Here's the GMER log:GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-06-21 16:08:39
Windows 6.0.6001 Service Pack 1
Running: hpit2mlr.exe; Driver: C:\Users\user\AppData\Local\Temp\pxldapob.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\fastfat \Fat 8C2F3A7A
Device \FileSystem\fastfat \Fat 8C3055F4
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2da874e
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe2da874e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001fe2da874e (not active ControlSet)
---- EOF - GMER 1.0.15 ----
And here's the OTL.txt:OTL logfile created on: 21/6/2010 2:10:34 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.28 Gb Total Space | 79.25 Gb Free Space | 35.98% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.07 Gb Free Space | 20.68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-PC
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
PRC - C:\Program Files\Window Hide Tool\Window Hide Tool.exe (FOMINE SOFTWARE)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\Mozilla Firefox\FirefoxPreloader\FirefoxPreloader.exe (6XGate Incorporated)
========== Modules (SafeList) ========== MOD - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll (SweetIM Technologies Ltd.)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\SweetIM\Messenger\msvcr71.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (NMIndexingService) -- File not found
SRV - (AcronisOSSReinstallSvc) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (vvdsvc) -- C:\Program Files\StarTV\core\najia\vjocx.dll (南京纳加软件有限公司)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
========== Driver Services (SafeList) ========== DRV - (GarenaPEngine) -- C:\Users\user\AppData\Local\Temp\DSI3303.tmp ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (9158CAP) -- C:\Windows\System32\drivers\9158cap.sys (
http://www.9158.com)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.my180.com/Search.htmlIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.my180.com/Search.html IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www1.ap.dell.com/content/default ... l=en&s=genIE - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.baidu.com/index.php?tn=avantcn_dgIE - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\..\URLSearchHook: {1E315374-71A5-471A-B683-4C4ADB5C588B} - C:\Program Files\StarTV\core\pipi\JfCheck.dll (PIPI Tech.)
IE - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.23
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: sidebarBookmarkSelector@alice:2.1
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:4.1.12s
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: {DAD0F81A-CF67-4eed-98D6-26F6E47274CA}:1.4.2
FF - prefs.js..extensions.enabledItems: {1B33E42F-EF14-4cd3-B6DC-174571C4349C}:3.5
FF - prefs.js..extensions.enabledItems:
easelink@ashi.cn:1.0.2.3
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.8.4
FF - prefs.js..extensions.enabledItems: resizeit@sonej:3.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..network.proxy.autoconfig_url: "http://localhost:9000/proxy.pac"
FF - prefs.js..network.proxy.http: "219.93.178.162 "
FF - prefs.js..network.proxy.http_port: 3128
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/16 17:57:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/16 17:57:13 | 000,000,000 | ---D | M]
[2009/06/03 17:41:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2010/06/20 23:56:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions
[2010/06/07 17:38:13 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/24 05:25:47 | 000,000,000 | ---D | M] (Thunder Extension) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
[2010/05/06 16:13:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/18 16:47:42 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/07/01 15:16:40 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}(230)
[2010/05/06 16:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/02/24 12:57:03 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
[2010/01/27 08:42:13 | 000,000,000 | ---D | M] (Tweak Network) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA}
[2010/06/05 05:59:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/27 10:25:53 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010/03/12 18:53:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\easelink@ashi.cn
[2010/04/25 15:32:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\foxyproxy-basic@eric.h.jung-trash
[2010/05/01 01:57:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\resizeit@sonej
[2009/11/10 12:51:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\sidebarBookmarkSelector@alice
[2010/05/22 21:40:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\dlpr6r4t.default\extensions\SkipScreen@SkipScreen
[2009/12/28 17:31:18 | 000,000,938 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\dlpr6r4t.default\searchplugins\facebook.xml
[2009/08/15 20:50:35 | 000,004,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\dlpr6r4t.default\searchplugins\google-images.xml
[2009/08/15 20:49:56 | 000,001,512 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\dlpr6r4t.default\searchplugins\imdb.xml
[2009/06/13 04:25:23 | 000,002,298 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\dlpr6r4t.default\searchplugins\lastfm.xml
[2009/06/03 22:43:26 | 000,004,140 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\dlpr6r4t.default\searchplugins\youtube.xml
[2010/06/20 23:05:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 06:47:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/02/25 10:59:16 | 000,253,952 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\CheckTudouVa.dll
[2010/02/05 14:50:28 | 000,079,664 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) -- C:\Program Files\Mozilla Firefox\components\ThunderComponent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/06/10 22:42:18 | 000,000,789 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WebThunder Browser Helper) - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - Reg Error: Value error. File not found
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Program Files\StarTV\core\pipi\JfCheck.dll (PIPI Tech.)
O2 - BHO: (QvodExtend) - {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} - C:\Program Files\Common Files\System\Extend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (ToolbarBrowserHelper Class) - {D2F8A635-8B0F-47BF-915E-6F456767A300} - C:\Program Files\Thunder Network\MiniThunder\ToolBarNow.dll (深圳市迅雷网络技术有限公司)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Window Hide Tool.lnk = C:\Program Files\Window Hide Tool\Window Hide Tool.exe (FOMINE SOFTWARE)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1087390416-3780635448-2520622250-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: 使用光影编辑和美化 - C:\Program Files\nEO iMAGING\NeoOpenNeo.htm ()
O8 - Extra context menu item: 使用迷你迅雷下载 - C:\Program Files\Thunder Network\MiniThunder\geturl.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85}
http://download.microsoft.com/download/ ... ontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {39B15A4A-8C87-43B7-9859-E98F429DDEBB} - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {AF2C392C-AC67-43E3-9B71-FAAF85C36892} - Reg Error: Value error. File not found
O30 - LSA: Authentication Packages - (C:\Windows\system32\geBqNdbC) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1920e0bf-5f8c-11dd-aac1-001ec9089b10}\Shell\AutoRun\command - "" = MadFona.exe
O33 - MountPoints2\{1920e0bf-5f8c-11dd-aac1-001ec9089b10}\Shell\explore\Command - "" = MadFona.exe
O33 - MountPoints2\{1920e0bf-5f8c-11dd-aac1-001ec9089b10}\Shell\open\Command - "" = MadFona.exe
O33 - MountPoints2\{2e89beaa-0621-11de-bf83-001ec9089b10}\Shell\AutoRun\command - "" = flash.exe D:\
O33 - MountPoints2\{2e89beaa-0621-11de-bf83-001ec9089b10}\Shell\Explore\command - "" = flash.exe D:\
O33 - MountPoints2\{2e89beaa-0621-11de-bf83-001ec9089b10}\Shell\Open\command - "" = flash.exe D:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/06/21 14:08:54 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2010/06/21 00:49:47 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/06/21 00:45:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Template
[2010/06/21 00:35:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/18 22:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/06/18 14:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI
[2010/06/16 18:11:17 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/06/16 18:11:17 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/06/16 18:11:17 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/06/16 18:11:12 | 000,839,680 | ---- | C] (
http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2010/06/16 18:11:12 | 000,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\Windows\System32\divxa32.acm
[2010/06/16 18:11:12 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\mp3fhg.acm
[2010/06/16 18:11:12 | 000,217,088 | ---- | C] (
http://www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010/06/16 18:11:12 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\Windows\System32\huffyuv.dll
[2010/06/16 18:11:11 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2010/06/16 18:11:11 | 000,438,272 | ---- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2010/06/16 18:11:11 | 000,391,680 | ---- | C] (Intel Corporation) -- C:\Windows\System32\I263_32.drv
[2010/06/16 18:11:10 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll
[2010/06/16 18:11:10 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2010/06/16 18:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/06/16 13:39:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\DassaultSystemes
[2010/06/16 13:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes
[2010/06/12 20:04:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Tencent
[2010/06/12 20:03:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PPLive
[2010/06/12 15:39:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PIPI
[2010/06/12 08:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Left 4 Dead 2
[2010/06/11 13:56:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\vlc
[2010/06/11 13:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/06/10 16:25:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/06/10 10:39:31 | 000,000,000 | -H-D | C] -- C:\VJVod_Cache
[2010/06/09 22:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/06/09 19:39:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Media Player Classic
[2010/06/09 13:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2010/06/07 19:44:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2010/06/07 19:44:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/07 19:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/07 19:44:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/07 19:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/07 17:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/06/06 18:03:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\Death_Aboard_II_V1
[2010/06/04 22:18:58 | 000,498,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdoclc.dll
[2010/06/04 22:18:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\tools
[2010/06/04 22:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\StarTV
[2010/06/04 22:18:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\core
[2010/06/04 22:18:19 | 000,066,896 | ---- | C] (ft) -- C:\Windows\System32\FT_ET99_API.dll
[2010/06/03 09:19:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\FastStone
[2010/06/03 09:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\FastStone Image Viewer
[2010/06/03 08:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\FotoSketcher
[2010/06/01 22:46:15 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010/06/01 20:32:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\YCanPDF
[2010/06/01 20:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\PDF OCR
[2010/05/31 20:42:08 | 000,032,768 | ---- | C] (Shine) -- C:\Windows\System32\mydownload.ocx
[2010/05/31 20:42:06 | 000,577,536 | ---- | C] (DivXNetworks, Inc.) -- C:\Windows\System32\divxdec.ax
[2010/05/31 20:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\iToolSoft Software
[2010/05/31 06:29:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/29 18:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\Null DC 1.6
[2010/05/29 06:03:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PPStream
[2010/05/29 06:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\PPS.tv
[2010/05/28 19:55:39 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\AnyBizSoft PDF to PowerPoint
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/06/21 14:10:09 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{81A76683-2D7E-4FFC-996D-F04B3F4A2DC7}.job
[2010/06/21 14:09:58 | 008,388,608 | -HS- | M] () -- C:\Users\user\ntuser.dat
[2010/06/21 14:09:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2010/06/21 14:08:17 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/21 14:08:17 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/21 14:08:17 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/21 14:03:58 | 000,181,067 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/06/21 14:03:58 | 000,181,067 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/06/21 14:03:48 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/21 14:03:38 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/21 14:03:37 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/21 14:03:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/21 14:03:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/21 14:03:27 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/21 06:11:13 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{e9b5cc02-078e-11df-bcf0-001ec9015298}.TMContainer00000000000000000001.regtrans-ms
[2010/06/21 06:11:13 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{e9b5cc02-078e-11df-bcf0-001ec9015298}.TM.blf
[2010/06/21 06:10:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/06/21 06:10:44 | 006,291,456 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db
[2010/06/21 06:10:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/06/21 05:37:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/21 05:09:16 | 000,090,624 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/21 00:45:20 | 000,000,000 | ---- | M] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2010/06/21 00:44:11 | 001,730,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/21 00:42:31 | 000,104,712 | ---- | M] () -- C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/21 00:35:30 | 000,001,075 | ---- | M] () -- C:\Windows\win.ini
[2010/06/20 17:39:29 | 000,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010/06/18 14:45:07 | 000,001,289 | ---- | M] () -- C:\Windows\psnetwork.ini
[2010/06/18 14:45:06 | 000,000,373 | ---- | M] () -- C:\Windows\powerplayer.ini
[2010/06/18 14:38:16 | 1073,741,824 | ---- | M] () -- C:\ppsds.pgf
[2010/06/13 21:07:37 | 000,000,013 | ---- | M] () -- C:\Windows\msgtn.ini
[2010/06/12 20:04:35 | 000,000,087 | ---- | M] () -- C:\Windows\user.ini
[2010/06/10 22:42:18 | 000,000,789 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/09 22:29:06 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010/06/09 14:18:06 | 000,000,221 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/07 17:17:55 | 008,388,608 | -HS- | M] () -- C:\Users\user\ntuser.dat_previous
[2010/06/05 16:38:18 | 000,000,863 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2010/06/04 14:54:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/06/04 03:52:41 | 000,000,019 | ---- | M] () -- C:\Windows\powerlist.ini
[2010/06/03 15:53:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/06/03 15:53:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/06/02 16:00:00 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/06/02 16:00:00 | 000,108,032 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2010/06/02 16:00:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/06/02 16:00:00 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/06/02 16:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010/06/01 22:46:15 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010/05/31 21:05:54 | 000,000,125 | ---- | M] () -- C:\Windows\iToolSoft PPT To Video.ini
[2010/05/31 21:05:54 | 000,000,116 | ---- | M] () -- C:\Windows\pro iToolSoft PPT To Video.ini
[2010/05/31 20:43:11 | 000,000,001 | ---- | M] () -- C:\Windows\System32\iToolSoft PPT To Video.dat
[2010/05/30 13:48:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/05/29 06:05:45 | 000,000,043 | ---- | M] () -- C:\Windows\PPSMediaList.ini
[2010/05/27 19:31:22 | 000,003,892 | ---- | M] () -- C:\Windows\System32\prfcg0804
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/06/21 05:10:49 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010/06/21 00:45:20 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2010/06/16 18:11:14 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/06/16 18:11:12 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2010/06/16 18:11:11 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/16 18:11:11 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/06/16 18:11:10 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/06/16 18:11:10 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010/06/12 20:04:35 | 000,000,087 | ---- | C] () -- C:\Windows\user.ini
[2010/06/10 22:43:16 | 2145,431,552 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/09 13:39:05 | 000,000,221 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/05 16:38:18 | 000,000,863 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2010/06/05 05:48:17 | 1073,741,824 | ---- | C] () -- C:\ppsds.pgf
[2010/06/04 22:18:19 | 000,045,056 | ---- | C] () -- C:\Windows\System32\et99_full.dll
[2010/06/04 12:55:04 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010/06/04 03:52:41 | 000,000,019 | ---- | C] () -- C:\Windows\powerlist.ini
[2010/06/04 03:52:41 | 000,000,013 | ---- | C] () -- C:\Windows\msgtn.ini
[2010/06/04 01:05:49 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ET99_MOD.dll
[2010/06/04 01:05:49 | 000,000,135 | ---- | C] () -- C:\Windows\System32\b.bat
[2010/06/03 21:08:35 | 000,001,289 | ---- | C] () -- C:\Windows\psnetwork.ini
[2010/06/03 12:53:18 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010/06/03 12:53:17 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010/05/31 20:43:10 | 000,000,125 | ---- | C] () -- C:\Windows\iToolSoft PPT To Video.ini
[2010/05/31 20:43:10 | 000,000,116 | ---- | C] () -- C:\Windows\pro iToolSoft PPT To Video.ini
[2010/05/31 20:42:38 | 000,000,001 | ---- | C] () -- C:\Windows\System32\iToolSoft PPT To Video.dat
[2010/05/31 20:42:08 | 000,002,407 | ---- | C] () -- C:\Windows\System32\MSINET.DEP
[2010/05/31 00:39:02 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010/05/30 09:48:28 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010/05/29 06:05:54 | 000,000,373 | ---- | C] () -- C:\Windows\powerplayer.ini
[2010/05/29 06:05:45 | 000,000,043 | ---- | C] () -- C:\Windows\PPSMediaList.ini
[2010/05/27 19:31:22 | 000,003,892 | ---- | C] () -- C:\Windows\System32\prfcg0804
[2010/05/22 22:25:49 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/22 22:25:47 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/18 01:51:29 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/02/15 00:23:05 | 000,114,688 | ---- | C] () -- C:\Windows\9158ADSP.DLL
[2010/02/15 00:23:04 | 000,118,784 | ---- | C] () -- C:\Windows\9158DSP.DLL
[2009/11/01 15:31:01 | 000,000,055 | ---- | C] () -- C:\Windows\WinWSD.INI
[2009/10/15 00:01:23 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/10/07 21:32:22 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/10/04 01:36:01 | 006,021,120 | ---- | C] () -- C:\Windows\System32\common_res.dll
[2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/05/16 21:57:07 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/04/16 21:22:58 | 000,000,675 | ---- | C] () -- C:\Windows\langorig.ini
[2009/04/16 21:21:49 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2009/03/24 17:40:03 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/03/12 15:27:42 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/03/12 15:27:42 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2009/03/12 15:27:42 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/03/12 15:27:42 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/03/12 15:27:42 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/03/12 15:27:42 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/03/12 15:27:42 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/03/12 15:27:42 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/03/12 15:27:42 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2009/03/12 15:27:42 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/03/12 15:27:42 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/03/12 15:27:42 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/03/12 15:27:42 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2009/03/12 15:27:42 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/03/12 15:27:42 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/03/12 15:27:42 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/03/12 15:27:42 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/01/04 03:45:59 | 000,000,028 | ---- | C] () -- C:\Windows\funshionplugin2.INI
[2008/12/31 17:04:42 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2008/12/31 03:32:04 | 000,000,089 | ---- | C] () -- C:\Windows\TeenSpirit.INI
[2008/12/18 19:11:41 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/11/02 17:10:32 | 000,000,241 | ---- | C] () -- C:\Windows\kaillera.ini
[2008/10/26 23:17:18 | 000,307,926 | -HS- | C] () -- C:\Windows\System32\CbdNqBeg.ini2
[2008/10/26 23:17:18 | 000,307,926 | -HS- | C] () -- C:\Windows\System32\CbdNqBeg.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/20 01:22:17 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2008/08/06 14:31:05 | 001,299,730 | -HS- | C] () -- C:\Windows\System32\thfwpdxe.ini
[2008/08/06 13:53:07 | 001,299,730 | -HS- | C] () -- C:\Windows\System32\xdeawwip.ini
[2008/08/05 00:37:48 | 000,000,242 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/04 21:42:35 | 001,301,858 | -HS- | C] () -- C:\Windows\System32\dgntrbje.ini
[2008/08/04 20:25:00 | 000,000,135 | ---- | C] () -- C:\Windows\Mp3CutterJoiner.ini
[2008/07/30 09:05:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/07/29 17:30:24 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/12/30 18:48:38 | 000,000,579 | ---- | C] () -- C:\Windows\powermp3cutterjoiner.ini
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/01/12 11:08:50 | 000,032,768 | ---- | C] () -- C:\Windows\System32\SafeIE.dll
[2003/08/07 14:01:52 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
< End of report >
Finally, here's the Extras log:OTL Extras logfile created on: 21/6/2010 2:10:34 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.28 Gb Total Space | 79.25 Gb Free Space | 35.98% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.07 Gb Free Space | 20.68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-PC
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1087390416-3780635448-2520622250-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Playback] -- "C:\Program Files\TTPlayer\TTPlayer.exe" "%1" (Alen Soft)
Directory [PlayList] -- "C:\Program Files\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Universal Viewer] -- "C:\Program Files\Universal Viewer\Viewer.exe" "@@%1" (UVViewSoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1087390416-3780635448-2520622250-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{787508FE-1085-4D36-A41C-B771E89CA0DB}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{CE296F31-57AD-421A-9E16-C4AD5937F107}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{10479E5C-2EC2-4A70-A816-4B0FF3D90FCD}_is1" = 3D Ebook Cover 1.0
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A6F734D-84CD-4472-877A-A070D76FAE74}_is1" = AnyBizSoft PDF to PowerPoint (Build 2.0.0)
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D122AF9-1E02-4035-8003-334D378C1B62}_is1" = PDF OCR 4.0
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40DA1E98-DA56-46D6-85F8-74EB227D2030}_is1" = 赤道卫星电视
"{44A69352-33DD-405E-ADB8-2D768643BBAE}_is1" = AnyBizSoft PDF to Word (Build 2.5.4)
"{47609E69-4C5E-48B1-A889-24C6B82B5C04}" = Vista Shortcut Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{645DEE8D-9C73-A3EE-A82F-1CF81C81F89C}" = Doomi
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C8748FFB-1713-4e95-B3DF-4F1622D96F93}_is1" = UBitMenu UK
"{C8F4904F-51F4-4312-BE64-FF1D23606E86}_is1" = Sothink Logo Maker
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCDE4A69-0A46-4CF2-93FA-096B60E31059}_is1" = Sublight (1.7.0)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Plus VX
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1" = FotoSketcher 1.96
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google 地球
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Advanced Video FX Engine" = Advanced Video FX Engine
"Animated Wallpaper Maker" = Animated Wallpaper Maker
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CleanMem" = CleanMem
"CleanMem1.3.0" = CleanMem
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Doomi.809F847005C7832B69625A614BB25CA209244440.1" = Doomi
"FastStone Image Viewer" = FastStone Image Viewer 4.2
"Firefox Preloader_is1" = Firefox Preloader
"Game Booster_is1" = Game Booster
"Garena" = Garena
"GoToAssist" = GoToAssist 8.0.0.514
"HD Tune Pro_is1" = HD Tune Pro 3.50
"iToolSoft PPT To Video_is1" = iToolSoft PPT To Video V3.1.1.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.0.4
"Lingoes Translator_is1" = Lingoes 2.6.2
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Cope_is1" = Media Cope 1.0
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MiniThunder3" = 迷你迅雷3
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MyMediaBookmarks_is1" = MyMediaBookmarks
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"Power MP3 Cutter Joiner_is1" = Power MP3 Cutter Joiner 1.12
"PPStream" = PPS影音 V2.6.86.9034 正式版
"RaySource" = RaySource 2.1.10.8366
"ShadowExplorer_is1" = ShadowExplorer 0.4
"Smart Defrag_is1" = Smart Defrag
"Songr" = Songr
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"Total Video Converter 3.12_is1" = Total Video Converter 3.12 080330
"TTPlayer" = 千千静听 5.6正式版
"TVUPlayer" = TVUPlayer 2.4.8.2
"Universal Viewer" = Universal Viewer
"Unlocker" = Unlocker 1.8.7
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"Window Hide Tool_is1" = Window Hide Tool 2.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winning Eleven 9_is1" = Winning Eleven 9
"WinRAR archiver" = WinRAR archiver
"光影魔术手_is1" = 光影魔术手 3.1.2.101
"流星网络电视_is1" = 流星网络电视2.71.1
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1087390416-3780635448-2520622250-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 3/7/2009 1:05:24 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 4/7/2009 10:07:38 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 4/7/2009 11:15:01 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 5/7/2009 4:05:38 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 5/7/2009 4:42:55 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 5/7/2009 9:28:45 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/7/2009 3:50:26 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/7/2009 2:30:46 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/7/2009 1:29:55 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/7/2009 8:10:07 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application nfs.exe, version 1.0.0.1, time stamp 0x4903d933,
faulting module nfs.exe, version 1.0.0.1, time stamp 0x4903d933, exception code
0xc0000005, fault offset 0x00357dd9, process id 0xeb0, application start time 0x01c9fef821c82880.
[ Broadcom Wireless LAN Events ]
Error - 24/2/2010 12:40:20 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 12:40:20, Wed, Feb 24, 10 Error - Unable to set country code, setting
code "ZZ" for an unknown region
Error - 24/2/2010 3:39:02 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 15:39:02, Wed, Feb 24, 10 Error - Unable to set country code, setting
code "ZZ" for an unknown region
Error - 24/2/2010 11:57:03 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 23:57:03, Wed, Feb 24, 10 Error - Unable to set country code, setting
code "ZZ" for an unknown region
Error - 25/2/2010 2:46:16 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 14:46:16, Thu, Feb 25, 10 Error - Unable to set country code, setting
code "ZZ" for an unknown region
Error - 26/2/2010 2:33:02 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 14:33:02, Fri, Feb 26, 10 Error - Unable to set country code, setting
code "ZZ" for an unknown region
Error - 28/2/2010 4:35:08 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 16:35:08, Sun, Feb 28, 10 Error - Unable to gain access to user store
Error - 11/5/2010 8:00:26 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 20:00:25, Tue, May 11, 10 Error - Unable to gain access to user store
Error - 12/5/2010 12:20:01 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 12:20:01, Wed, May 12, 10 Error - Unable to set country code, setting
code "ZZ" for an unknown region
Error - 7/6/2010 3:08:00 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 15:07:59, Mon, Jun 07, 10 Error - Unable to gain access to user store
Error - 20/6/2010 11:54:34 AM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 23:54:33, Sun, Jun 20, 10 Error - Unable to gain access to user store
[ Media Center Events ]
Error - 19/5/2010 10:03:22 AM | Computer Name = user-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
[ System Events ]
Error - 21/6/2010 2:03:25 AM | Computer Name = user-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 21/6/2010 2:03:31 AM | Computer Name = user-PC | Source = HTTP | ID = 15016
Description =
Error - 21/6/2010 2:05:10 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21/6/2010 2:05:10 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21/6/2010 2:05:10 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21/6/2010 2:05:10 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21/6/2010 2:05:10 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21/6/2010 2:05:10 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21/6/2010 2:05:10 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21/6/2010 2:05:10 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
[ TuneUp Events ]
Error - 14/4/2009 9:43:47 AM | Computer Name = user-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 14/4/2009 10:55:08 AM | Computer Name = user-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 14/4/2009 10:55:25 PM | Computer Name = user-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 14/4/2009 10:57:25 PM | Computer Name = user-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 15/4/2009 1:17:27 AM | Computer Name = user-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 16/4/2009 2:51:57 AM | Computer Name = user-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 16/4/2009 10:16:00 AM | Computer Name = user-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 22/5/2009 3:23:06 AM | Computer Name = user-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
< End of report >