocol=17 | dir=in | app=c:\program files (x86)\vinagame\boomonline\nmcosrv.exe |
"{974A6903-1833-4382-BB6C-D0B9FE4895C7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{A545D321-64A8-4787-AC02-41ACCFDE24DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A701E28B-B7CD-499E-A4B6-B92120D8D100}" = protocol=17 | dir=in | app=c:\program files (x86)\vinagame\boomonline\ca.exe |
"{A9690BD5-A46A-4CF5-828B-35C7A2C7778C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AA0323CF-D1EC-433B-B366-448C332E10F4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{AA70A996-109A-4D5E-8735-EF4905FDE3BA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{ABBC9F2E-7060-43E2-9260-60821BAB6F45}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{BA21C8AF-E642-4B83-BBBE-84FB36E114E7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BFE28527-71AC-4568-B499-A2D622B86968}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2BCD352-E2F6-40C9-8F25-952F4C7A40B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2C33CA2-742D-4EEB-A51D-DE88FC1D19D9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{C57C37AB-D2CF-46B9-B72E-7A140428A3E2}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{C898E0EC-9011-4C1C-AE6A-4ED866AE142B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CDF67790-5F41-4B12-B825-AF7C273561E4}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{CEC20FBC-B3D1-4C59-BA93-40B89B961568}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{CFC1F9A7-1D16-4C96-9AF6-0DF06F331A8F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D029592D-A8FF-4BC8-82BD-ED5D3DE069C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D151474C-18DB-425C-A477-486ED61690D3}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{DDE79AD7-F0E0-4587-A836-F4A0FCCA24BF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E29F2584-B3BF-42DB-996A-C7A64186C724}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E613D018-57D9-4D36-8795-79145B0C1DE0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{ECD9BCD7-D805-4928-A0A9-A9DFC7644DCA}" = protocol=6 | dir=in | app=c:\program files (x86)\monkey3\monkey3.exe |
"{EFC7BDEB-22AE-4A7F-9735-B398FA6F8138}" = protocol=6 | dir=in | app=c:\program files (x86)\vinagame\boomonline\ca.exe |
"{F0311295-82CC-447C-B86F-0106E6B49B9C}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{F53F875A-F4AA-4F9C-BE14-92881C8EF95B}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{F5D69AA7-8B63-4E14-935C-C3AF3681819F}" = protocol=17 | dir=in | app=c:\program files (x86)\vinagame\boomonline\nmcosrv.exe |
"{F6A7EB17-8D63-4F12-A25D-564A0CFF2A1A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB0E8BA3-D2D1-4E66-BF87-3C9D5BC0DF86}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{FBE59CC3-211E-4BA2-9998-76C0733EFA9B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{FCEAA9A8-5B23-4240-96BE-1664383A0D3A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{04DDDCD9-0336-43E2-AA3C-E5EC6634B425}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{4728CE7F-99AE-47AC-B5E0-3DB96331632E}C:\program files\exnw\exgunz\gunz.exe" = protocol=6 | dir=in | app=c:\program files\exnw\exgunz\gunz.exe |
"TCP Query User{56F45359-CE51-4176-91E1-DBE03826FA1D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5F3A4F88-1720-457E-9807-D1E6315BDDA0}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"TCP Query User{B050591D-2546-4988-8B5A-E343F0C1EB05}C:\program files (x86)\jahshaka\jahshaka.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jahshaka\jahshaka.exe |
"TCP Query User{B840E1DC-A348-49F0-9F4A-A9BAC77BF9F8}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{CDBF9C19-1DD9-4694-AC63-6B7768C88FF5}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{D1820990-9668-496A-8F66-B3B1388E37F7}C:\users\chae eun\music\tieng viet\utorrent.exe" = protocol=6 | dir=in | app=c:\users\chae eun\music\tieng viet\utorrent.exe |
"TCP Query User{DBD8BB30-B5CC-498F-B91A-C06C1FC864C3}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{0F12AC43-628B-4B76-9D0A-217BC3E93FD9}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{26C21FE0-9CF4-4723-A8E7-CC2469EB950A}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{627313C4-8E06-48F4-87E7-7575D7A34902}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{6A8C6D8C-6FB5-4340-9B15-6C43A0DFBED1}C:\program files\exnw\exgunz\gunz.exe" = protocol=17 | dir=in | app=c:\program files\exnw\exgunz\gunz.exe |
"UDP Query User{97440609-852E-4B17-95F5-8AB21E57DCB3}C:\users\chae eun\music\tieng viet\utorrent.exe" = protocol=17 | dir=in | app=c:\users\chae eun\music\tieng viet\utorrent.exe |
"UDP Query User{A46183BF-9700-4EFD-B8A6-D10FC06F82E7}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"UDP Query User{BF96BEB7-D748-44C9-A2CD-825510552432}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{F5FEFBED-D31F-497C-A12B-8C158B6DCE4A}C:\program files (x86)\jahshaka\jahshaka.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jahshaka\jahshaka.exe |
"UDP Query User{F8339EB1-CC38-4862-9CFB-F1411E5E943B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{19E74155-1CA2-4807-9BF5-1AAB4F876E1A}" = Motorola Driver Installation
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{443027F6-2A85-4ACE-B4E8-5F44C02EA301}" = AT&T Communication Manager
"{4C00EC96-D644-41AD-91D3-A9CE4382C80E}" = Driver Installer
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B87BB2A8-5921-9B18-BBB5-D9A42F9CD3E1}" = ccc-utility64
"{C6CFAF5A-12F9-485E-EAD7-7FA1D3E5B943}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002471C5-6F62-D6CD-D6E5-A0F20F079B8B}" = Catalyst Control Center Localization Polish
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{03819281-0870-65EE-24B0-A7DEDE9F796A}" = Catalyst Control Center Localization Chinese Traditional
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{04F66470-CEA7-BF9A-1885-8E1A3474825A}" = CCC Help Danish
"{08062F2F-926A-D7EC-57E9-AB97AA0D7FDA}" = CCC Help Finnish
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0CAB8CDF-232E-F28F-A017-B388F41FACCB}" = CCC Help Portuguese
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{150FE68F-EE0C-4867-150A-D74FECBB8448}" = Catalyst Control Center Graphics Light
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2680244D-0FBA-4856-EBE3-9D67E61EB46F}" = Catalyst Control Center Localization Spanish
"{2BDFE775-48C0-3E1C-895C-DACC33CC52F0}" = Catalyst Control Center Localization Greek
"{2DAD2930-DFC1-AD0F-E63D-B3E95451CD68}" = CCC Help Greek
"{2F59397E-50B1-3CA6-2F8C-03773D40BE3B}" = Catalyst Control Center Graphics Full New
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{35CC44E6-5916-89DC-16B6-7ADE609211CE}" = Catalyst Control Center Localization Finnish
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A9C19FE-D61C-50DA-6FAF-7FB941B538A0}" = Catalyst Control Center Localization French
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BAB23A6-5272-F52D-1AF0-29419F1362B4}" = Catalyst Control Center Localization Italian
"{3D281B1C-BF39-4893-B32A-EAB3B84BDE34}" = Audition
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{445F6483-40DC-61B5-849D-35274D96DBA3}" = Catalyst Control Center Localization Czech
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4A239818-F5F7-7AE8-9FD3-08F435ED88D0}" = Skins
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{4C17CE6E-4838-819F-01BE-7EEE6181914A}" = Catalyst Control Center Localization Norwegian
"{4C4EA31F-AE29-2517-5E92-3EFB1FD7B896}" = CCC Help Hungarian
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler LightScribe Trial 5
"{527CF1CA-D98B-504D-833B-69DA9A8A5AD6}" = CCC Help Czech
"{535A4F3D-06C3-446C-A2AA-DBB71EC192B8}" = LightScribe Applications
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{5B99A0A7-0B21-2CD6-474D-8D67177BD4D6}" = Catalyst Control Center Localization Dutch
"{5CFE0191-1ECE-7BD5-8AEF-069ED59A01BB}" = Catalyst Control Center Localization Korean
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6244BAF3-F26D-A695-1EF6-D9A3C0A6DAA1}" = Catalyst Control Center Graphics Previews Common
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{6570A194-A52D-9F23-EA48-90D7C6F20BE9}" = Catalyst Control Center Localization Swedish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{666F0B45-78DA-FAA3-AB14-43CAEEA3D475}" = Catalyst Control Center Localization Russian
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66B6555E-07BF-3FCB-191F-BCD75650F1F2}" = CCC Help Italian
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{67F6A6BA-E225-4BF5-8E7C-BB4AE25EDCBC}" = Catalyst Control Center InstallProxy
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69E1907C-E9EA-7A5A-79ED-47FF2B5BFDFB}" = Catalyst Control Center Localization Danish
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D0438A-55FB-DD38-0745-5D370179CAC7}" = CCC Help French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{793C0C7E-7977-C9B5-B427-FDF95F2D1636}" = Catalyst Control Center Localization Hungarian
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{7CA1269D-86E6-91A8-DD66-9CF6838821BF}" = Catalyst Control Center Localization Portuguese
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{812C53D9-39EC-0511-04E4-5430A4747FB5}" = CCC Help German
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A1940302-F0F9-132F-C521-A5D0E24FAC1D}" = CCC Help Thai
"{A21E6CD8-70E4-45CF-A1A8-FC1584D8523E}" = Daum ActiveX 컨트롤 - 한메일Express 파일업로더
"{A2315CF8-E14F-FA46-B1F1-20E0E5483ADB}" = Catalyst Control Center Localization Thai
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8411EDB-6A00-8D1A-584B-7A932F44A0C9}" = CCC Help Japanese
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5CD4CF-3802-623E-AD97-D188785EF411}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3E42790-C60F-4B23-A1CD-1416BC1EC2C9}" = myQuickFind
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{B9275904-9237-94A3-2144-E3D6A62B57E9}" = CCC Help Turkish
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C48EB957-0CCB-D590-AB3F-B3F8A14ECC2F}" = Catalyst Control Center Graphics Full Existing
"{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA}" = HP User Guides 0125
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBA7FD59-19A7-5724-5646-CF307326CC18}" = Catalyst Control Center Core Implementation
"{CC7A4274-E6F2-2351-DA6A-07AB73896609}" = CCC Help Norwegian
"{CD7D2C01-F3C8-4127-325D-49853FCCDB62}" = Catalyst Control Center Localization German
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D1C70CF7-F2F3-4A15-ADE5-5DF1BA0739E1}" = LightScribe Template Designs - Bonus Pack 1
"{D1E7EA15-5F96-728C-AF32-E1CFF8F9CE44}" = CCC Help Swedish
"{D47419B2-62BD-6B53-A96F-7E2F6F3D50C0}" = Catalyst Control Center Localization Turkish
"{D62C79B5-44E0-DEC0-AF01-6A1404E093E9}" = CCC Help Spanish
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E12F2B78-CF64-2438-391F-3D3411A6E193}" = CCC Help English
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5C3A144-0F9B-8F3E-F1A3-2BB7B26014A6}" = ccc-core-static
"{E8B11A27-5CA6-748E-0F68-159CCF789DF3}" = CCC Help Dutch
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{ED5862BF-C91D-0358-B62D-C0FAF7F9C66E}" = Catalyst Control Center InstallProxy
"{ED65A382-3F80-D5A8-CCE0-DAB59D85CA91}" = CCC Help Russian
"{ED760EA1-F623-44AC-A615-880714FAEDDC}" = First Thousand Vietnamese Words for Students
"{EDBB71B2-3C17-4EA5-ED91-E2EA5C2305CF}" = CCC Help Korean
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F250EA7A-F117-2CCE-03E7-BB62C2BF476C}" = Catalyst Control Center Graphics Previews Vista
"{F38CC586-4703-CE3C-F466-D7821E87926A}" = Catalyst Control Center Localization Chinese Standard
"{F62F62BD-E5C5-56E3-6CF6-00407B743E32}" = CCC Help Chinese Traditional
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F82E9B29-EE4B-418F-9CA4-A70DA610553D}" = LightScribe Template Designs - Street Style Pack 1
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FAF7448B-7AB8-8C58-745E-1551CB481C3D}" = CCC Help Chinese Standard
"{FCBE0690-CBE1-4C60-87B0-4A70A6F5434E}" = LightScribe Template Labeler
"{FDE3DBB7-AA79-AA91-ABE9-3696883FAB20}" = Catalyst Control Center Localization Japanese
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player 10 ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced GIF Animator_is1" = Advanced GIF Animator 3.0
"AIM_6" = AIM 6
"Alarm_is1" = Alarm 2.0.4
"Audacity_is1" = Audacity 1.2.6
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"BabyMaker Toolbar" = BabyMaker Toolbar
"BFGC" = Big Fish Games Client
"Boom Online 1.39_is1" = Boom Online - 1.39
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"GameHouse" = GameHouse
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IconCool GIF Animator v5.8x" = IconCool GIF Animator v5.8x
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{B3E42790-C60F-4B23-A1CD-1416BC1EC2C9}" = myQuickFind
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"kSolo" = kSolo Recorder
"LimeWire" = LimeWire 5.0.11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"oovootb" = ooVoo Toolbar (Remove Toolbar Only)
"PC Alarm Clock" = PC Alarm Clock
"Picasa 3" = Picasa 3
"Ragnarok Sakray" = Ragnarok Sakray
"Revo Uninstaller" = Revo Uninstaller 1.83
"SMALL CLIENT8.0" = SMALL CLIENT
"SORIBADA" = ╝ĎŞ«╣┘┤┘
"StreetPlugin" = Learn2.com Player (Uninstall Only)
"The Rosetta Stone" = The Rosetta Stone
"VDict toolbar_is1" = VDict toolbar 1.0.1
"Veoh Web Player Beta" = Veoh Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WT076344" = Babylonia
"WT076455" = Burger Shop 2
"WT076505" = The Wonderful End of the World
"WT076594" = Faerie Solitaire
"WT076609" = My Kingdom for the Princess
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = ÁTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/12/2009 5:32:15 PM | Computer Name = ChaeEun-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 2/12/2009 5:32:15 PM | Computer Name = ChaeEun-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 2/12/2009 5:32:15 PM | Computer Name = ChaeEun-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 2/12/2009 5:32:15 PM | Computer Name = ChaeEun-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 2/12/2009 5:32:15 PM | Computer Name = ChaeEun-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 2/12/2009 5:32:15 PM | Computer Name = ChaeEun-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 2/12/2009 5:32:15 PM | Computer Name = ChaeEun-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 2/12/2009 5:32:15 PM | Computer Name = ChaeEun-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 2/12/2009 5:32:15 PM | Computer Name = ChaeEun-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 2/12/2009 5:32:15 PM | Computer Name = ChaeEun-PC | Source = Sound Recorder | ID = 65535
Description =

[ Media Center Events ]
Error - 2/27/2009 4:10:27 PM | Computer Name = ChaeEun-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 8/19/2009 11:07:45 PM | Computer Name = ChaeEun-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FB103C&REV_00\4&2a995034&0&0428)
disappeared from the system without first being prepared for removal.

Error - 8/20/2009 11:27:24 AM | Computer Name = ChaeEun-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 8/20/2009 12:17:44 PM | Computer Name = ChaeEun-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FB103C&REV_00\4&2a995034&0&0028)
disappeared from the system without first being prepared for removal.

Error - 8/20/2009 12:17:44 PM | Computer Name = ChaeEun-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FB103C&REV_00\4&2a995034&0&0228)
disappeared from the system without first being prepared for removal.

Error - 8/20/2009 12:17:44 PM | Computer Name = ChaeEun-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FB103C&REV_00\4&2a995034&0&0328)
disappeared from the system without first being prepared for removal.

Error - 8/20/2009 12:17:44 PM | Computer Name = ChaeEun-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FB103C&REV_00\4&2a995034&0&0428)
disappeared from the system without first being prepared for removal.

Error - 8/20/2009 12:28:46 PM | Computer Name = ChaeEun-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 8/20/2009 12:43:31 PM | Computer Name = ChaeEun-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 8/20/2009 5:21:39 PM | Computer Name = ChaeEun-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 8/20/2009 11:59:07 PM | Computer Name = ChaeEun-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >

Edited by meepmeep1101, 29 October 2009 - 11:04 AM.


#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 20,644 posts
  • MVP

Posted 29 October 2009 - 12:16 PM

Hi,

Please do the following:

Note: Please plug your removable media (thumb drive) into your F: drive during this fix.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"


    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - Reg Error: Key error. File not found
    IE - HKLM\..\URLSearchHook: {ee1cf5ae-0ceb-491d-9485-7f5c01cdd895} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - No CLSID value found.
    O3 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\..\Toolbar\WebBrowser: (no name) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - No CLSID value found.
    O3 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\..\Toolbar\WebBrowser: (no name) - {EE1CF5AE-0CEB-491D-9485-7F5C01CDD895} - No CLSID value found.
    O33 - MountPoints2\{6b259e79-0998-11de-9c6e-00235a207d20}\Shell\AutoRun\command - "" = F:\squdq.com -- File not found
    O33 - MountPoints2\{6b259e79-0998-11de-9c6e-00235a207d20}\Shell\open\Command - "" = F:\squdq.com -- File not found
    O33 - MountPoints2\{c02ea824-91cc-11de-98dc-00235a207d20}\Shell - "" = AutoRun
    O33 - MountPoints2\{c02ea824-91cc-11de-98dc-00235a207d20}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{e2dfff9b-435b-11de-9cee-00235a207d20}\Shell - "" = AutoRun
    O33 - MountPoints2\{e2dfff9b-435b-11de-9cee-00235a207d20}\Shell\AutoRun\command - "" = G:\WIN\setup.exe -- File not found
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.


NEXT

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so.

NEXT

Note: As a Vista user > right click your browser and run as an Administrator

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner:
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


#5 meepmeep1101

meepmeep1101

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 29 October 2009 - 06:35 PM

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ecdee021-0d17-467f-a1ff-c7a115230949} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ee1cf5ae-0ceb-491d-9485-7f5c01cdd895} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1cf5ae-0ceb-491d-9485-7f5c01cdd895}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ecdee021-0d17-467f-a1ff-c7a115230949} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found.
Registry value HKEY_USERS\S-1-5-21-1699190045-97685707-2489270049-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1699190045-97685707-2489270049-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{ECDEE021-0D17-467F-A1FF-C7A115230949} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECDEE021-0D17-467F-A1FF-C7A115230949}\ not found.
Registry value HKEY_USERS\S-1-5-21-1699190045-97685707-2489270049-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE1CF5AE-0CEB-491D-9485-7F5C01CDD895} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE1CF5AE-0CEB-491D-9485-7F5C01CDD895}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b259e79-0998-11de-9c6e-00235a207d20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b259e79-0998-11de-9c6e-00235a207d20}\ not found.
File F:\squdq.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b259e79-0998-11de-9c6e-00235a207d20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b259e79-0998-11de-9c6e-00235a207d20}\ not found.
File F:\squdq.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c02ea824-91cc-11de-98dc-00235a207d20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c02ea824-91cc-11de-98dc-00235a207d20}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c02ea824-91cc-11de-98dc-00235a207d20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c02ea824-91cc-11de-98dc-00235a207d20}\ not found.
File move failed. H:\LaunchU3.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2dfff9b-435b-11de-9cee-00235a207d20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2dfff9b-435b-11de-9cee-00235a207d20}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2dfff9b-435b-11de-9cee-00235a207d20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2dfff9b-435b-11de-9cee-00235a207d20}\ not found.
File G:\WIN\setup.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Chae Eun
File delete failed. C:\Users\Chae Eun\AppData\Local\Temp\NAILogs\UpdaterUI_CHAEEUN-PC.log scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
->Temp folder emptied: 128550 bytes
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\aimradio_streamops_aol_com[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\AIM_UAC_v2[2].adp scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\client_ad[2].php scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\client_ad[4].php scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\Computer_calling_me_loser_t107983[1].html scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\m_www_yahoo_com[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\tcode3[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EY0D4KZ0\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZS0JV4M\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZS0JV4M\pass[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZS0JV4M\size=120x90;noperf=1;alias=93245558;kvmn=93245558;target=_blank;aduho=600;g
rp=853826516;misc=853826516[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZS0JV4M\tcodewads_at[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YDNBZAG\01[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YDNBZAG\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YDNBZAG\tcodeqt[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 122650540 bytes
->Java cache emptied: 8302254 bytes
->FireFox cache emptied: 52410375 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Documents and Settings

User: Guest
->Temp folder emptied: 339150 bytes
->Temporary Internet Files folder emptied: 440628758 bytes
->FireFox cache emptied: 77324400 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\TMP0000002145A9E6155137E67F scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\WFV27DA.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 236104150 bytes
RecycleBin emptied: 1013160723 bytes

Total Files Cleaned = 1860.70 mb


OTL by OldTimer - Version 3.0.22.1 log created on 10292009_140842

Files\Folders moved on Reboot...
File\Folder H:\LaunchU3.exe not found!
C:\Users\Chae Eun\AppData\Local\Temp\NAILogs\UpdaterUI_CHAEEUN-PC.log moved successfully.
C:\Users\Chae Eun\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\aimradio_streamops_aol_com[1].htm moved successfully.
C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\AIM_UAC_v2[2].adp moved successfully.
C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\client_ad[2].php moved successfully.
C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\client_ad[4].php moved successfully.
C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\Computer_calling_me_loser_t107983[1].html moved successfully.
C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\iframe[1].htm moved successfully.
C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\m_www_yahoo_com[1].htm moved successfully.
C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\tcode3[1].htm moved successfully.
C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EY0D4KZ0\iframe[1].htm moved successfully.
C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZS0JV4M\iframe[1].htm moved successfully.
C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZS0JV4M\pass[1].htm moved successfully.
C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZS0JV4M\size=120x90;noperf=1;alias=93245558;kvmn=93245558;target=_blank;aduho=600;g
rp=853826516;misc=853826516[1].htm moved successfully.
C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZS0JV4M\tcodewads_at[1].htm moved successfully.
C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YDNBZAG\01[2].htm moved successfully.
C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YDNBZAG\iframe[1].htm moved successfully.
C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YDNBZAG\tcodeqt[1].htm moved successfully.
C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\Windows\temp\TMP0000002145A9E6155137E67F not found!
File\Folder C:\Windows\temp\WFV27DA.tmp not found!

Registry entries deleted on Reboot...



_________________________________________

Malwarebytes' Anti-Malware 1.41
Database version: 3057
Windows 6.0.6001 Service Pack 1

10/29/2009 2:56:38 PM
mbam-log-2009-10-29 (14-56-38).txt

Scan type: Quick Scan
Objects scanned: 101734
Time elapsed: 20 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
_______________________________________




The Online scanner thing just sits there....The accept button never pops ups..or is clickable

Edited by meepmeep1101, 29 October 2009 - 07:43 PM.


#6 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 20,644 posts
  • MVP

Posted 29 October 2009 - 09:59 PM

Hi,

Try this one instead:

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC Now button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report


#7 meepmeep1101

meepmeep1101

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 30 October 2009 - 10:37 AM

Oh..I did disable my virus thing for it to scan..><;; ;******************************************************************************* ********************************************************************************* ******************* ANALYSIS: 2009-10-30 06:32:54 PROTECTIONS: 1 MALWARE: 51 SUSPECTS: 5 ;******************************************************************************* ********************************************************************************* ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== McAfee VirusScan Enterprise 8.5.0.781 No Yes ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@trafficmp[5].txt 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@trafficmp[1].txt 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@trafficmp[3].txt 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@trafficmp[4].txt 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@trafficmp[1].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@casalemedia[1].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@casalemedia[4].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@casalemedia[3].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@casalemedia[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@doubleclick[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@doubleclick[3].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@atdmt[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@atdmt[4].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@247realmedia[3].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@247realmedia[2].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@247realmedia[5].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@247realmedia[2].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@247realmedia[1].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@247realmedia[6].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@fastclick[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@fastclick[3].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@fastclick[4].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@fastclick[5].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@fastclick[6].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@fastclick[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@fastclick[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@tribalfusion[5].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@tribalfusion[6].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@tribalfusion[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@tribalfusion[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@tribalfusion[3].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@tribalfusion[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@tribalfusion[3].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@mediaplex[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@mediaplex[2].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@mediaplex[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@mediaplex[3].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@mediaplex[8].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@mediaplex[4].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@mediaplex[6].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@mediaplex[7].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@mediaplex[2].txt 00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@linksynergy[1].txt 00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@linksynergy[2].txt 00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@clickbank[1].txt 00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@clickbank[3].txt 00159564 Cookie/WUpd TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@revenue[2].txt 00159564 Cookie/WUpd TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@revenue[3].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@com[3].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@com[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@com[1].txt 00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@yadro[1].txt 00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@yadro[2].txt 00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@stats1.clicktracks[2].txt 00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@landing.domainsponsor[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@xiti[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@xiti[2].txt 00167730 Cookie/Hitbox TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@ehg.hitbox[2].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@azjmp[1].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@azjmp[2].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@statcounter[1].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@statcounter[2].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@statcounter[4].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@statcounter[2].txt 00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@counter.hitslink[2].txt 00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@counter.hitslink[1].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@perf.overture[1].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@perf.overture[2].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@perf.overture[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ad.yieldmanager[3].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ad.yieldmanager[7].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ad.yieldmanager[5].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@ad.yieldmanager[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ad.yieldmanager[6].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ad.yieldmanager[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@apmebf[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@apmebf[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@apmebf[4].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@apmebf[3].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@burstnet[1].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@burstnet[2].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@burstnet[5].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@burstnet[3].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@burstnet[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@serving-sys[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@serving-sys[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@serving-sys[4].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@serving-sys[5].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bs.serving-sys[5].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bs.serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bs.serving-sys[3].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bs.serving-sys[4].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bs.serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bs.serving-sys[6].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bs.serving-sys[7].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@bs.serving-sys[1].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@www.burstbeacon[2].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@www.burstbeacon[2].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@www.burstbeacon[4].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@www.burstbeacon[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@adtech[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@adtech[2].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@adtech[1].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@server.iad.liveperson[5].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@server.iad.liveperson[2].txt 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@stat.onestat[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@advertising[3].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@advertising[4].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@advertising[5].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@advertising[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@advertising[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@advertising[9].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@advertising[6].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@advertising[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@advertising[3].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@advertising[8].txt 00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@media.adrevolver[2].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@statse.webtrendslive[3].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@statse.webtrendslive[2].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@statse.webtrendslive[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\low\guest@ads.pointroll[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@ads.pointroll[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@ads.pointroll[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ads.pointroll[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ads.pointroll[4].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ads.pointroll[2].txt 00170534 Cookie/PurityScan TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ads.valuead[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@overture[3].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@overture[4].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@overture[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@overture[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@overture[1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@overture[5].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@realmedia[7].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@realmedia[4].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@realmedia[3].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@realmedia[2].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@realmedia[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@realmedia[2].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@realmedia[6].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[7].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[6].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[8].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[4].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[3].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[9].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@questionmarket[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@questionmarket[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[5].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@zedo[4].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@zedo[3].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@zedo[2].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@zedo[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@zedo[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@bluestreak[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bluestreak[4].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bluestreak[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bluestreak[2].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bluestreak[3].txt 00173992 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@c5.zedo[1].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@adrevolver[2].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@adrevolver[2].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@adrevolver[3].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@go[2].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@go[3].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@searchportal.information[1].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@searchportal.information[2].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@target[1].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@target[1].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@target[2].txt 00207862 Cookie/did-it TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@did-it[2].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\low\guest@atwola[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@atwola[6].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@atwola[4].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@atwola[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@atwola[2].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@atwola[3].txt 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@smartadserver[1].txt 00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@www6.addfreestats[2].txt 00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@www1.addfreestats[1].txt 00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@citi.bridgetrack[4].txt 00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@citi.bridgetrack[3].txt 00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@citi.bridgetrack[1].txt ;=============================================================================== ================================================================================= =================== SUSPECTS Sent Location ;=============================================================================== ================================================================================= =================== No c:\program files (x86)\hp games\create a mall\create a mall-wt.exe No c:\program files (x86)\hp games\hunting unlimited 2008\hu2008-wt.exe No c:\program files (x86)\vtcgame\audition\modxau_hs\modxau.exe No c:\users\chae eun\music\playlists\modxau_hsnsl.net.zip[modxau_hs/modxau.exe] No c:\windows\syswow64\config\sys.sav ;=============================================================================== ================================================================================= =================== VULNERABILITIES Id Severity Description ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= ===================

#8 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 20,644 posts
  • MVP

Posted 30 October 2009 - 03:19 PM

Hi,

Nothing there but cookies.

Lets clean them up with this program:

Please do the following:


Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.


NEXT

Please post a fresh OTL log and advise how your computer is running now and if there are any outstanding issues.

#9 meepmeep1101

meepmeep1101

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 30 October 2009 - 05:45 PM

i wont be able to tell a difference until a couple of days for the non responsove thing..but like a week or two for the loser thing ><;;..

I also have a question...Do you know how I can make it so that when I start my computer, no programs start? I use to know how, but I forgot.

oh..and how do I change this "FF - prefs.js..browser.startup.homepage: "http://www.mystart.c...m?pr=oovoo2_0"" ???...I never set it that way..:(..Its only when I start a new tab

OTL logfile created on: 10/30/2009 1:31:47 PM - Run 2
OTL by OldTimer - Version 3.0.22.1 Folder = c:\Users\Chae Eun\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 58.52% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.97 Gb Total Space | 84.08 Gb Free Space | 38.22% Space Free | Partition Type: NTFS
Drive D: | 12.91 Gb Total Space | 2.02 Gb Free Space | 15.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHAEEUN-PC
Current User Name: Chae Eun
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/29 06:50:36 | 00,521,728 | ---- | M] (OldTimer Tools) -- c:\Users\Chae Eun\Desktop\OTL.exe
PRC - [2009/10/12 18:03:52 | 17,507,000 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2009/10/05 14:14:22 | 02,075,384 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/08/26 19:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/05/11 16:45:30 | 00,202,024 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/02/20 08:22:34 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/01/27 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2009/01/27 17:37:24 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/01/27 17:30:20 | 02,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/10/06 06:54:52 | 00,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/09/26 00:36:40 | 01,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 16:42:24 | 00,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/25 16:41:44 | 01,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/24 16:08:26 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/09/24 16:08:26 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/08/01 13:14:02 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008/06/29 13:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
PRC - [2008/06/10 01:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/05/01 13:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/04/15 11:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2008/04/11 06:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/04/03 08:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/01/20 16:49:12 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2007/10/25 04:05:40 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007/10/25 04:04:56 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2007/10/25 04:03:28 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/09/26 04:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
PRC - [2007/05/08 13:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/06/03 20:43:18 | 00,239,104 | ---- | M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV [Auto | Running])
SRV:64bit: - [2009/03/02 18:42:58 | 00,089,600 | ---- | M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe -- (AESTFilters [Auto | Running])
SRV:64bit: - [2008/12/10 08:04:58 | 00,935,424 | ---- | M] () -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
SRV:64bit: - [2008/03/18 14:25:40 | 00,023,040 | ---- | M] () -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv [Auto | Running])
SRV:64bit: - [2008/01/20 16:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV:64bit: - [2008/01/20 16:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:64bit: - [2007/12/11 10:11:30 | 00,015,872 | ---- | M] () -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2009/07/16 13:16:44 | 00,250,616 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2009/02/19 17:22:23 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/01/27 20:50:00 | 00,154,432 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield [Auto | Running])
SRV - [2009/01/27 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager [Auto | Running])
SRV - [2009/01/27 17:37:24 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/11/20 09:18:52 | 00,136,120 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/11/03 19:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2008/10/09 07:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/10/06 06:54:52 | 00,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
SRV - [2008/09/24 16:08:26 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc [Auto | Running])
SRV - [2008/09/24 16:08:26 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched [Auto | Running])
SRV - [2008/07/27 08:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 08:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/06/29 13:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2008/06/19 15:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/06/19 15:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/05/01 13:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2008/04/03 08:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
SRV - [2008/03/06 10:10:52 | 00,106,496 | ---- | M] (PCTEL) -- C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc [On_Demand | Stopped])
SRV - [2008/03/06 10:09:50 | 00,118,784 | ---- | M] (PCTEL) -- C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT [On_Demand | Stopped])
SRV - [2008/01/20 16:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 16:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2007/10/25 04:03:28 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2007/05/31 04:11:54 | 00,443,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm [Auto | Running])
SRV - [2007/05/31 04:11:46 | 00,225,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr [Auto | Running])
SRV - [2007/01/02 05:35:24 | 00,074,656 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2006/11/02 05:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2006/11/02 03:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2006/11/01 20:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/01 20:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])
SRV - [2006/10/26 11:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/10/22 00:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/06/30 10:37:16 | 00,033,800 | ---- | M] () -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot [Boot | Running])
DRV:64bit: - [2009/06/24 03:28:32 | 00,871,408 | ---- | M] () -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV:64bit: - [2009/06/03 20:43:18 | 00,486,400 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA [On_Demand | Running])
DRV:64bit: - [2009/05/25 06:51:00 | 00,207,872 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])
DRV:64bit: - [2009/05/23 05:09:38 | 00,029,704 | ---- | M] () -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt [On_Demand | Stopped])
DRV:64bit: - [2009/01/27 20:50:00 | 00,259,656 | ---- | M] () -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
DRV:64bit: - [2009/01/27 20:50:00 | 00,094,280 | ---- | M] () -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV:64bit: - [2009/01/27 20:50:00 | 00,081,096 | ---- | M] () -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
DRV:64bit: - [2009/01/27 20:50:00 | 00,067,272 | ---- | M] () -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik [System | Running])
DRV:64bit: - [2008/12/10 09:31:26 | 04,993,024 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])
DRV:64bit: - [2008/11/21 22:05:22 | 01,253,376 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem [On_Demand | Running])
DRV:64bit: - [2008/10/23 02:16:34 | 01,526,776 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX [On_Demand | Running])
DRV:64bit: - [2008/10/16 23:00:00 | 00,179,768 | ---- | M] () -- C:\Windows\SysNative\drivers\Mkd3kfNt.sys -- (Mkd3kfNt [On_Demand | Stopped])
DRV:64bit: - [2008/10/16 23:00:00 | 00,106,040 | ---- | M] () -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr [On_Demand | Stopped])
DRV:64bit: - [2008/07/20 23:53:04 | 00,145,496 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR [On_Demand | Stopped])
DRV:64bit: - [2008/06/27 01:51:10 | 00,088,632 | ---- | M] () -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs [Auto | Running])
DRV:64bit: - [2008/05/28 12:54:18 | 00,026,168 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter [On_Demand | Running])
DRV:64bit: - [2008/04/27 22:25:06 | 00,016,400 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie [Boot | Running])
DRV:64bit: - [2008/03/30 23:36:18 | 00,195,120 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV:64bit: - [2008/03/27 10:10:56 | 00,026,984 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV:64bit: - [2008/03/27 10:10:14 | 00,040,296 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV:64bit: - [2008/03/06 09:57:32 | 00,042,784 | ---- | M] () -- C:\Windows\SysNative\PCTINDIS5X64.SYS -- (PCTINDIS5X64 [On_Demand | Stopped])
DRV:64bit: - [2008/01/24 02:24:24 | 00,060,928 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir [On_Demand | Running])
DRV:64bit: - [2008/01/20 16:49:47 | 00,011,264 | ---- | M] () -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV:64bit: - [2008/01/20 16:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
DRV:64bit: - [2008/01/20 16:46:57 | 03,154,432 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64 [On_Demand | Stopped])
DRV:64bit: - [2008/01/20 16:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus [On_Demand | Stopped])
DRV:64bit: - [2008/01/20 16:46:52 | 00,019,456 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV:64bit: - [2008/01/20 16:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Running])
DRV:64bit: - [2007/06/27 03:47:14 | 00,089,216 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\swumx56.sys -- (SWUMX56 [On_Demand | Stopped])
DRV:64bit: - [2007/06/27 03:46:24 | 00,114,688 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\swnc8u56.sys -- (SWNC8U56 [On_Demand | Stopped])
DRV:64bit: - [2007/06/18 14:13:12 | 00,018,432 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running])
DRV:64bit: - [2007/01/18 09:10:22 | 00,030,336 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort [On_Demand | Running])
DRV:64bit: - [2006/11/01 19:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Running])
DRV:64bit: - [2006/10/03 15:45:36 | 00,273,408 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand | Stopped])
DRV - [2009/01/27 20:50:00 | 00,038,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mferkdk.sys -- (mferkdk [System | Stopped])
DRV - [2008/09/26 00:36:34 | 00,027,632 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49} [Auto | Running])
DRV - [2006/09/18 11:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot | Running])
DRV - [2006/09/18 11:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2005/02/01 09:55:40 | 00,021,442 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files (x86)\Gravity\RO\npkcrypt.sys -- (npkcrypt [On_Demand | Stopped])

========== Modules (SafeList) ==========

MOD - [2009/10/29 06:50:36 | 00,521,728 | ---- | M] (OldTimer Tools) -- c:\Users\Chae Eun\Desktop\OTL.exe
MOD - [2008/01/20 16:50:45 | 00,545,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\imekr8\imkrtip.dll
MOD - [2008/01/20 16:49:57 | 00,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\shared\imjkapi.dll
MOD - [2008/01/20 16:49:46 | 00,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\shared\imetip.dll
MOD - [2008/01/20 16:49:02 | 00,113,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\imekr8\imkrapi.dll
MOD - [2008/01/20 16:48:06 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2008/01/20 16:47:36 | 00,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\IME\SpTip.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\S-1-5-21-1699190045-97685707-2489270049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.mystart.c...om?pr=oovoo2_0"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {99E00A4C-D35E-11DD-BA95-9B6A56D89593}:2.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14
FF - prefs.js..keyword.URL: "http://urlseek40.vmn...=oovoo2_0dn&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/10 21:01:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/20 21:35:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/27 23:02:26 | 00,000,000 | ---D | M]

[2009/04/24 18:27:39 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Extensions
[2009/04/24 18:27:39 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/07 10:27:03 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2009/10/29 15:39:00 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions
[2009/07/12 19:34:28 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/09 14:47:15 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/10/29 15:39:16 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}
[2009/05/09 06:34:41 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/04/24 18:27:29 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/09/18 09:25:28 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/18 09:25:24 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/09/18 09:25:24 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/09/25 06:41:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll
[2009/09/25 06:41:24 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 12:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/09/18 09:25:26 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2007/04/16 07:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2009/09/25 06:41:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll
[2009/04/08 19:51:14 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/08 19:51:14 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/04/08 19:51:14 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/08 19:51:14 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/04/08 19:51:14 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/04/08 19:51:14 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/29 08:35:18 | 00,000,787 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll ()
O3 - HKLM\..\Toolbar: (VDict toolbar) - {DF8BE390-5F8A-4890-8212-7427B5048607} - C:\Program Files (x86)\VDict toolbar\vdict.dll (Kamejoko Network)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [myQuickFind] c:\program files\hanmesoft\myquickfind2\myQuickUpdate.exe File not found
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [oovoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} https://secwebclinic...ugin/aosmgr.cab (Reg Error: Key error.)
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} http://www2.stlu.com...eetnoagent7.cab (Street Technologies ActiveX Control Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Leeloo's%20Talent%20Agency/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.star.haw...Script/smsx.cab (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} http://web.spaceillu...yDancer1020.cab (myDancerCTL Class)
O16 - DPF: {3270EED1-B285-4828-A0A7-F55913A9B724} http://listen.daum.n...MusicPlayer.dll (S2PlayerPan Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} http://update.nprote...n/npstarter.cab (nPCom2 Control)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritag...EngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {858F06DE-CE31-491F-83AA-EADBCEB27548} http://download.prun...loadControl.cab (PrunaDownloadControl Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net...cab?ver=2,0,0,5 (Daum ActiveX manager Class)
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} http://web.spaceillu...Updater1034.cab (SiUpdaterCtrl Class)
O16 - DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} http://www.melon.com...lWebInstall.cab (MOPlayerWnd2 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Merriam%20Webster's%20Spell-Jam/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} http://player.muz.co...03/p3Instal.cab (PcubeSet Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprote...pusan/npkcx.cab (NPKCX Control)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://poipubeach.se...activex/AMC.cab (AxisMediaControlEmb Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.171.3.13 128.171.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/28 21:08:20 | 00,000,000 | ---D | C] -- C:\ProgramData\EmailNotifier
[2009/10/29 21:48:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/10/28 21:08:54 | 00,000,000 | ---D | C] -- C:\Users\Chae Eun\AppData\Roaming\ooVoo Details
[2009/10/29 21:48:53 | 00,000,000 | ---D | C] -- C:\Users\Chae Eun\AppData\Roaming\Skype
[2009/10/29 21:49:57 | 00,000,000 | ---D | C] -- C:\Users\Chae Eun\AppData\Roaming\skypePM
[2009/10/18 18:50:49 | 00,000,000 | ---D | C] -- C:\Users\Chae Eun\AppData\Local\AIM
[2009/10/29 21:48:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2009/10/22 20:01:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Daum
[2009/10/13 19:47:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub
[2009/10/10 10:07:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2009/10/28 21:07:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
[2009/10/28 21:08:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\oovootb
[2009/10/29 18:15:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2009/10/29 21:48:20 | 00,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2009/10/28 14:28:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/10/30 13:23:47 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\TFC.exe
[2009/10/29 13:52:06 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/29 06:50:30 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\OTL.exe
[2009/10/13 12:27:04 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/13 12:26:56 | 05,940,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/13 12:26:52 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/13 12:26:51 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/10/13 12:26:50 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/13 12:26:50 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/13 12:26:49 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/10/13 12:26:49 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/10/13 12:26:49 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/10/13 12:26:48 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/10/13 12:26:48 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/10/13 12:26:48 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/10/13 12:26:47 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/10/13 12:26:46 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/10/13 12:26:46 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/10/13 12:26:46 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/10/13 12:26:45 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/10/13 12:26:44 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/10/13 12:26:44 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/10/13 12:26:44 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/10/13 12:26:44 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/10/13 12:24:06 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/13 12:23:54 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[2009/10/02 06:37:30 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2009/10/02 06:37:30 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2009/10/02 06:37:30 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2009/10/02 06:37:11 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2009/10/02 06:37:11 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe

========== Files - Modified Within 30 Days ==========

[2009/10/30 13:26:57 | 00,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/30 13:26:57 | 00,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/30 13:26:53 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/30 13:26:45 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/30 13:26:37 | 40,242,58560 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/30 13:25:20 | 02,305,105 | -H-- | M] () -- C:\Users\Chae Eun\AppData\Local\IconCache.db
[2009/10/30 13:23:48 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\TFC.exe
[2009/10/29 23:32:58 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/10/29 23:32:58 | 00,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/10/29 23:32:58 | 00,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/10/29 21:49:58 | 00,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/10/29 21:48:22 | 00,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/10/29 15:44:01 | 00,000,180 | ---- | M] () -- C:\Windows\win.ini
[2009/10/29 15:22:30 | 00,003,998 | ---- | M] () -- C:\Users\Chae Eun\AppData\Roaming\wklnhst.dat
[2009/10/29 14:26:03 | 00,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChae Eun.job
[2009/10/29 06:50:36 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\OTL.exe
[2009/10/28 21:07:36 | 00,000,591 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2009/10/28 14:59:17 | 00,019,866 | ---- | M] () -- C:\Users\Chae Eun\Desktop\OMGhijackthis
[2009/10/28 14:28:46 | 00,001,928 | ---- | M] () -- C:\Users\Chae Eun\Desktop\HijackThis.lnk
[2009/10/27 23:02:22 | 00,001,013 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/10/27 23:01:22 | 00,001,421 | ---- | M] () -- C:\Users\Chae Eun\Desktop\DivX Movies.lnk
[2009/10/25 17:52:58 | 00,086,738 | ---- | M] () -- C:\Users\Chae Eun\Desktop\138.jpg
[2009/10/24 10:37:09 | 00,413,025 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0068.jpg
[2009/10/24 10:37:08 | 00,393,399 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0067.jpg
[2009/10/24 10:37:07 | 00,444,101 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0062.jpg
[2009/10/24 10:37:07 | 00,353,909 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0063.jpg
[2009/10/22 22:35:06 | 00,016,528 | ---- | M] () -- C:\Users\Chae Eun\Desktop\Midterm_US_157[1][1].docx
[2009/10/22 22:35:06 | 00,012,689 | ---- | M] () -- C:\Users\Chae Eun\Desktop\final essay.docx
[2009/10/21 13:24:16 | 00,460,172 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0059.jpg
[2009/10/19 16:56:37 | 00,027,648 | ---- | M] () -- C:\Users\Chae Eun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/18 18:25:11 | 00,013,880 | ---- | M] () -- C:\Users\Chae Eun\Documents\timmmmm.docx
[2009/10/18 18:18:29 | 00,011,284 | ---- | M] () -- C:\Users\Chae Eun\Documents\timmmmm..docx
[2009/10/18 15:36:09 | 98,750,464 | ---- | M] () -- C:\Users\Chae Eun\Documents\Produce.wmv
[2009/10/10 12:32:13 | 00,408,430 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0051.jpg
[2009/10/10 10:15:44 | 00,094,632 | ---- | M] () -- C:\Users\Chae Eun\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/10 10:15:05 | 02,955,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/10/07 20:25:18 | 00,326,343 | ---- | M] () -- C:\Users\Chae Eun\Desktop\RT_cascada.wma
[2009/10/02 08:40:19 | 26,575,296 | ---- | M] () -- C:\Windows\SysNative\mrt.exe
[2009/10/01 18:51:01 | 00,023,040 | ---- | M] () -- C:\Users\Chae Eun\Documents\dock,jessicaCL.doc
[2009/10/01 10:29:14 | 00,238,960 | ---- | M] () -- C:\Windows\SysNative\MpSigStub.exe

========== Files - No Company Name ==========
[2009/10/29 21:49:58 | 00,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/10/29 21:48:22 | 00,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/10/29 18:15:26 | 00,033,800 | ---- | C] () -- C:\Windows\SysNative\drivers\pavboot64.sys
[2009/10/28 21:07:36 | 00,000,591 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2009/10/28 14:33:09 | 00,019,866 | ---- | C] () -- C:\Users\Chae Eun\Desktop\OMGhijackthis
[2009/10/28 14:28:46 | 00,001,928 | ---- | C] () -- C:\Users\Chae Eun\Desktop\HijackThis.lnk
[2009/10/27 23:02:22 | 00,001,013 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/10/25 17:52:58 | 00,086,738 | ---- | C] () -- C:\Users\Chae Eun\Desktop\138.jpg
[2009/10/24 10:37:09 | 00,413,025 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0068.jpg
[2009/10/24 10:37:08 | 00,393,399 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0067.jpg
[2009/10/24 10:37:07 | 00,444,101 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0062.jpg
[2009/10/24 10:37:07 | 00,353,909 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0063.jpg
[2009/10/22 19:35:32 | 00,016,528 | ---- | C] () -- C:\Users\Chae Eun\Desktop\Midterm_US_157[1][1].docx
[2009/10/22 19:35:32 | 00,012,689 | ---- | C] () -- C:\Users\Chae Eun\Desktop\final essay.docx
[2009/10/21 13:24:16 | 00,460,172 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0059.jpg
[2009/10/18 18:25:10 | 00,013,880 | ---- | C] () -- C:\Users\Chae Eun\Documents\timmmmm.docx
[2009/10/18 18:18:28 | 00,011,284 | ---- | C] () -- C:\Users\Chae Eun\Documents\timmmmm..docx
[2009/10/18 14:41:47 | 98,750,464 | ---- | C] () -- C:\Users\Chae Eun\Documents\Produce.wmv
[2009/10/13 12:27:32 | 04,691,016 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/13 12:27:02 | 00,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/13 12:26:55 | 09,236,992 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/10/13 12:26:53 | 12,461,568 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/10/13 12:26:51 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/10/13 12:26:50 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/10/13 12:26:50 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/10/13 12:26:50 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/10/13 12:26:49 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009/10/13 12:26:49 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009/10/13 12:26:48 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009/10/13 12:26:47 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009/10/13 12:26:46 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2009/10/13 12:26:46 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2009/10/13 12:26:46 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2009/10/13 12:26:46 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009/10/13 12:26:45 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2009/10/13 12:26:44 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/10/13 12:26:44 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009/10/13 12:26:44 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009/10/13 12:26:44 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009/10/13 12:26:44 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/10/13 12:24:10 | 00,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/13 12:24:06 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2009/10/13 12:23:54 | 00,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2009/10/10 12:32:13 | 00,408,430 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0051.jpg
[2009/10/07 20:25:16 | 00,326,343 | ---- | C] () -- C:\Users\Chae Eun\Desktop\RT_cascada.wma
[2009/10/02 12:37:55 | 00,238,960 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2009/10/02 06:38:14 | 02,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2009/10/02 06:38:14 | 00,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2009/10/02 06:38:14 | 00,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2009/10/02 06:38:13 | 02,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2009/10/02 06:37:42 | 00,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2009/10/02 06:37:30 | 00,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2009/10/02 06:37:30 | 00,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2009/10/02 06:37:11 | 00,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2009/10/02 06:37:11 | 00,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2009/08/29 15:57:59 | 00,000,137 | ---- | C] () -- C:\Windows\viet1000.ini
[2009/05/02 14:07:46 | 00,000,022 | ---- | C] () -- C:\Windows\SysWow64\win28c88_va.dll
[2009/05/02 14:06:51 | 00,974,848 | ---- | C] () -- C:\Windows\SysWow64\LtDlgRes14n.dll
[2009/04/13 11:11:44 | 00,000,680 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\d3d9caps.dat
[2009/04/13 10:32:42 | 00,000,280 | ---- | C] () -- C:\Windows\SysWow64\epoPGPsdk.dll.sig
[2009/04/11 15:27:39 | 00,000,000 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\FnF4.txt
[2009/04/11 12:52:42 | 00,667,648 | ---- | C] () -- C:\Windows\SysWow64\MRUpdate.dll
[2009/04/04 09:44:45 | 00,226,768 | ---- | C] () -- C:\Windows\SysWow64\MuzLyrcs.dll
[2009/04/04 09:44:45 | 00,034,256 | ---- | C] () -- C:\Windows\SysWow64\MzWhatImListen2.dll
[2009/03/03 14:14:31 | 00,000,237 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/03/03 08:21:58 | 00,492,256 | ---- | C] () -- C:\Windows\SysWow64\MelonWebPlayer.dll
[2009/02/28 14:42:01 | 00,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.DLL
[2009/02/28 14:12:13 | 00,213,072 | ---- | C] () -- C:\Windows\SysWow64\DNLEng.dll
[2009/02/28 14:12:12 | 02,433,024 | ---- | C] () -- C:\Windows\npdbplug.dll
[2009/02/08 10:09:31 | 00,003,998 | ---- | C] () -- C:\Users\Chae Eun\AppData\Roaming\wklnhst.dat
[2009/02/08 02:47:00 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/06 11:57:02 | 00,027,648 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/05 18:00:32 | 02,305,105 | -H-- | C] () -- C:\Users\Chae Eun\AppData\Local\IconCache.db
[2009/02/04 19:22:53 | 00,000,000 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\QSwitch.txt
[2009/02/04 19:22:53 | 00,000,000 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\DSwitch.txt
[2009/02/04 19:22:53 | 00,000,000 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\AtStart.txt
[2009/02/04 19:18:41 | 00,094,632 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/01/15 20:32:49 | 00,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/01/15 20:32:38 | 00,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/01/15 20:32:01 | 00,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/01/15 20:30:19 | 00,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/01/15 20:27:39 | 00,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2008/10/22 23:03:19 | 00,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/22 22:52:09 | 00,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/22 22:48:54 | 00,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/22 22:46:28 | 00,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 16:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 16:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 05:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 05:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 02:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 02:34:27 | 00,000,180 | ---- | C] () -- C:\Windows\win.ini
[2006/09/29 15:22:28 | 00,393,216 | ---- | C] () -- C:\Windows\SysWow64\INICRYPTOSDK.dll
[2005/05/18 21:38:01 | 00,000,208 | ---- | C] () -- C:\Windows\SysWow64\NDMMUpdate.ini
[2005/04/18 19:57:57 | 00,262,253 | ---- | C] () -- C:\Windows\SysWow64\NDM_LP3000.dll
[2005/04/18 19:57:57 | 00,233,472 | ---- | C] () -- C:\Windows\SysWow64\MSNetSync.dll
[2005/04/18 19:57:57 | 00,131,072 | ---- | C] () -- C:\Windows\SysWow64\NDM_MPIO.dll
[2005/04/18 19:57:57 | 00,126,976 | ---- | C] () -- C:\Windows\SysWow64\STLicCheck.dll
[2005/04/18 19:57:57 | 00,126,976 | ---- | C] () -- C:\Windows\SysWow64\NetSync14xs.dll
[2005/04/18 19:57:57 | 00,122,880 | ---- | C] () -- C:\Windows\SysWow64\TS-200USB.dll
[2005/04/18 19:57:57 | 00,077,900 | ---- | C] () -- C:\Windows\SysWow64\NDM_DEVICE.dll
[2005/04/18 19:57:57 | 00,077,882 | ---- | C] () -- C:\Windows\SysWow64\NDM_TS-200.dll
[2005/04/18 19:57:57 | 00,073,839 | ---- | C] () -- C:\Windows\SysWow64\NDM_TC100.dll
[2005/04/18 19:57:57 | 00,073,728 | ---- | C] () -- C:\Windows\SysWow64\TCC730USB.dll
[2005/04/18 19:57:57 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\USBDevice.dll
[2005/04/18 19:57:57 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\TuneCaption.dll
[2005/04/18 19:57:57 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\NDM_NMP300RA.dll
[2005/04/18 19:57:57 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\WrapperCtl.dll
[2005/04/18 19:57:57 | 00,040,960 | ---- | C] () -- C:\Windows\SysWow64\NED_v20.dll
[2005/04/18 19:57:57 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\NetSync_Dit.dll
[2005/04/18 19:57:57 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\NEDP_v13.dll
[2005/04/18 19:57:57 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\NEDH_v13.dll
[2005/04/18 19:57:57 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\NEDdll.dll
[2005/04/18 19:57:57 | 00,032,768 | ---- | C] () -- C:\Windows\SysWow64\YariMediaDRM.dll
[2005/04/18 19:57:57 | 00,032,768 | ---- | C] () -- C:\Windows\SysWow64\UsbDLL.dll
[2005/04/18 19:57:56 | 00,684,032 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2005/04/18 19:57:56 | 00,192,616 | ---- | C] () -- C:\Windows\SysWow64\FlashCtl.dll
[2005/04/18 19:57:56 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\MASWizPC.dll
[2005/04/18 19:57:56 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\DitDrm.dll
[2005/04/18 19:57:56 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\CTDRM.dll
[2005/04/18 19:57:56 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\FileTransfer.dll
[2005/02/16 03:55:25 | 00,077,824 | ---- | C] () -- C:\Windows\SysWow64\akrip.dll
[2005/01/27 00:20:10 | 00,099,840 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:182E7BAA
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\yoomin.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\Untitled (5).wma.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\merryxmas.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\lookanh.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\jasmine.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\heyasan.wav:TOC.WMV
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E80802C7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:50D4F48C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:74D9C82E

========== Files - Unicode (All) ==========
[2009/05/25 08:51:27 | 00,001,863 | ---- | M] ()(C:\Users\Public\Desktop\Audition ? Season 2.lnk) -- C:\Users\Public\Desktop\Audition ľ Season 2.lnk
[2009/05/25 08:51:27 | 00,001,863 | ---- | C] ()(C:\Users\Public\Desktop\Audition ? Season 2.lnk) -- C:\Users\Public\Desktop\Audition ľ Season 2.lnk
< End of report >

Edited by meepmeep1101, 30 October 2009 - 05:48 PM.


#10 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 20,644 posts
  • MVP

Posted 30 October 2009 - 07:15 PM

Hi,

Your log looks clean.

To reset your home page in Fire fox... Go to Tools > Options > Main

make sure the Startup box that says "when fire fox starts" > make sure it's set to "show my home page"

Then set your homepage to : http://www.google.com or whatever you choose > OK

NEXT

Here is a tutorial for how to disable programs from startup:

http://www.vistax64....le-disable.html

NEXT


Please download JavaRa to your desktop and unzip it to its own folder.
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button.
  • Scroll down to the Java SE Runtime Environment (JRE) option.
  • Download and install the latest Java Runtime Environment (JRE) version for your computer.(version 6, update 16)


NEXT


  • Make sure you have an Internet Connection.
  • Double-click OTS.exe to run it. (Vista users, please right click on OTS.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTS to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You should be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


NEXT


Now we need to create a new clean SYSTEM RESTORE point.

  • Close and save any documents that you may have open.
  • Open up the Start Menu and right-click on "Computer", and then select "Properties"
  • This will take you into the System area of Control Panel. Click on the "Advanced system settings" on the left hand side.
  • Now select the "System Protection" tab to get to the System Restore section.
  • Click the "Create" button to create a new restore point. You'll be prompted for a name, and you might want to give it a useful name that you'll be able to easily identify later.
  • Click the Create button, and then the system will create the restore point.
  • When it's all finished, you'll get a message saying it's completed successfully.
  • You will now have a new restore point

Then remove all previous Restore Points
  • Click Start Menu > Run > copy and paste
  • cleanmgr into the run box
  • At the top, click on the More Options tab, under System Restore and Shadow Copies group,
  • Click the Clean up button,
  • Vista will ask you if youĺre sure, click on Yes button.
  • When finished, click on Cancel button to exit.


NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.


  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them

    Then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • For Firefox, I highly recommend this add-on to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Advertisement

    Register to Remove


#11 meepmeep1101

meepmeep1101

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 05 November 2009 - 01:08 AM

it just called me a loser agian....

#12 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 20,644 posts
  • MVP

Posted 05 November 2009 - 05:56 AM

I didn't see any obvious signs of malware that could be causing that, it may be possible there is a prank .vbs script on your system or you may have an infected codec. Is it only when you play music that this happens?

What program do you use for music



Lets see if a deeper scan will turn it up.

Please do the following:

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.


Make sure you reboot before continuing:



NEXT


I'd like you to run a custom scan with OTL

  • Please download OTL from HERE
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under Custom Scan paste this in"
    %SYSTEMDRIVE%\*.vbs /s /md5
    C:\windows\system32\drivers\*.sys /md5
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
    %TEMP%\*.*
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you called OTL.txt. Please post that log here in reply.
  • You may need to use two posts to get it all on the forum


#13 meepmeep1101

meepmeep1101

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 05 November 2009 - 10:36 AM

yesterday it didnt happen when playing music. And my roommate actually heard it this time.

#14 meepmeep1101

meepmeep1101

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 05 November 2009 - 03:12 PM

OTL logfile created on: 11/5/2009 7:11:34 AM - Run 3
OTL by OldTimer - Version 3.0.22.1 Folder = c:\Users\Chae Eun\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 54.17% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.97 Gb Total Space | 85.00 Gb Free Space | 38.64% Space Free | Partition Type: NTFS
Drive D: | 12.91 Gb Total Space | 2.02 Gb Free Space | 15.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.92 Gb Total Space | 1.90 Gb Free Space | 98.95% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHAEEUN-PC
Current User Name: Chae Eun
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/29 06:50:36 | 00,521,728 | ---- | M] (OldTimer Tools) -- c:\Users\Chae Eun\Desktop\OTL.exe
PRC - [2009/10/12 18:03:52 | 17,507,000 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2009/10/05 14:14:22 | 02,075,384 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/08/26 19:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/05/11 16:45:30 | 00,202,024 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/02/20 08:22:34 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/01/27 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2009/01/27 17:37:24 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/01/27 17:30:20 | 02,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/10/06 06:54:52 | 00,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/09/26 00:36:40 | 01,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 16:42:24 | 00,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/25 16:41:44 | 01,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/24 16:08:26 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/09/24 16:08:26 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/08/01 13:14:02 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008/06/29 13:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
PRC - [2008/06/10 01:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/05/01 13:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/04/15 11:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2008/04/11 06:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/04/03 08:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/01/20 16:49:12 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2007/10/25 04:05:40 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007/10/25 04:04:56 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2007/10/25 04:03:28 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/09/26 04:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
PRC - [2007/05/08 13:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/06/03 20:43:18 | 00,239,104 | ---- | M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV [Auto | Running])
SRV:64bit: - [2009/03/02 18:42:58 | 00,089,600 | ---- | M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe -- (AESTFilters [Auto | Running])
SRV:64bit: - [2008/12/10 08:04:58 | 00,935,424 | ---- | M] () -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
SRV:64bit: - [2008/03/18 14:25:40 | 00,023,040 | ---- | M] () -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv [Auto | Running])
SRV:64bit: - [2008/01/20 16:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV:64bit: - [2008/01/20 16:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:64bit: - [2007/12/11 10:11:30 | 00,015,872 | ---- | M] () -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2009/07/16 13:16:44 | 00,250,616 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2009/02/19 17:22:23 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/01/27 20:50:00 | 00,154,432 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield [Auto | Running])
SRV - [2009/01/27 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager [Auto | Running])
SRV - [2009/01/27 17:37:24 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/11/20 09:18:52 | 00,136,120 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/11/03 19:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2008/10/09 07:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/10/06 06:54:52 | 00,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
SRV - [2008/09/24 16:08:26 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc [Auto | Running])
SRV - [2008/09/24 16:08:26 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched [Auto | Running])
SRV - [2008/07/27 08:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 08:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/06/29 13:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2008/06/19 15:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/06/19 15:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/05/01 13:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2008/04/03 08:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
SRV - [2008/03/06 10:10:52 | 00,106,496 | ---- | M] (PCTEL) -- C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc [On_Demand | Stopped])
SRV - [2008/03/06 10:09:50 | 00,118,784 | ---- | M] (PCTEL) -- C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT [On_Demand | Stopped])
SRV - [2008/01/20 16:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 16:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2007/10/25 04:03:28 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2007/05/31 04:11:54 | 00,443,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm [Auto | Running])
SRV - [2007/05/31 04:11:46 | 00,225,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr [Auto | Running])
SRV - [2007/01/02 05:35:24 | 00,074,656 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2006/11/02 05:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2006/11/02 03:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2006/11/01 20:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/01 20:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])
SRV - [2006/10/26 11:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/10/22 00:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/06/30 10:37:16 | 00,033,800 | ---- | M] () -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot [Boot | Running])
DRV:64bit: - [2009/06/24 03:28:32 | 00,871,408 | ---- | M] () -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV:64bit: - [2009/06/03 20:43:18 | 00,486,400 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA [On_Demand | Running])
DRV:64bit: - [2009/05/25 06:51:00 | 00,207,872 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])
DRV:64bit: - [2009/05/23 05:09:38 | 00,029,704 | ---- | M] () -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt [On_Demand | Stopped])
DRV:64bit: - [2009/01/27 20:50:00 | 00,259,656 | ---- | M] () -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
DRV:64bit: - [2009/01/27 20:50:00 | 00,094,280 | ---- | M] () -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV:64bit: - [2009/01/27 20:50:00 | 00,081,096 | ---- | M] () -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
DRV:64bit: - [2009/01/27 20:50:00 | 00,067,272 | ---- | M] () -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik [System | Running])
DRV:64bit: - [2008/12/10 09:31:26 | 04,993,024 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])
DRV:64bit: - [2008/11/21 22:05:22 | 01,253,376 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem [On_Demand | Running])
DRV:64bit: - [2008/10/23 02:16:34 | 01,526,776 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX [On_Demand | Running])
DRV:64bit: - [2008/10/16 23:00:00 | 00,179,768 | ---- | M] () -- C:\Windows\SysNative\drivers\Mkd3kfNt.sys -- (Mkd3kfNt [On_Demand | Stopped])
DRV:64bit: - [2008/10/16 23:00:00 | 00,106,040 | ---- | M] () -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr [On_Demand | Stopped])
DRV:64bit: - [2008/07/20 23:53:04 | 00,145,496 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR [On_Demand | Running])
DRV:64bit: - [2008/06/27 01:51:10 | 00,088,632 | ---- | M] () -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs [Auto | Running])
DRV:64bit: - [2008/05/28 12:54:18 | 00,026,168 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter [On_Demand | Running])
DRV:64bit: - [2008/04/27 22:25:06 | 00,016,400 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie [Boot | Running])
DRV:64bit: - [2008/03/30 23:36:18 | 00,195,120 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV:64bit: - [2008/03/27 10:10:56 | 00,026,984 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV:64bit: - [2008/03/27 10:10:14 | 00,040,296 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV:64bit: - [2008/03/06 09:57:32 | 00,042,784 | ---- | M] () -- C:\Windows\SysNative\PCTINDIS5X64.SYS -- (PCTINDIS5X64 [On_Demand | Stopped])
DRV:64bit: - [2008/01/24 02:24:24 | 00,060,928 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir [On_Demand | Running])
DRV:64bit: - [2008/01/20 16:49:47 | 00,011,264 | ---- | M] () -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV:64bit: - [2008/01/20 16:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
DRV:64bit: - [2008/01/20 16:46:57 | 03,154,432 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64 [On_Demand | Stopped])
DRV:64bit: - [2008/01/20 16:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus [On_Demand | Stopped])
DRV:64bit: - [2008/01/20 16:46:52 | 00,019,456 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV:64bit: - [2008/01/20 16:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Running])
DRV:64bit: - [2007/06/27 03:47:14 | 00,089,216 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\swumx56.sys -- (SWUMX56 [On_Demand | Stopped])
DRV:64bit: - [2007/06/27 03:46:24 | 00,114,688 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\swnc8u56.sys -- (SWNC8U56 [On_Demand | Stopped])
DRV:64bit: - [2007/06/18 14:13:12 | 00,018,432 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running])
DRV:64bit: - [2007/01/18 09:10:22 | 00,030,336 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort [On_Demand | Running])
DRV:64bit: - [2006/11/01 19:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Running])
DRV:64bit: - [2006/10/03 15:45:36 | 00,273,408 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand | Stopped])
DRV - [2009/01/27 20:50:00 | 00,038,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mferkdk.sys -- (mferkdk [System | Stopped])
DRV - [2008/09/26 00:36:34 | 00,027,632 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49} [Auto | Running])
DRV - [2006/09/18 11:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot | Running])
DRV - [2006/09/18 11:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2005/02/01 09:55:40 | 00,021,442 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files (x86)\Gravity\RO\npkcrypt.sys -- (npkcrypt [On_Demand | Stopped])

========== Modules (SafeList) ==========

MOD - [2009/10/29 06:50:36 | 00,521,728 | ---- | M] (OldTimer Tools) -- c:\Users\Chae Eun\Desktop\OTL.exe
MOD - [2008/01/20 16:50:45 | 00,545,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\imekr8\imkrtip.dll
MOD - [2008/01/20 16:49:57 | 00,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\shared\imjkapi.dll
MOD - [2008/01/20 16:49:46 | 00,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\shared\imetip.dll
MOD - [2008/01/20 16:49:02 | 00,113,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\imekr8\imkrapi.dll
MOD - [2008/01/20 16:48:06 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2008/01/20 16:47:36 | 00,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\IME\SpTip.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\S-1-5-21-1699190045-97685707-2489270049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://en-US.start2....en-US:official"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {99E00A4C-D35E-11DD-BA95-9B6A56D89593}:2.0
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14
FF - prefs.js..keyword.URL: "http://urlseek40.vmn...=oovoo2_0dn&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/10 21:01:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/20 21:35:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/27 23:02:26 | 00,000,000 | ---D | M]

[2009/04/24 18:27:39 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Extensions
[2009/04/24 18:27:39 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/07 10:27:03 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2009/11/04 11:58:06 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions
[2009/07/12 19:34:28 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/09 14:47:15 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/10/29 15:39:16 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}
[2009/05/09 06:34:41 | 00,000,000 | ---D | M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/04/24 18:27:29 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/09/18 09:25:28 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/18 09:25:24 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/09/18 09:25:24 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/09/25 06:41:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll
[2009/09/25 06:41:24 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 12:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/09/18 09:25:26 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2007/04/16 07:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2009/09/25 06:41:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll
[2009/04/08 19:51:14 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/08 19:51:14 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/04/08 19:51:14 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/08 19:51:14 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/04/08 19:51:14 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/04/08 19:51:14 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/29 08:35:18 | 00,000,787 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll ()
O3 - HKLM\..\Toolbar: (VDict toolbar) - {DF8BE390-5F8A-4890-8212-7427B5048607} - C:\Program Files (x86)\VDict toolbar\vdict.dll (Kamejoko Network)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [myQuickFind] c:\program files\hanmesoft\myquickfind2\myQuickUpdate.exe File not found
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [oovoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} https://secwebclinic...ugin/aosmgr.cab (Reg Error: Key error.)
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} http://www2.stlu.com...eetnoagent7.cab (Street Technologies ActiveX Control Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Leeloo's%20Talent%20Agency/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.star.haw...Script/smsx.cab (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} http://web.spaceillu...yDancer1020.cab (myDancerCTL Class)
O16 - DPF: {3270EED1-B285-4828-A0A7-F55913A9B724} http://listen.daum.n...MusicPlayer.dll (S2PlayerPan Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} http://update.nprote...n/npstarter.cab (nPCom2 Control)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritag...EngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {858F06DE-CE31-491F-83AA-EADBCEB27548} http://download.prun...loadControl.cab (PrunaDownloadControl Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net...cab?ver=2,0,0,5 (Daum ActiveX manager Class)
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} http://web.spaceillu...Updater1034.cab (SiUpdaterCtrl Class)
O16 - DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} http://www.melon.com...lWebInstall.cab (MOPlayerWnd2 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Merriam%20Webster's%20Spell-Jam/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} http://player.muz.co...03/p3Instal.cab (PcubeSet Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprote...pusan/npkcx.cab (NPKCX Control)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://poipubeach.se...activex/AMC.cab (AxisMediaControlEmb Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.171.3.13 128.171.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/28 21:08:20 | 00,000,000 | ---D | C] -- C:\ProgramData\EmailNotifier
[2009/10/29 21:48:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/10/28 21:08:54 | 00,000,000 | ---D | C] -- C:\Users\Chae Eun\AppData\Roaming\ooVoo Details
[2009/10/29 21:48:53 | 00,000,000 | ---D | C] -- C:\Users\Chae Eun\AppData\Roaming\Skype
[2009/10/29 21:49:57 | 00,000,000 | ---D | C] -- C:\Users\Chae Eun\AppData\Roaming\skypePM
[2009/10/18 18:50:49 | 00,000,000 | ---D | C] -- C:\Users\Chae Eun\AppData\Local\AIM
[2009/10/29 21:48:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2009/10/22 20:01:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Daum
[2009/10/13 19:47:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub
[2009/10/10 10:07:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2009/10/28 21:07:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
[2009/10/28 21:08:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\oovootb
[2009/10/29 18:15:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2009/10/29 21:48:20 | 00,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2009/10/28 14:28:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/11/03 15:15:40 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/11/03 15:15:38 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/10/30 13:23:47 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\TFC.exe
[2009/10/29 13:52:06 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/29 06:50:30 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\OTL.exe
[2009/10/13 12:27:04 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/13 12:26:52 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/13 12:26:51 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/10/13 12:26:50 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/13 12:26:50 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/13 12:26:49 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/10/13 12:26:49 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/10/13 12:26:49 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/10/13 12:26:48 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/10/13 12:26:48 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/10/13 12:26:48 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/10/13 12:26:47 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/10/13 12:26:46 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/10/13 12:26:46 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/10/13 12:26:46 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/10/13 12:26:45 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/10/13 12:26:44 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/10/13 12:26:44 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/10/13 12:26:44 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/10/13 12:24:06 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/13 12:23:54 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll

========== Files - Modified Within 30 Days ==========

[2009/11/05 07:09:28 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/05 07:05:43 | 00,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/05 07:05:43 | 00,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/05 07:05:36 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/05 07:05:12 | 40,242,58560 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/05 07:03:50 | 02,305,259 | -H-- | M] () -- C:\Users\Chae Eun\AppData\Local\IconCache.db
[2009/11/04 17:37:58 | 00,028,160 | ---- | M] () -- C:\Users\Chae Eun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/04 17:36:20 | 17,397,9348 | ---- | M] () -- C:\Users\Chae Eun\Documents\Produce_0.avi
[2009/11/04 03:18:49 | 00,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChae Eun.job
[2009/11/02 16:54:23 | 00,012,528 | ---- | M] () -- C:\Users\Chae Eun\Documents\Cool eye.jpg
[2009/11/01 11:31:42 | 00,004,112 | ---- | M] () -- C:\Users\Chae Eun\AppData\Roaming\wklnhst.dat
[2009/10/31 00:30:45 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/10/31 00:30:45 | 00,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/10/31 00:30:45 | 00,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/10/30 13:23:48 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\TFC.exe
[2009/10/29 21:49:58 | 00,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/10/29 21:48:22 | 00,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/10/29 15:44:01 | 00,000,180 | ---- | M] () -- C:\Windows\win.ini
[2009/10/29 06:50:36 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\OTL.exe
[2009/10/28 21:07:36 | 00,000,591 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2009/10/28 14:59:17 | 00,019,866 | ---- | M] () -- C:\Users\Chae Eun\Desktop\OMGhijackthis
[2009/10/28 14:28:46 | 00,001,928 | ---- | M] () -- C:\Users\Chae Eun\Desktop\HijackThis.lnk
[2009/10/27 23:02:22 | 00,001,013 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/10/27 23:01:22 | 00,001,421 | ---- | M] () -- C:\Users\Chae Eun\Desktop\DivX Movies.lnk
[2009/10/25 17:52:58 | 00,086,738 | ---- | M] () -- C:\Users\Chae Eun\Desktop\138.jpg
[2009/10/24 10:37:09 | 00,413,025 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0068.jpg
[2009/10/24 10:37:08 | 00,393,399 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0067.jpg
[2009/10/24 10:37:07 | 00,444,101 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0062.jpg
[2009/10/24 10:37:07 | 00,353,909 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0063.jpg
[2009/10/22 22:35:06 | 00,016,528 | ---- | M] () -- C:\Users\Chae Eun\Desktop\Midterm_US_157[1][1].docx
[2009/10/22 22:35:06 | 00,012,689 | ---- | M] () -- C:\Users\Chae Eun\Desktop\final essay.docx
[2009/10/21 16:14:52 | 09,236,480 | ---- | M] () -- C:\Windows\SysNative\mshtml.dll
[2009/10/21 13:24:16 | 00,460,172 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0059.jpg
[2009/10/21 12:36:56 | 01,638,912 | ---- | M] () -- C:\Windows\SysNative\mshtml.tlb
[2009/10/21 00:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/20 22:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/10/18 18:25:11 | 00,013,880 | ---- | M] () -- C:\Users\Chae Eun\Documents\timmmmm.docx
[2009/10/18 18:18:29 | 00,011,284 | ---- | M] () -- C:\Users\Chae Eun\Documents\timmmmm..docx
[2009/10/18 15:36:09 | 98,750,464 | ---- | M] () -- C:\Users\Chae Eun\Documents\Produce.wmv
[2009/10/10 12:32:13 | 00,408,430 | ---- | M] () -- C:\Users\Chae Eun\Desktop\IMAG0051.jpg
[2009/10/10 10:15:44 | 00,094,632 | ---- | M] () -- C:\Users\Chae Eun\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/10 10:15:05 | 02,955,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/10/07 20:25:18 | 00,326,343 | ---- | M] () -- C:\Users\Chae Eun\Desktop\RT_cascada.wma

========== Files - No Company Name ==========
[2009/11/04 17:35:00 | 17,397,9348 | ---- | C] () -- C:\Users\Chae Eun\Documents\Produce_0.avi
[2009/11/03 15:15:39 | 09,236,480 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/11/03 15:15:38 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/11/02 16:54:20 | 00,012,528 | ---- | C] () -- C:\Users\Chae Eun\Documents\Cool eye.jpg
[2009/11/01 19:30:09 | 00,000,346 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForChae Eun.job
[2009/10/29 21:49:58 | 00,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/10/29 21:48:22 | 00,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/10/29 18:15:26 | 00,033,800 | ---- | C] () -- C:\Windows\SysNative\drivers\pavboot64.sys
[2009/10/28 21:07:36 | 00,000,591 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2009/10/28 14:33:09 | 00,019,866 | ---- | C] () -- C:\Users\Chae Eun\Desktop\OMGhijackthis
[2009/10/28 14:28:46 | 00,001,928 | ---- | C] () -- C:\Users\Chae Eun\Desktop\HijackThis.lnk
[2009/10/27 23:02:22 | 00,001,013 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/10/25 17:52:58 | 00,086,738 | ---- | C] () -- C:\Users\Chae Eun\Desktop\138.jpg
[2009/10/24 10:37:09 | 00,413,025 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0068.jpg
[2009/10/24 10:37:08 | 00,393,399 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0067.jpg
[2009/10/24 10:37:07 | 00,444,101 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0062.jpg
[2009/10/24 10:37:07 | 00,353,909 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0063.jpg
[2009/10/22 19:35:32 | 00,016,528 | ---- | C] () -- C:\Users\Chae Eun\Desktop\Midterm_US_157[1][1].docx
[2009/10/22 19:35:32 | 00,012,689 | ---- | C] () -- C:\Users\Chae Eun\Desktop\final essay.docx
[2009/10/21 13:24:16 | 00,460,172 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0059.jpg
[2009/10/18 18:25:10 | 00,013,880 | ---- | C] () -- C:\Users\Chae Eun\Documents\timmmmm.docx
[2009/10/18 18:18:28 | 00,011,284 | ---- | C] () -- C:\Users\Chae Eun\Documents\timmmmm..docx
[2009/10/18 14:41:47 | 98,750,464 | ---- | C] () -- C:\Users\Chae Eun\Documents\Produce.wmv
[2009/10/13 12:27:32 | 04,691,016 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/13 12:27:02 | 00,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/13 12:26:53 | 12,461,568 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/10/13 12:26:51 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/10/13 12:26:50 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/10/13 12:26:50 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/10/13 12:26:50 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/10/13 12:26:49 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009/10/13 12:26:49 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009/10/13 12:26:48 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009/10/13 12:26:47 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009/10/13 12:26:46 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2009/10/13 12:26:46 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2009/10/13 12:26:46 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2009/10/13 12:26:46 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009/10/13 12:26:45 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2009/10/13 12:26:44 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009/10/13 12:26:44 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009/10/13 12:26:44 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009/10/13 12:26:44 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/10/13 12:24:10 | 00,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/13 12:24:06 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2009/10/13 12:23:54 | 00,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2009/10/10 12:32:13 | 00,408,430 | ---- | C] () -- C:\Users\Chae Eun\Desktop\IMAG0051.jpg
[2009/10/07 20:25:16 | 00,326,343 | ---- | C] () -- C:\Users\Chae Eun\Desktop\RT_cascada.wma
[2009/08/29 15:57:59 | 00,000,137 | ---- | C] () -- C:\Windows\viet1000.ini
[2009/05/02 14:07:46 | 00,000,022 | ---- | C] () -- C:\Windows\SysWow64\win28c88_va.dll
[2009/05/02 14:06:51 | 00,974,848 | ---- | C] () -- C:\Windows\SysWow64\LtDlgRes14n.dll
[2009/04/13 11:11:44 | 00,000,680 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\d3d9caps.dat
[2009/04/13 10:32:42 | 00,000,280 | ---- | C] () -- C:\Windows\SysWow64\epoPGPsdk.dll.sig
[2009/04/11 15:27:39 | 00,000,000 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\FnF4.txt
[2009/04/11 12:52:42 | 00,667,648 | ---- | C] () -- C:\Windows\SysWow64\MRUpdate.dll
[2009/04/04 09:44:45 | 00,226,768 | ---- | C] () -- C:\Windows\SysWow64\MuzLyrcs.dll
[2009/04/04 09:44:45 | 00,034,256 | ---- | C] () -- C:\Windows\SysWow64\MzWhatImListen2.dll
[2009/03/03 14:14:31 | 00,000,237 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/03/03 08:21:58 | 00,492,256 | ---- | C] () -- C:\Windows\SysWow64\MelonWebPlayer.dll
[2009/02/28 14:42:01 | 00,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.DLL
[2009/02/28 14:12:13 | 00,213,072 | ---- | C] () -- C:\Windows\SysWow64\DNLEng.dll
[2009/02/28 14:12:12 | 02,433,024 | ---- | C] () -- C:\Windows\npdbplug.dll
[2009/02/08 10:09:31 | 00,004,112 | ---- | C] () -- C:\Users\Chae Eun\AppData\Roaming\wklnhst.dat
[2009/02/08 02:47:00 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/06 11:57:02 | 00,028,160 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/05 18:00:32 | 02,305,259 | -H-- | C] () -- C:\Users\Chae Eun\AppData\Local\IconCache.db
[2009/02/04 19:22:53 | 00,000,000 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\QSwitch.txt
[2009/02/04 19:22:53 | 00,000,000 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\DSwitch.txt
[2009/02/04 19:22:53 | 00,000,000 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\AtStart.txt
[2009/02/04 19:18:41 | 00,094,632 | ---- | C] () -- C:\Users\Chae Eun\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/01/15 20:32:49 | 00,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/01/15 20:32:38 | 00,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/01/15 20:32:01 | 00,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/01/15 20:30:19 | 00,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/01/15 20:27:39 | 00,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2008/10/22 23:03:19 | 00,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/22 22:52:09 | 00,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/22 22:48:54 | 00,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/22 22:46:28 | 00,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 16:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 16:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 05:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 05:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 02:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 02:34:27 | 00,000,180 | ---- | C] () -- C:\Windows\win.ini
[2006/09/29 15:22:28 | 00,393,216 | ---- | C] () -- C:\Windows\SysWow64\INICRYPTOSDK.dll
[2005/05/18 21:38:01 | 00,000,208 | ---- | C] () -- C:\Windows\SysWow64\NDMMUpdate.ini
[2005/04/18 19:57:57 | 00,262,253 | ---- | C] () -- C:\Windows\SysWow64\NDM_LP3000.dll
[2005/04/18 19:57:57 | 00,233,472 | ---- | C] () -- C:\Windows\SysWow64\MSNetSync.dll
[2005/04/18 19:57:57 | 00,131,072 | ---- | C] () -- C:\Windows\SysWow64\NDM_MPIO.dll
[2005/04/18 19:57:57 | 00,126,976 | ---- | C] () -- C:\Windows\SysWow64\STLicCheck.dll
[2005/04/18 19:57:57 | 00,126,976 | ---- | C] () -- C:\Windows\SysWow64\NetSync14xs.dll
[2005/04/18 19:57:57 | 00,122,880 | ---- | C] () -- C:\Windows\SysWow64\TS-200USB.dll
[2005/04/18 19:57:57 | 00,077,900 | ---- | C] () -- C:\Windows\SysWow64\NDM_DEVICE.dll
[2005/04/18 19:57:57 | 00,077,882 | ---- | C] () -- C:\Windows\SysWow64\NDM_TS-200.dll
[2005/04/18 19:57:57 | 00,073,839 | ---- | C] () -- C:\Windows\SysWow64\NDM_TC100.dll
[2005/04/18 19:57:57 | 00,073,728 | ---- | C] () -- C:\Windows\SysWow64\TCC730USB.dll
[2005/04/18 19:57:57 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\USBDevice.dll
[2005/04/18 19:57:57 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\TuneCaption.dll
[2005/04/18 19:57:57 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\NDM_NMP300RA.dll
[2005/04/18 19:57:57 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\WrapperCtl.dll
[2005/04/18 19:57:57 | 00,040,960 | ---- | C] () -- C:\Windows\SysWow64\NED_v20.dll
[2005/04/18 19:57:57 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\NetSync_Dit.dll
[2005/04/18 19:57:57 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\NEDP_v13.dll
[2005/04/18 19:57:57 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\NEDH_v13.dll
[2005/04/18 19:57:57 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\NEDdll.dll
[2005/04/18 19:57:57 | 00,032,768 | ---- | C] () -- C:\Windows\SysWow64\YariMediaDRM.dll
[2005/04/18 19:57:57 | 00,032,768 | ---- | C] () -- C:\Windows\SysWow64\UsbDLL.dll
[2005/04/18 19:57:56 | 00,684,032 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2005/04/18 19:57:56 | 00,192,616 | ---- | C] () -- C:\Windows\SysWow64\FlashCtl.dll
[2005/04/18 19:57:56 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\MASWizPC.dll
[2005/04/18 19:57:56 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\DitDrm.dll
[2005/04/18 19:57:56 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\CTDRM.dll
[2005/04/18 19:57:56 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\FileTransfer.dll
[2005/02/16 03:55:25 | 00,077,824 | ---- | C] () -- C:\Windows\SysWow64\akrip.dll
[2005/01/27 00:20:10 | 00,099,840 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.vbs /s /md5 >
[disable.vbs : MD5=66ECFF0FCBCD03251EB2E51815268C25] -> [2008/03/18 04:35:00 | 00,000,181 | ---- | M] () -- C:\Program Files (x86)\Realtek\VISTA_8169\disable.vbs
[enable.vbs : MD5=5D7F56641938468476433111BFC5DD4C] -> [2008/03/18 04:35:00 | 00,000,182 | ---- | M] () -- C:\Program Files (x86)\Realtek\VISTA_8169\enable.vbs
[Setup.vbs : MD5=32E9A26347669DDAC2B92DCDF6E8403F] -> [2008/08/15 07:15:20 | 00,000,128 | ---- | M] () -- C:\SWSETUP\ESUVT\Setup.vbs
[FUBID.vbs : MD5=F53DFF5424B0CF6E0B660687FDCCEB67] -> [2008/03/17 21:36:50 | 00,004,138 | ---- | M] () -- C:\System.sav\Util\FUBID.vbs
[Logo.vbs : MD5=7B31788E46CB323D6FAE64A43C97067B] -> [2007/12/12 01:44:02 | 00,009,515 | ---- | M] () -- C:\System.sav\Util\Logo.vbs
[MBRINST.VBS : MD5=B2F32672C2CC13E41EE930B5B29F03C8] -> [2007/12/19 23:40:20 | 00,005,409 | ---- | M] () -- C:\System.sav\Util\MBRINST.VBS
[RWUCINI.VBS : MD5=E44E88808C215EFFD2547BEA13D3F0CF] -> [2008/07/17 03:01:26 | 00,005,300 | ---- | M] () -- C:\System.sav\Util\RWUCINI.VBS
[Replace.vbs : MD5=883968D43EB61ED8FD359B5AD8AB4588] -> [2008/01/28 05:50:54 | 00,000,477 | ---- | M] () -- C:\System.sav\Util\TDC\Replace.vbs
[slmgr.vbs : MD5=BCDBB5CEA1E8AEA0FA353691EB003728] -> [2009/02/18 08:41:13 | 00,092,918 | ---- | M] () -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..ity-licensing-tools_31bf3856ad364e35_6.0.6002.18005_none_23541afe1d637c0d\slmgr.vbs
[slmgr.vbs : MD5=BCDBB5CEA1E8AEA0FA353691EB003728] -> [2009/02/18 08:39:57 | 00,092,918 | ---- | M] () -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-s..ity-licensing-tools_31bf3856ad364e35_6.0.6002.18005_none_c7357f7a65060ad7\slmgr.vbs
[slmgr.vbs : MD5=202F0D89E2B265C2E10DC84889D20809] -> [2008/01/20 16:49:25 | 00,080,047 | ---- | M] () -- C:\Windows\SysWow64\slmgr.vbs
[winrm.vbs : MD5=628FBD4EF5BD0082C473AB1291F5A46E] -> [2008/01/20 16:49:55 | 00,195,122 | ---- | M] () -- C:\Windows\SysWow64\winrm.vbs
[prncnfg.vbs : MD5=31D7079AF27F244E6AA5B7A7C8FE75F3] -> [2006/11/02 05:13:35 | 00,105,940 | ---- | M] () -- C:\Windows\SysWow64\Printing_Admin_Scripts\en-US\prncnfg.vbs
[prndrvr.vbs : MD5=96289191763ACF8E4AB69F622262B15F] -> [2006/11/02 05:13:35 | 00,051,312 | ---- | M] () -- C:\Windows\SysWow64\Printing_Admin_Scripts\en-US\prndrvr.vbs
[prnjobs.vbs : MD5=03E9BADC32A52E3CB44E4277803CFFF9] -> [2006/11/02 05:13:35 | 00,069,882 | ---- | M] () -- C:\Windows\SysWow64\Printing_Admin_Scripts\en-US\prnjobs.vbs
[prnmngr.vbs : MD5=816213C95FC12D011BF789213E1CC973] -> [2006/11/02 05:13:35 | 00,081,048 | ---- | M] () -- C:\Windows\SysWow64\Printing_Admin_Scripts\en-US\prnmngr.vbs
[prnport.vbs : MD5=F7D4D187D8F3490C11F6E4D7AED2B72D] -> [2006/11/02 05:13:35 | 00,056,756 | ---- | M] () -- C:\Windows\SysWow64\Printing_Admin_Scripts\en-US\prnport.vbs
[prnqctl.vbs : MD5=C36D1285B62C6739B465A285148E4000] -> [2006/11/02 05:13:35 | 00,051,462 | ---- | M] () -- C:\Windows\SysWow64\Printing_Admin_Scripts\en-US\prnqctl.vbs
[pubprn.vbs : MD5=AB328741766A47CACE8978A24260C51A] -> [2006/11/02 05:13:35 | 00,007,418 | ---- | M] () -- C:\Windows\SysWow64\Printing_Admin_Scripts\en-US\pubprn.vbs
[slmgr.vbs : MD5=202F0D89E2B265C2E10DC84889D20809] -> [2008/01/20 16:49:25 | 00,080,047 | ---- | M] () -- C:\Windows\SysWOW64\slmgr.vbs
[winrm.vbs : MD5=628FBD4EF5BD0082C473AB1291F5A46E] -> [2008/01/20 16:49:55 | 00,195,122 | ---- | M] () -- C:\Windows\SysWOW64\winrm.vbs
[prncnfg.vbs : MD5=31D7079AF27F244E6AA5B7A7C8FE75F3] -> [2006/11/02 05:13:35 | 00,105,940 | ---- | M] () -- C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prncnfg.vbs
[prndrvr.vbs : MD5=96289191763ACF8E4AB69F622262B15F] -> [2006/11/02 05:13:35 | 00,051,312 | ---- | M] () -- C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prndrvr.vbs
[prnjobs.vbs : MD5=03E9BADC32A52E3CB44E4277803CFFF9] -> [2006/11/02 05:13:35 | 00,069,882 | ---- | M] () -- C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnjobs.vbs
[prnmngr.vbs : MD5=816213C95FC12D011BF789213E1CC973] -> [2006/11/02 05:13:35 | 00,081,048 | ---- | M] () -- C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnmngr.vbs
[prnport.vbs : MD5=F7D4D187D8F3490C11F6E4D7AED2B72D] -> [2006/11/02 05:13:35 | 00,056,756 | ---- | M] () -- C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnport.vbs
[prnqctl.vbs : MD5=C36D1285B62C6739B465A285148E4000] -> [2006/11/02 05:13:35 | 00,051,462 | ---- | M] () -- C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnqctl.vbs
[pubprn.vbs : MD5=AB328741766A47CACE8978A24260C51A] -> [2006/11/02 05:13:35 | 00,007,418 | ---- | M] () -- C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\pubprn.vbs
[gatherWiredInfo.vbs : MD5=4599D028A0CA8B54555CF72345940B45] -> [2008/01/20 16:48:38 | 00,012,198 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.0.6001.18000_none_c78aaa4c2be1bd30\gatherWiredInfo.vbs
[gatherWiredInfo.vbs : MD5=4599D028A0CA8B54555CF72345940B45] -> [2008/01/20 16:48:38 | 00,012,198 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.0.6002.18005_none_c97623582903887c\gatherWiredInfo.vbs
[adsutil.vbs : MD5=9652B69927FBA64B582CA6FB5C53B8C8] -> [2006/11/02 05:05:10 | 00,098,133 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_da65086d2f946ff3\adsutil.vbs
[clusftp.vbs : MD5=18DBFEFFB9EE49928B9A712338CA2161] -> [2006/11/02 05:05:11 | 00,004,346 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_da65086d2f946ff3\clusftp.vbs
[clusweb.vbs : MD5=00A7EB49FF5B094D3946A241923B248E] -> [2006/11/02 05:05:10 | 00,004,341 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_da65086d2f946ff3\clusweb.vbs
[IIsExt.vbs : MD5=DEA7216F6BF353030BC7FE18E98CEE99] -> [2006/11/02 05:05:11 | 00,041,401 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_da65086d2f946ff3\IIsExt.vbs
[iisswtch.vbs : MD5=6147127ED9AFBFC853B8978F83724BC2] -> [2008/01/20 16:51:28 | 00,012,796 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_da65086d2f946ff3\iisswtch.vbs
[prncnfg.vbs : MD5=31D7079AF27F244E6AA5B7A7C8FE75F3] -> [2006/11/02 05:13:04 | 00,105,940 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6895397e07c2b2de\prncnfg.vbs
[prndrvr.vbs : MD5=96289191763ACF8E4AB69F622262B15F] -> [2006/11/02 05:13:03 | 00,051,312 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6895397e07c2b2de\prndrvr.vbs
[prnjobs.vbs : MD5=03E9BADC32A52E3CB44E4277803CFFF9] -> [2006/11/02 05:13:03 | 00,069,882 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6895397e07c2b2de\prnjobs.vbs
[prnmngr.vbs : MD5=816213C95FC12D011BF789213E1CC973] -> [2006/11/02 05:13:03 | 00,081,048 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6895397e07c2b2de\prnmngr.vbs
[prnport.vbs : MD5=F7D4D187D8F3490C11F6E4D7AED2B72D] -> [2006/11/02 05:13:04 | 00,056,756 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6895397e07c2b2de\prnport.vbs
[prnqctl.vbs : MD5=C36D1285B62C6739B465A285148E4000] -> [2006/11/02 05:13:04 | 00,051,462 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6895397e07c2b2de\prnqctl.vbs
[pubprn.vbs : MD5=AB328741766A47CACE8978A24260C51A] -> [2006/11/02 05:13:03 | 00,007,418 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6895397e07c2b2de\pubprn.vbs
[slmgr.vbs : MD5=202F0D89E2B265C2E10DC84889D20809] -> [2008/01/20 16:48:26 | 00,080,047 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-s..ity-licensing-tools_31bf3856ad364e35_6.0.6001.18000_none_2168a1f22041b0c1\slmgr.vbs
[winrm.vbs : MD5=628FBD4EF5BD0082C473AB1291F5A46E] -> [2008/01/20 16:49:22 | 00,195,122 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.0.6001.18000_none_268410e365653d8b\winrm.vbs
[winrm.vbs : MD5=628FBD4EF5BD0082C473AB1291F5A46E] -> [2008/01/20 16:49:22 | 00,195,122 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.0.6002.18005_none_286f89ef628708d7\winrm.vbs
[gatherWirelessInfo.vbs : MD5=6FC460B97C3C936CFD4C4B6860A611E6] -> [2009/04/02 09:46:59 | 00,014,827 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_f62a24c4c05a40af\gatherWirelessInfo.vbs
[gatherWirelessInfo.vbs : MD5=6FC460B97C3C936CFD4C4B6860A611E6] -> [2009/04/01 06:31:14 | 00,014,827 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_f6b1991dd979e10d\gatherWirelessInfo.vbs
[gatherWirelessInfo.vbs : MD5=956481EDE95CBF973D0192F980DDA4A6] -> [2008/01/20 16:47:53 | 00,015,181 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18000_none_f862ddd6bd43926e\gatherWirelessInfo.vbs
[gatherWirelessInfo.vbs : MD5=956481EDE95CBF973D0192F980DDA4A6] -> [2008/01/20 16:47:53 | 00,015,181 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_f8146492bd7d36fc\gatherWirelessInfo.vbs
[gatherWirelessInfo.vbs : MD5=956481EDE95CBF973D0192F980DDA4A6] -> [2008/01/20 16:47:53 | 00,015,181 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_f8b3a31bd68a9c0b\gatherWirelessInfo.vbs
[gatherWirelessInfo.vbs : MD5=956481EDE95CBF973D0192F980DDA4A6] -> [2008/01/20 16:47:53 | 00,015,181 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_fa4e56e2ba655dba\gatherWirelessInfo.vbs
[gatherWirelessInfo.vbs : MD5=956481EDE95CBF973D0192F980DDA4A6] -> [2008/01/20 16:47:53 | 00,015,181 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_fa0c7710ba96ec09\gatherWirelessInfo.vbs
[gatherWirelessInfo.vbs : MD5=956481EDE95CBF973D0192F980DDA4A6] -> [2008/01/20 16:47:53 | 00,015,181 | ---- | M] () -- C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_fa8742c7d3c04268\gatherWirelessInfo.vbs
[clusftp.vbs : MD5=18DBFEFFB9EE49928B9A712338CA2161] -> [2006/11/02 05:05:14 | 00,004,346 | ---- | M] () -- C:\Windows\winsxs\wow64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_e4b9b2bf63f531ee\clusftp.vbs
[clusweb.vbs : MD5=00A7EB49FF5B094D3946A241923B248E] -> [2006/11/02 05:05:14 | 00,004,341 | ---- | M] () -- C:\Windows\winsxs\wow64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_e4b9b2bf63f531ee\clusweb.vbs
[IIsExt.vbs : MD5=DEA7216F6BF353030BC7FE18E98CEE99] -> [2006/11/02 05:05:14 | 00,041,401 | ---- | M] () -- C:\Windows\winsxs\wow64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_e4b9b2bf63f531ee\IIsExt.vbs
[iisswtch.vbs : MD5=6147127ED9AFBFC853B8978F83724BC2] -> [2008/01/20 16:51:28 | 00,012,796 | ---- | M] () -- C:\Windows\winsxs\wow64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_e4b9b2bf63f531ee\iisswtch.vbs
[winrm.vbs : MD5=628FBD4EF5BD0082C473AB1291F5A46E] -> [2008/01/20 16:49:55 | 00,195,122 | ---- | M] () -- C:\Windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.0.6001.18000_none_30d8bb3599c5ff86\winrm.vbs
[winrm.vbs : MD5=628FBD4EF5BD0082C473AB1291F5A46E] -> [2008/01/20 16:49:55 | 00,195,122 | ---- | M] () -- C:\Windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.0.6002.18005_none_32c4344196e7cad2\winrm.vbs
[prncnfg.vbs : MD5=31D7079AF27F244E6AA5B7A7C8FE75F3] -> [2006/11/02 05:13:35 | 00,105,940 | ---- | M] () -- C:\Windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0c769dfa4f6541a8\prncnfg.vbs
[prndrvr.vbs : MD5=96289191763ACF8E4AB69F622262B15F] -> [2006/11/02 05:13:35 | 00,051,312 | ---- | M] () -- C:\Windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0c769dfa4f6541a8\prndrvr.vbs
[prnjobs.vbs : MD5=03E9BADC32A52E3CB44E4277803CFFF9] -> [2006/11/02 05:13:35 | 00,069,882 | ---- | M] () -- C:\Windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0c769dfa4f6541a8\prnjobs.vbs
[prnmngr.vbs : MD5=816213C95FC12D011BF789213E1CC973] -> [2006/11/02 05:13:35 | 00,081,048 | ---- | M] () -- C:\Windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0c769dfa4f6541a8\prnmngr.vbs
[prnport.vbs : MD5=F7D4D187D8F3490C11F6E4D7AED2B72D] -> [2006/11/02 05:13:35 | 00,056,756 | ---- | M] () -- C:\Windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0c769dfa4f6541a8\prnport.vbs
[prnqctl.vbs : MD5=C36D1285B62C6739B465A285148E4000] -> [2006/11/02 05:13:35 | 00,051,462 | ---- | M] () -- C:\Windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0c769dfa4f6541a8\prnqctl.vbs
[pubprn.vbs : MD5=AB328741766A47CACE8978A24260C51A] -> [2006/11/02 05:13:35 | 00,007,418 | ---- | M] () -- C:\Windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0c769dfa4f6541a8\pubprn.vbs
[slmgr.vbs : MD5=202F0D89E2B265C2E10DC84889D20809] -> [2008/01/20 16:49:25 | 00,080,047 | ---- | M] () -- C:\Windows\winsxs\x86_microsoft-windows-s..ity-licensing-tools_31bf3856ad364e35_6.0.6001.18000_none_c54a066e67e43f8b\slmgr.vbs

< C:\windows\system32\drivers\*.sys /md5 >
[mbam.sys : MD5=85B75DBE230073C805AD0F0635D6662C] -> [2009/04/06 09:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbam.sys
[mbamswissarmy.sys : MD5=00C4A0992D4EA5520AC12DB4FD11C3E3] -> [2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[pxhelp20.sys : MD5=49452BFCEC22F36A7A9B9C2181BC3042] -> [2008/11/20 09:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\SysWow64\drivers\pxhelp20.sys

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[EventLog.dll : MD5=C2A279A458A06DE2C83D842AA042B5A8] -> [2007/05/17 18:34:04 | 00,007,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[scecli.dll : MD5=9922ADB6DCA8F0F5EA038BEFF339C08B] -> [2009/04/10 21:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[scecli.dll : MD5=8FC182167381E9915651267044105EE1] -> [2009/04/10 20:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9] -> [2008/01/20 16:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\scecli.dll
[scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9] -> [2008/01/20 16:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\scecli.dll
[scecli.dll : MD5=35F1DD99F9903BC267C2AF16B09F9BF7] -> [2008/01/20 16:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9] -> [2008/01/20 16:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[netlogon.dll : MD5=A3F1B171702CA04744EE514243B45BFB] -> [2009/04/10 21:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[netlogon.dll : MD5=95DAECF0FB120A7B5DA679CC54E37DDE] -> [2009/04/10 20:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F] -> [2008/01/20 16:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll
[netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F] -> [2008/01/20 16:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netlogon.dll
[netlogon.dll : MD5=5D0A4891F8CD0E9E64FF57A6A34044F5] -> [2008/01/20 16:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F] -> [2008/01/20 16:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D] -> [2006/11/01 23:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cngaudit.dll
[cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D] -> [2006/11/01 23:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cngaudit.dll
[cngaudit.dll : MD5=21322B1A2AD337C579F4A65EA0D25193] -> [2006/11/02 01:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D] -> [2006/11/01 23:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[nvstor.sys : MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA] -> [2008/01/20 16:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[atapi.sys : MD5=E68D9B3A3905619732F7FE039466A623] -> [2009/04/10 21:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[atapi.sys : MD5=35137384FFB6FB4B4C3063CEB5DB34BE] -> [2008/10/22 21:46:45 | 00,022,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_37d5e5fef5f86cf7\atapi.sys
[atapi.sys : MD5=1898FAE8E07D97F2F6C2D5326C633FAC] -> [2008/01/20 16:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[atapi.sys : MD5=B388797CAAB36D523840347CC6A39B96] -> [2008/10/22 21:46:44 | 00,022,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_398211faf34b271a\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[AGP440.sys : MD5=F6F6793B7F17B550ECFDBD3B229173F7] -> [2008/01/20 16:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[AGP440.sys : MD5=F6F6793B7F17B550ECFDBD3B229173F7] -> [2008/01/20 16:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %TEMP%\*.* >
[2009/11/05 07:06:18 | 00,031,832 | ---- | M] () -- C:\Users\CHAEEU~1\AppData\Local\Temp\Chae Eun.bmp
[2009/11/05 07:06:21 | 00,000,002 | ---- | M] () -- C:\Users\CHAEEU~1\AppData\Local\Temp\ehmsas.txt
[2009/11/05 07:11:42 | 00,000,524 | ---- | M] () -- C:\Users\CHAEEU~1\AppData\Local\Temp\jusched.log
[3 C:\Users\CHAEEU~1\AppData\Local\Temp\*.tmp files]

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Users\All Users\Temp:182E7BAA
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:182E7BAA
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\yoomin.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\Untitled (5).wma.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\merryxmas.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\lookanh.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\jasmine.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\heyasan.wav:TOC.WMV
@Alternate Data Stream - 119 bytes -> C:\Users\All Users\Temp:E80802C7
@Alternate Data Stream - 119 bytes -> C:\Users\All Users\Temp:50D4F48C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E80802C7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:50D4F48C
@Alternate Data Stream - 105 bytes -> C:\Users\All Users\Temp:74D9C82E
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:74D9C82E

========== Files - Unicode (All) ==========
[2009/05/25 08:51:27 | 00,001,863 | ---- | M] ()(C:\Users\Public\Desktop\Audition ? Season 2.lnk) -- C:\Users\Public\Desktop\Audition ľ Season 2.lnk
[2009/05/25 08:51:27 | 00,001,863 | ---- | C] ()(C:\Users\Public\Desktop\Audition ? Season 2.lnk) -- C:\Users\Public\Desktop\Audition ľ Season 2.lnk
< End of report >

#15 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 20,644 posts
  • MVP

Posted 05 November 2009 - 07:32 PM

Hi,
What is this file> Do you recognize it?

C:\Users\Public\Desktop\Audition ? Season 2.lnk

Please do the following:

CKScanner
Download CKScanner by askey127 from Here & save it to your Desktop.
  • Doubleclick CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

Advertisement

    Register to Remove




Similar Topics: [Resolved]áComputer calling me a loser ><;;     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users