Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Uknown Infection


  • This topic is locked This topic is locked
12 replies to this topic

#1 Michael_SB

Michael_SB

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 29 September 2010 - 04:30 AM

Help! Subject of unknown virus attack trying to run software on my computer.

I got some unknown infection which produced the above messages this morning, when trying to play music files I'd received from a friend.




Malware Bytes didn't get any results.

I then found firefox had an unrequested add-on, called XUL runner, which I couldn't disable except in safe mode, and couldn't uninstall without deleting a registry entry. Those are now gone.

Sophos got the following:



I can't do a GMER scan however, as I'm using Win 7 64-bit Ultimate. DDS log is below, and ATTACH.txt is attached.

DDS (Ver_10-03-17.01) - NTFSX64
Run by Xuyuan at 9:55:16.30 on 29/09/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.950.886.1033.18.3838.925 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Inventec\Dreye\DreyeMT\DreyeIMplugin.exe
C:\Windows\Xerox\PanelMgr\SSMMgr.exe
C:\Windows\Xerox\PanelMgr\caller64.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Inventec\Dreye\Dreye.exe
C:\Program Files (x86)\Inventec\Dreye\Peadict\Dict.exe
C:\Program Files (x86)\Inventec\Dreye\PeaDict\Api\DreyeEng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\explorer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sargui.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\conhost.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\perfmon.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\regedit.exe
C:\Users\Xuyuan\Desktop\Virus Softwares\ATF-Cleaner.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Xuyuan\Desktop\Virus Softwares\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
uDefault_Page_URL = hxxp://www.bing.com
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files (x86)\sensible vision\fast access\FAIESSO.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: Dr.eye WebPage Translation: {92b255fe-94e2-4bca-958d-3926ce38913f} - c:\program files (x86)\inventec\dreye\dreyemt\DreyeIEBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Skype] "c:\program files (x86)\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
uRun: [AnyDVD] c:\program files (x86)\slysoft\anydvd\AnyDVD.exe
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
uRun: [ISUSPM Startup] c:\progra~2\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [FaultrepDataCollectionInProc] regsvr32 /s /u "c:\users\xuyuan\appdata\local\faultrepdatacollectioninproc\FaultrepDataCollectionInProc.dll"
mRun: [FAStartup]
mRun: [dellsupportcenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IME14 CHT Setup] c:\progra~2\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /CHT /Log
mRun: [IME14 JPN Setup] c:\progra~2\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /JPN /Log
mRun: [IME14 KOR Setup] c:\progra~2\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /KOR /Log
mRun: [IME14 CHS Setup] c:\progra~2\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /CHS /Log
mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [ISUSScheduler] "c:\program files (x86)\common files\installshield\updateservice\issch.exe" -start
mRun: [IMDreyePlugin] "c:\program files (x86)\inventec\dreye\dreyemt\DreyeIMplugin.exe" /h
mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe"
mRun: [Xerox PanelMgr] c:\windows\xerox\panelmgr\SSMMgr.exe /autorun
mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe
StartupFolder: c:\users\xuyuan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {612F6E5C-B314-4bab-93D1-D266AAFBE700} - c:\program files (x86)\xmlbar\youku downloader\YoukuDownloader(xmlbar).exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: 94F454C49424 = 168.95.1.1,192.168.4.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: FastAccess - c:\program files (x86)\sensible vision\fast access\FALogNot.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~1\office14\GROOVEEX.DLL
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun-x64: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun-x64: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun-x64: [IME14 CHT Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /CHT /Log
mRun-x64: [IME14 JPN Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /JPN /Log
mRun-x64: [IME14 KOR Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /KOR /Log
mRun-x64: [IME14 CHS Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /CHS /Log
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
AppInit_DLLs-X64: acaptuser64.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\xuyuan\appdata\roaming\mozilla\firefox\profiles\409nch2r.default\
FF - prefs.js: network.proxy.http - 195.37.16.152
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~2\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files (x86)\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 bftpdskc64;BUFFALO TurboPC Cache Filter;c:\windows\system32\drivers\bftpdskc64.sys [2010-9-21 67712]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-26 69152]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-1-22 55280]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\common files\microsoft shared\ime14\shared\IMEDICTUPDATE.EXE [2010-1-20 83312]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355928]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2010-1-22 689472]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files (x86)\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
R3 bautpw64;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautpw64.sys [2010-9-21 16000]
R3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\drivers\bcmvwl64.sys [2010-7-29 20984]
R3 bftpusbx64;BUFFALO TurboPC USB Filter;c:\windows\system32\drivers\bftpusbx64.sys [2010-9-21 20608]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-22 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-1-22 172704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-23 132656]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-7-13 69736]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\lavasoft\ad-aware\kernexplorer64.sys [2010-8-12 16928]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-1-22 84512]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 17920]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2010-8-21 25832]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-25 238848]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-2-15 61280]
S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2009-8-6 704864]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A20E.tmp [2010-9-29 6144]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 51456888]
S3 ose64;Office 64 Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2010-1-9 174440]
S3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~2\dellsu~1\hwdiag\bin\PCD5SRVC_x64.pkms [2008-11-5 28152]
S3 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\dell\dellcomms\bin\sprtsvc.exe [2009-5-5 206064]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-1 1255736]
S4 McProxy;McAfee Proxy Service;c:\program files (x86)\common files\mcafee\mcproxy\McProxy.exe [2010-1-22 359952]

=============== Created Last 30 ================

2010-09-29 01:13:28 6144 ------w- c:\windows\system32\A20E.tmp
2010-09-29 01:12:24 6144 ------w- c:\windows\system32\A8F0.tmp
2010-09-28 13:32:20 0 dc----w- c:\users\xuyuan\Citrix
2010-09-27 08:35:36 6144 ------w- c:\windows\system32\A98F.tmp
2010-09-27 08:33:28 6144 ------w- c:\windows\system32\B84D.tmp
2010-09-27 08:32:27 0 d-----w- c:\program files (x86)\Sophos
2010-09-26 22:45:23 0 d-----w- c:\program files (x86)\Trend Micro
2010-09-26 11:59:34 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-26 11:52:26 0 dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-26 11:51:56 0 d-----w- c:\programdata\Lavasoft
2010-09-26 11:51:56 0 d-----w- c:\program files (x86)\Lavasoft
2010-09-26 11:36:23 35552200 ----a-w- c:\windows\syswow64\MRT.exe
2010-09-24 08:56:20 0 d-----w- c:\users\xuyuan\appdata\roaming\TeamViewer
2010-09-24 07:32:21 5120 ----a-w- c:\users\xuyuan\appdata\roaming\409nch2r.default.dat
2010-09-24 05:31:49 0 d-----w- c:\users\xuyuan\appdata\roaming\Malwarebytes
2010-09-24 05:31:39 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-24 05:31:39 0 d-----w- c:\programdata\Malwarebytes
2010-09-24 05:31:39 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-09-24 01:45:19 0 d-----w- c:\users\xuyuan\appdata\roaming\UAs
2010-09-23 22:30:41 0 d-----w- c:\users\xuyuan\appdata\roaming\xmldm
2010-09-23 13:06:58 0 d-----w- c:\programdata\Ultralingua7
2010-09-23 13:06:49 0 d-----w- c:\program files (x86)\Ultralingua
2010-09-21 13:30:11 67712 ----a-w- c:\windows\system32\drivers\bftpdskc64.sys
2010-09-21 13:30:11 20608 ----a-w- c:\windows\system32\drivers\bftpusbx64.sys
2010-09-21 13:30:10 382328 ----a-w- c:\windows\UN091111.EXE
2010-09-21 13:30:10 14064 ----a-w- c:\windows\UN091111.INI
2010-09-21 13:29:50 390520 ----a-w- c:\windows\UN091114.EXE
2010-09-21 13:29:50 11878 ----a-w- c:\windows\UN091114.INI
2010-09-21 13:26:42 16000 ----a-w- c:\windows\system32\drivers\bautpw64.sys
2010-09-21 13:26:41 382328 ----a-w- c:\windows\UN080616.EXE
2010-09-21 13:26:41 12049 ----a-w- c:\windows\UN080616.INI
2010-09-21 13:26:39 0 d-----w- c:\program files (x86)\BUFFALO
2010-09-16 08:31:37 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
2010-09-15 12:32:35 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-11 00:27:41 294912 ----a-w- c:\windows\system32\browserchoice.exe
2010-09-02 05:37:49 0 d-----w- C:\Temp
2010-08-31 13:48:53 0 d-----w- c:\program files (x86)\Aspyr

==================== Find3M ====================

2010-09-28 19:36:29 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-09-26 12:01:38 57752 ----a-w- c:\windows\syswow64\rpcnet.dll
2010-08-21 16:07:12 855 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2010-08-21 16:07:12 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2010-08-21 16:07:12 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2010-08-02 19:49:09 13160 ----a-w- c:\windows\syswow64\Upgrd.exe
2010-08-02 19:49:02 57752 ------w- c:\windows\syswow64\rpcnet.exe
2010-08-02 19:46:07 17408 ----a-w- c:\windows\syswow64\rpcnetp.dll
2010-08-02 19:45:38 17408 ----a-w- c:\windows\syswow64\rpcnetp.exe
2010-07-29 07:56:19 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-22 04:22:38 75 --sha-r- c:\windows\CT4CET.bin
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 9:56:00.33 ===============

While backing up with Cobian (as per forum recommendations - I know, I'm backing up an infected hard drive, but I'll redo the back up once clean), I came across the following error:

ERR 2010-09-29 11:16 An error occurred while compressing the file "GLOBALROOT\Device\HarddiskVolumeShadowCopy24\hiberfil.sys": Cannot open file "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy24\hiberfil.sys" - Native error: 00033

Also, here is the Hijack This log. I notice people don't use hijack this anymore, why's that?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:37:02, on 29/09/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Inventec\Dreye\DreyeMT\DreyeIMplugin.exe
C:\Windows\Xerox\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files (x86)\Inventec\Dreye\Dreye.exe
C:\Program Files (x86)\Inventec\Dreye\Peadict\Dict.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sargui.exe
C:\Program Files (x86)\Cobian Backup 10\Cobian.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files (x86)\Inventec\Dreye\DreyeMT\DreyeIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
O4 - HKLM\..\Run: [IME14 JPN Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log
O4 - HKLM\..\Run: [IME14 KOR Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /KOR /Log
O4 - HKLM\..\Run: [IME14 CHS Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHS /Log
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMDreyePlugin] "C:\Program Files (x86)\Inventec\Dreye\DreyeMT\DreyeIMplugin.exe" /h
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Xerox PanelMgr] C:\Windows\Xerox\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [FaultrepDataCollectionInProc] regsvr32 /s /u "C:\Users\Xuyuan\AppData\Local\FaultrepDataCollectionInProc\FaultrepDataCollectionInProc.dll"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Run YoukuDownloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\Youku Downloader\YoukuDownloader(xmlbar).exe (file missing)
O9 - Extra 'Tools' menuitem: Youku Downloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\Youku Downloader\YoukuDownloader(xmlbar).exe (file missing)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellComms) (sprtsvc_DellComms) - SupportSoft, Inc. - C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 15377 bytes

Attached Files


Edited by hamluis, 29 September 2010 - 03:56 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 03 October 2010 - 02:50 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
    1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Vista and Win 7 Users please Right Click and run as Admin all programs that I ask you to run

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the OTL.Txt into this topic and please attach the Extras.Txt.


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Michael_SB

Michael_SB
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 08 October 2010 - 01:45 AM

Hi Gringo;

Have posted repeatedly the past 24 hrs, and keep getting the following response:

Request Entity Too Large
The requested resource
/forums/index.php
does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit.

Can't seem to post with the attachments. Any suggestions?

Attached Files


Edited by Michael_SB, 08 October 2010 - 01:46 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 08 October 2010 - 01:51 AM

hello

upload it here - http://www.mediafire.com/ and send me the link


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 10 October 2010 - 11:27 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Michael_SB

Michael_SB
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 13 October 2010 - 07:49 AM

Hi Gringo;

My apologies, I've been travelling in the hinterlands of Eastern Europe without internet access, which is why I've been so sporadic. Back now.

File uploaded, thanks for the reference to this site. Here are the links:

http://www.mediafire.com/?8avakp2rfx7cja5
http://www.mediafire.com/?apqcrdblg15rorr




#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 13 October 2010 - 12:02 PM

OTL logfile created on: 13/10/2010 14:08:07 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Xuyuan\Desktop\Virus Softwares\Second Attack
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 246.79 Gb Total Space | 81.90 Gb Free Space | 33.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 204.28 Gb Total Space | 114.70 Gb Free Space | 56.15% Space Free | Partition Type: NTFS
Drive F: | 3.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 555.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
Drive I: | 931.51 Gb Total Space | 356.82 Gb Free Space | 38.31% Space Free | Partition Type: NTFS
Drive J: | 465.65 Gb Total Space | 146.87 Gb Free Space | 31.54% Space Free | Partition Type: FAT32
Drive K: | 465.65 Gb Total Space | 103.74 Gb Free Space | 22.28% Space Free | Partition Type: FAT32
Drive L: | 7.41 Gb Total Space | 5.39 Gb Free Space | 72.68% Space Free | Partition Type: FAT32

Computer Name: LAPPIE
Current User Name: Xuyuan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/07 12:38:18 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Xuyuan\Desktop\Virus Softwares\Second Attack\OTL.exe
PRC - [2010/09/29 14:32:03 | 000,913,032 | ---- | M] (Lavasoft ) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
PRC - [2010/09/15 01:02:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/15 01:02:44 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/05 19:37:14 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/09/02 23:17:40 | 001,853,248 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/08/20 22:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/08/02 21:49:02 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2010/07/21 17:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2010/05/26 07:51:22 | 008,800,768 | ---- | M] (Thomson Reuters) -- C:\Program Files (x86)\EndNote X4\EndNote.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/01/22 07:33:05 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/09/17 12:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 12:55:12 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2009/07/14 03:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exe
PRC - [2009/07/08 14:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 14:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/06/09 18:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 02:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/19 19:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/17 07:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/09/24 08:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/16 14:17:12 | 000,968,704 | ---- | M] () -- C:\Program Files (x86)\WinRAR\WinRAR.exe
PRC - [2008/06/11 16:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/11/04 23:02:06 | 001,600,448 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
PRC - [2007/04/18 09:11:46 | 000,200,704 | ---- | M] (Inventec Online) -- C:\Program Files (x86)\Inventec\Dreye\Dreye.exe
PRC - [2007/03/20 13:42:12 | 000,368,640 | ---- | M] (Inventect Group) -- C:\Program Files (x86)\Inventec\Dreye\Peadict\dict.exe
PRC - [2007/02/24 12:10:08 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Inventec\Dreye\DreyeMT\DreyeIMplugin.exe
PRC - [2005/02/17 01:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/10/07 12:38:18 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Xuyuan\Desktop\Virus Softwares\Second Attack\OTL.exe
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 04:41:00 | 051,456,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV:64bit: - [2010/01/20 19:36:32 | 000,083,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE -- (ImeDictUpdateService)
SRV:64bit: - [2010/01/09 15:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV:64bit: - [2010/01/07 23:24:16 | 000,470,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/01/07 23:24:06 | 007,700,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/12/16 16:10:06 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/08/18 20:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/02 02:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/29 06:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 18:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/09/29 14:31:56 | 001,356,952 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/08/20 22:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/08/16 18:51:34 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/02 21:49:02 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/01/22 06:05:37 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/09/17 12:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 12:37:56 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 11:22:16 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/08/06 06:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/26 00:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/13 06:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 14:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 14:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/05/19 19:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/05 13:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms)
SRV - [2009/04/09 17:46:14 | 000,359,952 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/17 07:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/24 08:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\DgiVecp.sys -- (DgiVecp)
DRV:64bit: - [2010/08/21 18:07:12 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/08/12 14:15:20 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/07/29 21:41:58 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/13 03:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\E400.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/01/18 11:14:06 | 000,020,608 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bftpusbx64.sys -- (bftpusbx64)
DRV:64bit: - [2010/01/07 13:07:02 | 000,067,712 | ---- | M] (BUFFALO INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\bftpdskc64.sys -- (bftpdskc64)
DRV:64bit: - [2009/12/16 16:10:04 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/12/16 16:10:00 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/16 15:16:18 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2009/10/10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/09/23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/08/25 14:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/08/25 14:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2009/08/25 14:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/21 07:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/08/06 07:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 02:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2009/07/14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/10 19:12:32 | 000,016,000 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bautpw64.sys -- (bautpw64)
DRV:64bit: - [2009/07/09 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/02 16:41:04 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/02 16:41:04 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/02 16:41:04 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/02 16:41:02 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/07/01 06:20:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/06/29 06:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/26 06:23:30 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/25 11:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 10:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 10:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/15 21:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/09 20:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2008/09/25 04:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2007/10/30 16:11:32 | 000,110,016 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2007/08/07 21:48:37 | 000,032,712 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2006/11/01 20:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/09/29 10:00:00 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101012.001\EX64.SYS -- (NAVEX15)
DRV - [2010/09/29 10:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101012.001\ENG64.SYS -- (NAVENG)
DRV - [2010/08/19 02:30:56 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/08/19 02:30:56 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009/08/25 14:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/08/25 14:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/08/25 14:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2008/11/05 01:16:40 | 000,028,152 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcd5srvc_x64.pkms -- (PCD5SRVC{048DBD20-445E8C82-05040104})
DRV - [2007/10/30 16:11:32 | 000,110,016 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:8080

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.8.7
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.0
FF - prefs.js..extensions.enabledItems: SQLiteManager@mrinalkant.blogspot.com:0.6.2
FF - prefs.js..extensions.enabledItems: {BB080420-8088-F650-3D47-13799CCD6159}:1.33
FF - prefs.js..network.proxy.http: " 195.37.16.152"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/24 11:23:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/13 11:24:12 | 000,000,000 | ---D | M]

[2010/07/29 09:33:43 | 000,000,000 | ---D | M] -- C:\Users\Xuyuan\AppData\Roaming\Mozilla\Extensions
[2010/10/09 21:25:45 | 000,000,000 | ---D | M] -- C:\Users\Xuyuan\AppData\Roaming\Mozilla\Firefox\Profiles\409nch2r.default\extensions
[2010/08/08 18:33:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Xuyuan\AppData\Roaming\Mozilla\Firefox\Profiles\409nch2r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/01 19:58:56 | 000,000,000 | ---D | M] (Multiproxy Switch) -- C:\Users\Xuyuan\AppData\Roaming\Mozilla\Firefox\Profiles\409nch2r.default\extensions\{BB080420-8088-F650-3D47-13799CCD6159}
[2010/08/16 05:13:54 | 000,000,000 | ---D | M] (UnMHT) -- C:\Users\Xuyuan\AppData\Roaming\Mozilla\Firefox\Profiles\409nch2r.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2010/09/26 12:32:35 | 000,000,000 | ---D | M] -- C:\Users\Xuyuan\AppData\Roaming\Mozilla\Firefox\Profiles\409nch2r.default\extensions\foxmarks@kei.com
[2010/09/26 12:32:36 | 000,000,000 | ---D | M] -- C:\Users\Xuyuan\AppData\Roaming\Mozilla\Firefox\Profiles\409nch2r.default\extensions\SQLiteManager@mrinalkant.blogspot.com
[2010/09/30 22:22:08 | 000,002,554 | ---- | M] () -- C:\Users\Xuyuan\AppData\Roaming\Mozilla\Firefox\Profiles\409nch2r.default\searchplugins\amazon-com.xml
[2010/08/15 17:49:53 | 000,001,679 | ---- | M] () -- C:\Users\Xuyuan\AppData\Roaming\Mozilla\Firefox\Profiles\409nch2r.default\searchplugins\thepiratebayorg.xml
[2010/09/24 11:23:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/16 03:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2004/11/04 10:56:50 | 001,482,752 | ---- | M] (LizardTech) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll
[2010/09/14 23:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 23:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 23:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 23:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/29 18:07:39 | 000,420,665 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14505 more lines...
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Dr.eye WebPage Translation) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files (x86)\Inventec\Dreye\DreyeMT\DreyeIEBar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [IME14 CHS Setup] C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IME14 CHT Setup] C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IME14 JPN Setup] C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IME14 KOR Setup] C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [IMDreyePlugin] C:\Program Files (x86)\Inventec\Dreye\DreyeMT\DreyeIMplugin.exe ()
O4 - HKLM..\Run: [IME14 CHS Setup] C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IME14 CHT Setup] C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IME14 JPN Setup] C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IME14 KOR Setup] C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Xerox PanelMgr] C:\Windows\Xerox\PanelMgr\SSMMgr.exe ()
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [FaultrepDataCollectionInProc] File not found
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Xuyuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: English<->German - C:\Program Files (x86)\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-German) for Windows\Plugins\IE.HTM ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: English<->German - C:\Program Files (x86)\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-German) for Windows\Plugins\IE.HTM ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Run YoukuDownloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\Youku Downloader\YoukuDownloader(xmlbar).exe File not found
O9 - Extra 'Tools' menuitem : Youku Downloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\Youku Downloader\YoukuDownloader(xmlbar).exe File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: English<->German - {9A64FC4B-7139-594F-BB95-62943D7D7F03} - C:\Program Files (x86)\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-German) for Windows\Plugins\IE.HTM ()
O9 - Extra 'Tools' menuitem : English<->German - {9A64FC4B-7139-594F-BB95-62943D7D7F03} - C:\Program Files (x86)\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-German) for Windows\Plugins\IE.HTM ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20 - Winlogon\Notify\FastAccess: DllName - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/02 21:21:51 | 000,000,051 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/11/03 04:17:14 | 000,000,035 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3d8b4fd4-1ce6-11df-8e07-c417fe36ac6a}\Shell - "" = AutoRun
O33 - MountPoints2\{3d8b4fd4-1ce6-11df-8e07-c417fe36ac6a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{483a761e-1808-11df-b8d5-701a049c7437}\Shell - "" = AutoRun
O33 - MountPoints2\{483a761e-1808-11df-b8d5-701a049c7437}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9397b43d-cc31-11df-8bcf-d51af3a0fd6b}\Shell - "" = AutoRun
O33 - MountPoints2\{9397b43d-cc31-11df-8bcf-d51af3a0fd6b}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{cc867070-1cc2-11df-b93f-0026b91f220b}\Shell - "" = AutoRun
O33 - MountPoints2\{cc867070-1cc2-11df-b93f-0026b91f220b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\SysWow64\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\SysWow64\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\SysWow64\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\Windows\SysWow64\mcdvd_32.dll (MainConcept)
Drivers32: vidc.mp42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: Symantec Antvirus - Service
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: Symantec Antvirus - Service
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmcService - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX:64bit: >{F45B1CA9-3859-4215-B5F1-9528F743664E} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/13 12:46:27 | 000,000,000 | ---D | C] -- E:\My Documents\EndNote
[2010/10/13 11:23:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/06 10:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orange Internet
[2010/10/02 10:47:37 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\Ectaco
[2010/10/02 10:47:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LingvoSoft
[2010/09/30 03:08:08 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/09/29 22:48:51 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2010/09/29 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/29 17:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/09/29 10:37:24 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Safe mirror
[2010/09/29 10:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 10
[2010/09/28 15:32:20 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\Citrix
[2010/09/27 10:32:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/09/27 00:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/26 13:59:34 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/09/26 13:54:30 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Sunbelt Software
[2010/09/26 13:52:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/26 13:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/09/26 13:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/09/24 11:40:22 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\Desktop\Virus Softwares
[2010/09/24 10:56:20 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\TeamViewer
[2010/09/24 07:31:49 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\Malwarebytes
[2010/09/24 07:31:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/24 07:31:39 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/24 07:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/24 07:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/24 03:45:19 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\UAs
[2010/09/24 00:30:41 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\xmldm
[2010/09/24 00:24:54 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/23 15:07:09 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Ultralingua7
[2010/09/23 15:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultralingua7
[2010/09/23 15:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ultralingua
[2010/09/23 15:06:38 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\FaultrepDataCollectionInProc
[2010/09/21 15:30:11 | 000,067,712 | ---- | C] (BUFFALO INC.) -- C:\Windows\SysNative\drivers\bftpdskc64.sys
[2010/09/21 15:30:11 | 000,020,608 | ---- | C] (BUFFALO INC.) -- C:\Windows\SysNative\drivers\bftpusbx64.sys
[2010/09/21 15:30:10 | 000,382,328 | ---- | C] (BUFFALO INC.) -- C:\Windows\UN091111.EXE
[2010/09/21 15:29:50 | 000,390,520 | ---- | C] (BUFFALO INC.) -- C:\Windows\UN091114.EXE
[2010/09/21 15:26:42 | 000,016,000 | ---- | C] (BUFFALO INC.) -- C:\Windows\SysNative\drivers\bautpw64.sys
[2010/09/21 15:26:41 | 000,382,328 | ---- | C] (BUFFALO INC.) -- C:\Windows\UN080616.EXE
[2010/09/21 15:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BUFFALO
[2010/09/02 07:37:49 | 000,000,000 | ---D | C] -- C:\Temp
[2010/08/31 16:55:24 | 000,000,000 | ---D | C] -- E:\My Documents\Aspyr
[2010/08/31 15:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aspyr
[2010/08/31 15:41:03 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Aspyr
[2010/08/25 01:11:26 | 000,000,000 | ---D | C] -- E:\My Documents\Video Clips
[2010/08/24 21:10:36 | 000,000,000 | ---D | C] -- C:\Windows\Xerox
[2010/08/21 18:08:36 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Symantec
[2010/08/21 18:07:03 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/08/21 18:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/08/21 18:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/08/21 18:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/08/21 18:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/08/21 18:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2010/08/21 17:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dragon Age
[2010/08/21 17:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010/08/21 09:17:26 | 000,434,176 | ---- | C] (IES) -- C:\Windows\SysWow64\DreyeJP.ime
[2010/08/21 09:17:26 | 000,421,888 | ---- | C] (IES) -- C:\Windows\SysWow64\DreyeSC.ime
[2010/08/21 09:17:26 | 000,413,696 | ---- | C] (IES) -- C:\Windows\SysWow64\DreyeTC.ime
[2010/08/21 09:16:59 | 000,281,088 | ---- | C] (富士通株式会社) -- C:\Windows\SysWow64\F5BkLng.dll
[2010/08/21 09:16:59 | 000,080,384 | ---- | C] (富士通株式会社) -- C:\Windows\SysWow64\F5BkTts.dll
[2010/08/21 09:16:59 | 000,072,704 | ---- | C] (富士通株式会社) -- C:\Windows\SysWow64\F5BkSyn.dll
[2010/08/21 09:16:59 | 000,055,808 | ---- | C] (富士通株式会社) -- C:\Windows\SysWow64\F5BkOdg.dll
[2010/08/21 09:16:59 | 000,045,056 | ---- | C] (富士通株式会社) -- C:\Windows\SysWow64\F5BkTem.dll
[2010/08/19 16:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2010/08/19 16:21:51 | 000,000,000 | ---D | C] -- E:\My Documents\BioWare
[2010/08/19 16:19:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2010/08/19 16:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2010/08/19 16:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/08/19 16:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010/08/19 05:43:55 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\xrxo3ci.dll
[2010/08/19 05:43:53 | 000,151,552 | ---- | C] (SS) -- C:\Windows\SysNative\xrxo3ci.exe
[2010/08/19 05:43:52 | 000,000,000 | ---D | C] -- C:\Windows\DRIVERS
[2010/08/19 05:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xerox
[2010/08/17 20:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LucasArts
[2010/08/17 13:21:40 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\WinRAR
[2010/08/17 13:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/08/16 18:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/08/16 18:51:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010/08/16 18:51:08 | 000,000,000 | R--D | C] -- C:\Users\Xuyuan\My Documents
[2010/08/16 14:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/08/16 06:35:35 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\dtSearch
[2010/08/16 06:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dtSearch
[2010/08/16 03:42:18 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Exalead
[2010/08/16 03:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exalead
[2010/08/16 02:36:37 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Google
[2010/08/16 02:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/08/16 01:57:33 | 000,000,000 | R--D | C] -- C:\Users\Xuyuan\Favorites
[2010/08/15 19:11:10 | 000,000,000 | R--D | C] -- E:\My Documents\My Stationery
[2010/08/15 19:11:10 | 000,000,000 | ---D | C] -- E:\My Documents\OJOsoft Corporation
[2010/08/15 19:11:10 | 000,000,000 | ---D | C] -- E:\My Documents\Dell WebCam Central
[2010/08/15 19:11:10 | 000,000,000 | ---D | C] -- E:\My Documents\Bluetooth Exchange Folder
[2010/08/15 19:11:10 | 000,000,000 | ---D | C] -- E:\My Documents\AnyDVDHD
[2010/08/15 18:44:32 | 000,000,000 | ---D | C] -- E:\My Documents\Video
[2010/08/15 18:44:32 | 000,000,000 | ---D | C] -- E:\My Documents\My Google Gadgets
[2010/08/15 18:44:31 | 000,000,000 | ---D | C] -- E:\My Documents\Printing
[2010/08/15 18:44:31 | 000,000,000 | ---D | C] -- E:\My Documents\Planning
[2010/08/15 18:44:31 | 000,000,000 | ---D | C] -- E:\My Documents\Anthropology
[2010/08/15 18:44:30 | 000,000,000 | ---D | C] -- E:\My Documents\Telltale Games
[2010/08/15 18:44:27 | 000,000,000 | ---D | C] -- E:\My Documents\Podcasts
[2010/08/15 18:44:26 | 000,000,000 | ---D | C] -- E:\My Documents\My Dropbox
[2010/08/15 18:44:17 | 000,000,000 | ---D | C] -- E:\My Documents\Journal Texts
[2010/08/15 18:44:16 | 000,000,000 | ---D | C] -- E:\My Documents\IASTAM
[2010/08/15 18:44:16 | 000,000,000 | ---D | C] -- E:\My Documents\Groove Workspace Templates
[2010/08/15 18:44:15 | 000,000,000 | ---D | C] -- E:\My Documents\Grants
[2010/08/15 18:44:15 | 000,000,000 | ---D | C] -- E:\My Documents\Google Earth
[2010/08/15 18:44:15 | 000,000,000 | ---D | C] -- E:\My Documents\Geography
[2010/08/15 18:44:09 | 000,000,000 | ---D | C] -- E:\My Documents\Finances
[2010/08/15 18:44:09 | 000,000,000 | ---D | C] -- E:\My Documents\Fantasy Novels
[2010/08/15 18:44:08 | 000,000,000 | ---D | C] -- E:\My Documents\Events
[2010/08/15 18:39:26 | 000,000,000 | ---D | C] -- E:\My Documents\Ethnography
[2010/08/15 18:39:03 | 000,000,000 | ---D | C] -- E:\My Documents\Endnote Libraries
[2010/08/15 18:34:27 | 000,000,000 | R--D | C] -- E:\My Documents\Downloads
[2010/08/15 18:34:02 | 000,000,000 | ---D | C] -- E:\My Documents\Dissertation
[2010/08/15 18:34:02 | 000,000,000 | ---D | C] -- E:\My Documents\Definitions and Notes
[2010/08/15 18:33:34 | 000,000,000 | ---D | C] -- E:\My Documents\Daoism and Medicine
[2010/08/15 18:33:34 | 000,000,000 | ---D | C] -- E:\My Documents\Daoism
[2010/08/15 18:30:45 | 000,000,000 | ---D | C] -- E:\My Documents\Conferences
[2010/08/15 18:30:45 | 000,000,000 | ---D | C] -- E:\My Documents\Compare Advance
[2010/08/15 18:30:45 | 000,000,000 | ---D | C] -- E:\My Documents\Comics
[2010/08/15 18:30:35 | 000,000,000 | ---D | C] -- E:\My Documents\Chinese Medicine
[2010/08/15 18:30:35 | 000,000,000 | ---D | C] -- E:\My Documents\China Maps and Chronologies
[2010/08/15 18:30:35 | 000,000,000 | ---D | C] -- E:\My Documents\China Journals Online
[2010/08/15 18:30:34 | 000,000,000 | ---D | C] -- E:\My Documents\Bluetooth
[2010/08/15 18:30:34 | 000,000,000 | ---D | C] -- E:\My Documents\Biographies
[2010/08/15 18:30:15 | 000,000,000 | ---D | C] -- E:\My Documents\Bibliography-Endnote
[2010/08/15 18:29:58 | 000,000,000 | ---D | C] -- E:\My Documents\Bibiliography-General
[2010/08/15 18:29:48 | 000,000,000 | ---D | C] -- E:\My Documents\Apps
[2010/08/15 18:29:48 | 000,000,000 | ---D | C] -- E:\My Documents\Alcohol 120%
[2010/08/15 18:29:48 | 000,000,000 | ---D | C] -- E:\My Documents\AdvSysOpt
[2010/08/15 18:29:48 | 000,000,000 | ---D | C] -- E:\My Documents\Adobe
[2010/08/15 18:29:48 | 000,000,000 | ---D | C] -- E:\My Documents\Admin
[2010/08/15 18:29:48 | 000,000,000 | ---D | C] -- E:\My Documents\Academic Collaboration
[2010/08/15 18:29:48 | 000,000,000 | ---D | C] -- E:\My Documents\AaPalmPilot
[2010/08/15 18:29:48 | 000,000,000 | ---D | C] -- E:\My Documents\Aanew files
[2010/08/15 18:23:13 | 000,000,000 | ---D | C] -- E:\My Documents\Digital Texts
[2010/08/15 18:23:10 | 000,000,000 | -H-D | C] -- E:\My Documents\Endnote Libraries~
[2010/08/15 18:23:10 | 000,000,000 | ---D | C] -- E:\My Documents\Language
[2010/08/15 18:23:10 | 000,000,000 | ---D | C] -- E:\My Documents\Journals
[2010/08/15 18:23:01 | 000,000,000 | ---D | C] -- E:\My Documents\Medical Texts
[2010/08/15 18:23:01 | 000,000,000 | ---D | C] -- E:\My Documents\MA Thesis
[2010/08/15 18:22:57 | 000,000,000 | ---D | C] -- E:\My Documents\Music
[2010/08/15 18:22:57 | 000,000,000 | ---D | C] -- E:\My Documents\Mind Maps
[2010/08/15 18:22:57 | 000,000,000 | ---D | C] -- E:\My Documents\Mike's Stuff
[2010/08/15 18:21:38 | 000,000,000 | ---D | C] -- E:\My Documents\My Downloads
[2010/08/15 18:21:37 | 000,000,000 | ---D | C] -- E:\My Documents\My eBooks
[2010/08/15 18:21:11 | 000,000,000 | R--D | C] -- E:\My Documents\My Music
[2010/08/15 18:21:10 | 000,000,000 | ---D | C] -- E:\My Documents\My Papers
[2010/08/15 18:14:17 | 000,000,000 | R--D | C] -- E:\My Documents\My Pictures
[2010/08/15 18:13:50 | 000,000,000 | ---D | C] -- E:\My Documents\My Received Files
[2010/08/15 18:13:28 | 000,000,000 | ---D | C] -- E:\My Documents\My Seminars
[2010/08/15 18:13:27 | 000,000,000 | ---D | C] -- E:\My Documents\My Skype Pictures
[2010/08/15 18:13:25 | 000,000,000 | ---D | C] -- E:\My Documents\My Sounds
[2010/08/15 18:12:52 | 000,000,000 | --SD | C] -- E:\My Documents\My Webs
[2010/08/15 18:12:52 | 000,000,000 | R--D | C] -- E:\My Documents\My Videos
[2010/08/15 18:12:50 | 000,000,000 | ---D | C] -- E:\My Documents\Occasional Contemplations
[2010/08/15 18:12:50 | 000,000,000 | ---D | C] -- E:\My Documents\NRI
[2010/08/15 18:12:50 | 000,000,000 | ---D | C] -- E:\My Documents\Notes From Pittsburgh T-day 2006
[2010/08/15 18:12:50 | 000,000,000 | ---D | C] -- E:\My Documents\New Folder
[2010/08/15 18:12:50 | 000,000,000 | ---D | C] -- E:\My Documents\NeroVision
[2010/08/15 18:12:47 | 000,000,000 | ---D | C] -- E:\My Documents\Official Documents
[2010/08/15 18:12:38 | 000,000,000 | ---D | C] -- E:\My Documents\Prognostication
[2010/08/15 18:12:38 | 000,000,000 | ---D | C] -- E:\My Documents\Poetry
[2010/08/15 18:12:38 | 000,000,000 | ---D | C] -- E:\My Documents\OneNote Notebooks
[2010/08/15 18:12:35 | 000,000,000 | ---D | C] -- E:\My Documents\SD
[2010/08/15 18:12:35 | 000,000,000 | ---D | C] -- E:\My Documents\Schedules
[2010/08/15 18:12:35 | 000,000,000 | ---D | C] -- E:\My Documents\R-TT
[2010/08/15 18:12:35 | 000,000,000 | ---D | C] -- E:\My Documents\Reading
[2010/08/15 18:12:35 | 000,000,000 | ---D | C] -- E:\My Documents\Publications
[2010/08/15 18:12:25 | 000,000,000 | ---D | C] -- E:\My Documents\Syllabi
[2010/08/15 18:12:25 | 000,000,000 | ---D | C] -- E:\My Documents\Students
[2010/08/15 18:12:25 | 000,000,000 | ---D | C] -- E:\My Documents\Spa
[2010/08/15 18:12:25 | 000,000,000 | ---D | C] -- E:\My Documents\Sony Media Libraries
[2010/08/15 18:12:25 | 000,000,000 | ---D | C] -- E:\My Documents\Social
[2010/08/15 18:12:25 | 000,000,000 | ---D | C] -- E:\My Documents\Seva
[2010/08/15 18:11:27 | 000,000,000 | ---D | C] -- E:\My Documents\Teaching
[2010/08/15 18:08:16 | 000,000,000 | ---D | C] -- E:\My Documents\Tech Files
[2010/08/15 18:08:15 | 000,000,000 | ---D | C] -- E:\My Documents\Techincal Data
[2010/08/15 18:08:12 | 000,000,000 | ---D | C] -- E:\My Documents\Translation Group
[2010/08/15 18:08:12 | 000,000,000 | ---D | C] -- E:\My Documents\Tibeto-Sino Reading
[2010/08/15 18:08:11 | 000,000,000 | ---D | C] -- E:\My Documents\Translations
[2010/08/15 18:08:10 | 000,000,000 | ---D | C] -- E:\My Documents\UseNeXT
[2010/08/15 18:08:10 | 000,000,000 | ---D | C] -- E:\My Documents\Use of Critical Terms - Mysticism
[2010/08/15 18:08:10 | 000,000,000 | ---D | C] -- E:\My Documents\Updater5
[2010/08/15 18:08:10 | 000,000,000 | ---D | C] -- E:\My Documents\Travel
[2010/08/15 18:08:08 | 000,000,000 | R--D | C] -- E:\My Documents\Wedding
[2010/08/15 18:07:54 | 000,000,000 | ---D | C] -- E:\My Documents\牛老師
[2010/08/15 18:07:54 | 000,000,000 | ---D | C] -- E:\My Documents\Wellcome Centre
[2010/08/11 20:14:56 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\Desktop\Desktop Items
[2010/08/11 13:34:23 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\vlc
[2010/08/11 07:08:30 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\dwhelper
[2010/08/09 04:30:08 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/08/09 04:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivXLand
[2010/08/08 13:01:37 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2010/08/08 13:01:37 | 000,351,744 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2010/08/08 13:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Common Share
[2010/08/08 13:01:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OJOsoft
[2010/08/08 12:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2010/08/08 12:13:56 | 000,638,976 | ---- | C] (DivXNetworks, Inc.) -- C:\Windows\SysWow64\divx.dll
[2010/08/08 12:13:56 | 000,221,215 | ---- | C] (DivXNetworks, Inc.) -- C:\Windows\SysWow64\divxdec.ax
[2010/08/08 12:13:55 | 000,261,632 | ---- | C] (MainConcept) -- C:\Windows\SysWow64\mcdvd_32.dll
[2010/08/08 12:13:55 | 000,082,944 | ---- | C] (Voxware, Inc.) -- C:\Windows\SysWow64\vct3216.acm
[2010/08/08 12:13:55 | 000,081,920 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\AC3ACM.acm
[2010/08/08 12:13:55 | 000,038,912 | ---- | C] (NCT Company) -- C:\Windows\SysWow64\alf2cd.acm
[2010/08/08 12:13:55 | 000,013,239 | ---- | C] (SHARP Corporation) -- C:\Windows\SysWow64\Scg726.acm
[2010/08/08 09:58:52 | 000,000,000 | R--D | C] -- C:\Torrents
[2010/08/08 09:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/08/08 09:57:02 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\uTorrent
[2010/08/08 02:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2010/08/07 17:26:33 | 000,000,000 | ---D | C] -- C:\Temp Rendering Files
[2010/08/07 14:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2010/08/07 14:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LizardTech
[2010/08/07 00:59:20 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\Inventec
[2010/08/06 20:57:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/06 19:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2010/08/06 17:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Inventec Shared
[2010/08/06 17:14:09 | 000,432,128 | ---- | C] (IES) -- C:\Windows\SysNative\DreyeJP.ime
[2010/08/06 17:14:09 | 000,422,912 | ---- | C] (IES) -- C:\Windows\SysNative\DreyeSC.ime
[2010/08/06 17:14:09 | 000,415,232 | ---- | C] (IES) -- C:\Windows\SysNative\DreyeTC.ime
[2010/08/05 17:11:51 | 000,040,960 | ---- | C] (INVENTEC) -- C:\Windows\SysWow64\PeaDdx32.dll
[2010/08/05 17:11:51 | 000,004,608 | ---- | C] (MITT) -- C:\Windows\SysWow64\IWInput.ime
[2010/08/05 17:11:48 | 000,090,112 | ---- | C] (INVENTEC) -- C:\Windows\SysWow64\DrEyeDic.dll
[2010/08/05 17:11:48 | 000,065,536 | ---- | C] (INVENTEC) -- C:\Windows\SysWow64\DrEyeDB.dll
[2010/08/05 17:11:48 | 000,028,672 | ---- | C] (INVENTEC) -- C:\Windows\SysWow64\DrEyeAPI.dll
[2010/08/05 17:11:47 | 000,086,016 | ---- | C] (Inventec) -- C:\Windows\SysWow64\DreyeWndU.dll
[2010/08/05 17:11:47 | 000,036,864 | ---- | C] (Inventec) -- C:\Windows\SysWow64\DreyeCtlU.dll
[2010/08/05 17:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inventec
[2010/08/05 17:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2010/08/05 02:14:47 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\Desktop\Ethnography
[2010/08/04 19:09:53 | 000,000,000 | ---D | C] -- C:\cbeta
[2010/08/04 14:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\設定光碟路徑
[2010/08/03 18:32:54 | 000,000,000 | ---D | C] -- C:\HYDCFT.NWV20
[2010/08/03 01:59:55 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\EndNote
[2010/08/03 01:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Risxtd
[2010/08/03 01:57:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ResearchSoft
[2010/08/03 01:57:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2010/08/03 01:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EndNote X4
[2010/08/03 01:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2010/08/03 01:28:11 | 000,000,000 | ---D | C] -- C:\Sinology Texts
[2010/08/03 01:18:09 | 000,000,000 | ---D | C] -- C:\Software
[2010/08/03 00:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/08/03 00:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/08/03 00:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/08/03 00:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/08/03 00:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/08/03 00:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/08/03 00:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/08/03 00:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/08/03 00:49:11 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Microsoft Help
[2010/08/03 00:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/08/03 00:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/08/03 00:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/08/03 00:48:55 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/08/03 00:45:57 | 000,000,000 | ---D | C] -- C:\IUware Online
[2010/08/02 21:49:29 | 000,057,752 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2010/08/02 21:49:29 | 000,057,752 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2010/08/02 21:49:03 | 000,013,160 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\Upgrd.exe
[2010/08/02 21:31:25 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Deployment
[2010/08/02 21:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2010/08/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2010/08/02 18:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2010/08/02 18:38:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/08/02 18:16:54 | 000,000,000 | ---D | C] -- C:\Virtual XP Disk
[2010/08/02 17:57:45 | 000,000,000 | R--D | C] -- C:\Users\Xuyuan\Virtual Machines
[2010/08/02 16:59:14 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\Desktop\music
[2010/08/02 15:12:22 | 000,000,000 | -HSD | C] -- C:\Windows\BitLockerDiscoveryVolumeContents
[2010/08/02 15:12:22 | 000,000,000 | ---D | C] -- C:\Windows\RemotePackages
[2010/08/02 15:12:22 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2010/08/02 07:11:01 | 000,000,000 | R--D | C] -- C:\Users\Xuyuan\Start Bar
[2010/08/01 10:04:11 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Apple Computer
[2010/08/01 10:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/01 10:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/01 10:01:26 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Apple
[2010/08/01 10:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/08/01 10:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/08/01 07:57:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010/08/01 07:02:49 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\Nero
[2010/08/01 06:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010/08/01 06:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/08/01 06:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010/08/01 04:11:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/08/01 04:11:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/07/29 22:16:28 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\Publish Providers
[2010/07/29 21:56:05 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\Sony
[2010/07/29 21:56:05 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Sony
[2010/07/29 21:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010/07/29 21:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2010/07/29 21:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/07/29 21:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/07/29 21:41:10 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\DAEMON Tools Lite
[2010/07/29 21:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/07/29 18:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/07/29 17:23:21 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/07/29 13:42:58 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\ElevatedDiagnostics
[2010/07/29 13:42:05 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\dvdcss
[2010/07/29 13:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/07/29 11:40:30 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\My Backup Files
[2010/07/29 11:39:41 | 000,000,000 | -HSD | C] -- C:\System Recovery
[2010/07/29 09:56:18 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\skypePM
[2010/07/29 09:55:32 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\Skype
[2010/07/29 09:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/07/29 09:33:34 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\Mozilla
[2010/07/29 09:33:34 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Mozilla
[2010/07/29 09:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/07/29 07:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2010/07/29 07:18:47 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2010/07/29 05:59:20 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Apps
[2010/07/29 05:37:55 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Diagnostics
[2010/07/29 04:54:25 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Microsoft Games
[2010/07/29 04:40:39 | 000,000,000 | R--D | C] -- C:\Users\Xuyuan\Podcasts
[2010/07/29 04:40:34 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\VirtualStore
[2010/07/29 04:39:42 | 000,000,000 | -HSD | C] -- C:\Users\Xuyuan\AppData\Local\Temporary Internet Files
[2010/07/29 04:39:42 | 000,000,000 | -HSD | C] -- C:\Users\Xuyuan\Templates
[2010/07/29 04:39:42 | 000,000,000 | -HSD | C] -- C:\Users\Xuyuan\Start Menu
[2010/07/29 04:39:42 | 000,000,000 | -HSD | C] -- C:\Users\Xuyuan\SendTo
[2010/07/29 04:39:42 | 000,000,000 | -HSD | C] -- C:\Users\Xuyuan\Recent
[2010/07/29 04:39:42 | 000,000,000 | -HSD | C] -- C:\Users\Xuyuan\PrintHood
[2010/07/29 04:39:42 | 000,000,000 | -HSD | C] -- C:\Users\Xuyuan\NetHood
[2010/07/29 04:39:42 | 000,000,000 | -HSD | C] -- C:\Users\Xuyuan\My Documents
[2010/07/29 04:39:42 | 000,000,000 | -HSD | C] -- C:\Users\Xuyuan\Local Settings
[2010/07/29 04:39:42 | 000,000,000 | -HSD | C] -- C:\Users\Xuyuan\AppData\Local\History
[2010/07/29 04:39:42 | 000,000,000 | -HSD | C] -- C:\Users\Xuyuan\Cookies
[2010/07/29 04:39:42 | 000,000,000 | -HSD | C] -- C:\Users\Xuyuan\Application Data
[2010/07/29 04:39:42 | 000,000,000 | -HSD | C] -- C:\Users\Xuyuan\AppData\Local\Application Data
[2010/07/29 04:39:29 | 000,000,000 | --SD | C] -- C:\Users\Xuyuan\AppData\Roaming\Microsoft
[2010/07/29 04:39:29 | 000,000,000 | R--D | C] -- C:\Users\Xuyuan\Videos
[2010/07/29 04:39:29 | 000,000,000 | R--D | C] -- C:\Users\Xuyuan\Searches
[2010/07/29 04:39:29 | 000,000,000 | R--D | C] -- C:\Users\Xuyuan\Saved Games
[2010/07/29 04:39:29 | 000,000,000 | R--D | C] -- C:\Users\Xuyuan\Pictures
[2010/07/29 04:39:29 | 000,000,000 | R--D | C] -- C:\Users\Xuyuan\Links
[2010/07/29 04:39:29 | 000,000,000 | R--D | C] -- C:\Users\Xuyuan\Desktop
[2010/07/29 04:39:29 | 000,000,000 | R--D | C] -- C:\Users\Xuyuan\Contacts
[2010/07/29 04:39:29 | 000,000,000 | -H-D | C] -- C:\Users\Xuyuan\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/07/29 04:39:29 | 000,000,000 | -H-D | C] -- C:\Users\Xuyuan\AppData
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\WindowsUpdate
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\Tracing
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Temp
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\SupportSoft
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Stardock_Corporation
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\SoftThinks
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\Roxio Log Files
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\Roxio
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Programs
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\Music
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Microsoft
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\Macromedia
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\IsolatedStorage
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\InstallShield
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\Identities
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Dell Edoc Viewer
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\Dell
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\DataSafeOnline
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\CyberLink
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\Creative
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Broadcom
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\assembly
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Roaming\Adobe
[2010/07/29 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\Xuyuan\AppData\Local\Adobe
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Xuyuan\AppData\Roaming\*.tmp files -> C:\Users\Xuyuan\AppData\Roaming\*.tmp -> ]
[1 E:\My Documents\*.tmp files -> E:\My Documents\*.tmp -> ]
[1 C:\Users\Xuyuan\Desktop\*.tmp files -> C:\Users\Xuyuan\Desktop\*.tmp -> ]


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 13 October 2010 - 12:03 PM

========== Files - Modified Within 90 Days ==========

[2010/10/13 14:12:15 | 009,699,328 | -HS- | M] () -- C:\Users\Xuyuan\NTUSER.DAT
[2010/10/13 13:10:42 | 000,001,269 | ---- | M] () -- C:\Users\Xuyuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2010/10/13 11:27:01 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2010/10/13 11:26:12 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/13 11:26:12 | 000,607,728 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/13 11:26:12 | 000,104,106 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/13 11:24:13 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/13 11:01:26 | 000,019,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/13 11:01:26 | 000,019,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/13 10:55:26 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/10/13 10:53:53 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2010/10/13 10:53:51 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2010/10/13 10:53:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/13 10:53:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/13 10:52:56 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/13 10:51:00 | 003,674,708 | -H-- | M] () -- C:\Users\Xuyuan\AppData\Local\IconCache.db
[2010/10/13 10:50:48 | 000,007,597 | ---- | M] () -- C:\Users\Xuyuan\AppData\Local\Resmon.ResmonCfg
[2010/10/02 15:59:47 | 000,024,521 | ---- | M] () -- C:\Users\Xuyuan\Desktop\Working Medicine and Religion Readings.docx
[2010/10/02 14:43:39 | 000,014,838 | ---- | M] () -- C:\Users\Xuyuan\Desktop\Texts.to.get.docx
[2010/10/02 10:59:48 | 000,001,078 | ---- | M] () -- C:\Users\Xuyuan\Desktop\Ultralingua 6.lnk
[2010/10/01 21:03:50 | 000,000,600 | ---- | M] () -- C:\Users\Xuyuan\AppData\Local\PUTTY.RND
[2010/09/30 18:07:28 | 048,261,639 | ---- | M] () -- C:\Users\Xuyuan\Desktop\Rubbing.flv
[2010/09/30 11:35:37 | 000,750,999 | ---- | M] () -- C:\Users\Xuyuan\Desktop\medical_print_22_large.jpg
[2010/09/29 18:07:39 | 000,420,665 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/09/29 11:17:35 | 000,044,640 | ---- | M] () -- C:\Users\Xuyuan\Desktop\Sophos.Scan.png
[2010/09/29 11:06:02 | 000,444,287 | ---- | M] () -- C:\Users\Xuyuan\Desktop\Error Messages.png
[2010/09/28 18:33:44 | 000,170,920 | ---- | M] () -- C:\Users\Xuyuan\Desktop\Wellcome.Library.Card.renewal.application.pdf
[2010/09/28 18:26:36 | 000,090,834 | ---- | M] () -- C:\Users\Xuyuan\Desktop\MSB_Proof.of.Address.pdf
[2010/09/28 14:49:42 | 000,046,351 | ---- | M] () -- C:\Users\Xuyuan\Desktop\wtx055401.pdf
[2010/09/28 00:30:25 | 000,020,238 | ---- | M] () -- C:\Users\Xuyuan\Desktop\T.Gonkatsang.Payment.png
[2010/09/27 00:45:24 | 000,002,981 | ---- | M] () -- C:\Users\Xuyuan\Desktop\HiJackThis.lnk
[2010/09/26 13:52:25 | 000,001,133 | ---- | M] () -- C:\Users\Xuyuan\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/24 11:23:42 | 000,001,930 | ---- | M] () -- C:\Users\Xuyuan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/24 09:32:27 | 000,005,120 | ---- | M] () -- C:\Users\Xuyuan\AppData\Roaming\409nch2r.default.dat
[2010/09/24 09:32:27 | 000,002,576 | ---- | M] () -- C:\Users\Xuyuan\AppData\Roaming\409nch2r.default.dat-journal
[2010/09/24 08:23:44 | 000,014,765 | ---- | M] () -- C:\Users\Xuyuan\Desktop\Working Medicine and Religion Readings2.docx
[2010/09/24 07:52:07 | 000,000,120 | ---- | M] () -- C:\Users\Xuyuan\AppData\Local\Krirujahozazohec.dat
[2010/09/24 07:31:43 | 000,001,000 | ---- | M] () -- C:\Users\Xuyuan\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/08/30 18:23:25 | 000,000,162 | -H-- | M] () -- C:\Users\Xuyuan\Desktop\~$engzhi.Translation.Handout.The.Actual.dot
[2010/08/30 18:21:40 | 000,000,162 | -H-- | M] () -- C:\Users\Xuyuan\Desktop\~$dyMindSpiritHealing.Abstract+trans.doc
[2010/08/26 04:20:08 | 000,000,162 | -H-- | M] () -- C:\Users\Xuyuan\Desktop\~$ings to do.docx
[2010/08/25 02:04:44 | 000,000,165 | -H-- | M] () -- C:\Users\Xuyuan\Desktop\~$Zhengzhi.Talk.pptm
[2010/08/24 18:03:17 | 000,000,162 | -H-- | M] () -- C:\Users\Xuyuan\Desktop\~$engzhi.Translation.Handout.docx
[2010/08/21 18:07:12 | 000,172,592 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/08/21 18:07:12 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/08/21 18:07:12 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/08/20 06:22:40 | 000,000,162 | -H-- | M] () -- C:\Users\Xuyuan\Desktop\~$的李健民教授敬見.docx
[2010/08/20 03:25:33 | 000,421,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/19 05:06:53 | 000,009,081 | ---- | M] () -- C:\Windows\hpdj3740.his
[2010/08/19 05:06:53 | 000,001,814 | ---- | M] () -- C:\Windows\hpdj3740.ini
[2010/08/17 05:17:30 | 000,113,264 | ---- | M] () -- C:\Users\Xuyuan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/12 14:15:20 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/08/09 08:21:47 | 460,320,404 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/08 13:01:40 | 000,001,200 | ---- | M] () -- C:\Users\Xuyuan\Application Data\Microsoft\Internet Explorer\Quick Launch\OJOsoft Total Video Converter.lnk
[2010/08/08 09:57:46 | 000,000,934 | ---- | M] () -- C:\Users\Xuyuan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/08/07 16:05:44 | 000,000,728 | ---- | M] () -- E:\My Documents\Default.sfvidcap
[2010/08/06 17:14:19 | 000,000,032 | ---- | M] () -- C:\Windows\SysWow64\rdInfo8
[2010/08/03 00:49:52 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/08/03 00:21:25 | 000,919,754 | ---- | M] () -- C:\Windows\SysNative\oem29.inf
[2010/08/02 21:49:09 | 000,013,160 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\Upgrd.exe
[2010/08/02 21:49:02 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2010/08/02 21:46:07 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/08/02 21:45:38 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/08/02 15:00:46 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/08/02 15:00:46 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/08/02 09:29:29 | 000,110,274 | ---- | M] () -- C:\Users\Xuyuan\Desktop\Bibliography_Taiwan.Daoism.1945-2000.htm
[2010/08/01 10:02:00 | 000,002,447 | ---- | M] () -- C:\Users\Xuyuan\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/08/01 08:03:50 | 000,000,130 | ---- | M] () -- C:\Users\Xuyuan\AppData\Roaming\default.rss
[2010/07/30 10:25:04 | 000,000,572 | ---- | M] () -- E:\My Documents\spider.sav
[2010/07/29 22:15:59 | 000,002,552 | ---- | M] () -- E:\My Documents\Register Vegas Pro.htm
[2010/07/29 21:41:58 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/07/29 10:12:03 | 000,913,264 | ---- | M] () -- C:\Windows\SysNative\oem27.inf
[2010/07/29 09:56:19 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/07/29 09:40:28 | 000,893,250 | ---- | M] () -- C:\Windows\SysNative\oem28.inf
[2010/07/29 05:09:09 | 000,524,288 | -HS- | M] () -- C:\Users\Xuyuan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/29 05:09:09 | 000,524,288 | -HS- | M] () -- C:\Users\Xuyuan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/29 05:09:09 | 000,065,536 | -HS- | M] () -- C:\Users\Xuyuan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/29 04:40:40 | 000,001,404 | ---- | M] () -- C:\Users\Xuyuan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/29 04:36:39 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/07/29 04:36:39 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Xuyuan\AppData\Roaming\*.tmp files -> C:\Users\Xuyuan\AppData\Roaming\*.tmp -> ]
[1 E:\My Documents\*.tmp files -> E:\My Documents\*.tmp -> ]
[1 C:\Users\Xuyuan\Desktop\*.tmp files -> C:\Users\Xuyuan\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/13 11:27:01 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2010/10/13 11:24:13 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/02 16:47:23 | 000,257,384 | ---- | C] () -- C:\Users\Xuyuan\Desktop\The Vid_still.hunpo.veg
[2010/10/02 16:47:12 | 123,178,568 | ---- | C] () -- C:\Users\Xuyuan\Desktop\HoMiM.Final.Cut.Wangxinxin.Credits.corrected.2.wmv
[2010/10/02 16:46:39 | 000,300,088 | ---- | C] () -- C:\Users\Xuyuan\Desktop\HoMiM.Final.Cut.Wangxinxin.Credits.corrected.veg.bak
[2010/10/02 10:59:48 | 000,001,078 | ---- | C] () -- C:\Users\Xuyuan\Desktop\Ultralingua 6.lnk
[2010/09/30 18:34:41 | 048,261,639 | ---- | C] () -- C:\Users\Xuyuan\Desktop\Rubbing.flv
[2010/09/30 11:35:23 | 000,750,999 | ---- | C] () -- C:\Users\Xuyuan\Desktop\medical_print_22_large.jpg
[2010/09/29 11:17:35 | 000,044,640 | ---- | C] () -- C:\Users\Xuyuan\Desktop\Sophos.Scan.png
[2010/09/29 11:06:01 | 000,444,287 | ---- | C] () -- C:\Users\Xuyuan\Desktop\Error Messages.png
[2010/09/29 03:10:15 | 000,014,838 | ---- | C] () -- C:\Users\Xuyuan\Desktop\Texts.to.get.docx
[2010/09/28 18:26:36 | 000,090,834 | ---- | C] () -- C:\Users\Xuyuan\Desktop\MSB_Proof.of.Address.pdf
[2010/09/28 14:59:37 | 000,170,920 | ---- | C] () -- C:\Users\Xuyuan\Desktop\Wellcome.Library.Card.renewal.application.pdf
[2010/09/28 14:49:42 | 000,046,351 | ---- | C] () -- C:\Users\Xuyuan\Desktop\wtx055401.pdf
[2010/09/28 00:30:24 | 000,020,238 | ---- | C] () -- C:\Users\Xuyuan\Desktop\T.Gonkatsang.Payment.png
[2010/09/27 14:34:06 | 000,000,600 | ---- | C] () -- C:\Users\Xuyuan\AppData\Local\PUTTY.RND
[2010/09/27 00:45:24 | 000,002,981 | ---- | C] () -- C:\Users\Xuyuan\Desktop\HiJackThis.lnk
[2010/09/26 13:52:25 | 000,001,133 | ---- | C] () -- C:\Users\Xuyuan\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/24 09:32:21 | 000,005,120 | ---- | C] () -- C:\Users\Xuyuan\AppData\Roaming\409nch2r.default.dat
[2010/09/24 09:32:21 | 000,002,576 | ---- | C] () -- C:\Users\Xuyuan\AppData\Roaming\409nch2r.default.dat-journal
[2010/09/24 08:23:38 | 000,014,765 | ---- | C] () -- C:\Users\Xuyuan\Desktop\Working Medicine and Religion Readings2.docx
[2010/09/24 08:23:08 | 000,024,521 | ---- | C] () -- C:\Users\Xuyuan\Desktop\Working Medicine and Religion Readings.docx
[2010/09/24 07:31:43 | 000,001,000 | ---- | C] () -- C:\Users\Xuyuan\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/24 00:35:37 | 000,000,120 | ---- | C] () -- C:\Users\Xuyuan\AppData\Local\Krirujahozazohec.dat
[2010/09/24 00:31:05 | 000,000,065 | ---- | C] () -- C:\Users\Xuyuan\AppData\Roaming\AcroIEHelpe.txt
[2010/09/21 15:30:10 | 000,014,064 | ---- | C] () -- C:\Windows\UN091111.INI
[2010/09/21 15:29:50 | 000,011,878 | ---- | C] () -- C:\Windows\UN091114.INI
[2010/09/21 15:26:41 | 000,012,049 | ---- | C] () -- C:\Windows\UN080616.INI
[2010/08/30 18:23:25 | 000,000,162 | -H-- | C] () -- C:\Users\Xuyuan\Desktop\~$engzhi.Translation.Handout.The.Actual.dot
[2010/08/30 18:21:40 | 000,000,162 | -H-- | C] () -- C:\Users\Xuyuan\Desktop\~$dyMindSpiritHealing.Abstract+trans.doc
[2010/08/26 04:20:08 | 000,000,162 | -H-- | C] () -- C:\Users\Xuyuan\Desktop\~$ings to do.docx
[2010/08/25 02:04:44 | 000,000,165 | -H-- | C] () -- C:\Users\Xuyuan\Desktop\~$Zhengzhi.Talk.pptm
[2010/08/24 21:10:37 | 000,471,040 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/08/24 18:03:17 | 000,000,162 | -H-- | C] () -- C:\Users\Xuyuan\Desktop\~$engzhi.Translation.Handout.docx
[2010/08/21 18:07:03 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/08/21 18:07:03 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/08/21 09:16:59 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\LDPLAY.DLL
[2010/08/21 09:16:59 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\Voice.dll
[2010/08/21 09:16:56 | 002,359,352 | ---- | C] () -- C:\Windows\1024Dtop.bmp
[2010/08/21 09:16:56 | 001,440,056 | ---- | C] () -- C:\Windows\800Dtop.bmp
[2010/08/21 09:16:53 | 000,192,000 | ---- | C] () -- C:\Windows\SysWow64\MTDLL32.DLL
[2010/08/21 09:16:53 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\mttrans.dll
[2010/08/21 09:16:53 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\Tran.dll
[2010/08/20 06:22:40 | 000,000,162 | -H-- | C] () -- C:\Users\Xuyuan\Desktop\~$的李健民教授敬見.docx
[2010/08/19 05:44:09 | 000,000,535 | ---- | C] () -- C:\Windows\SysNative\xrxo3l6.smt
[2010/08/19 05:44:00 | 000,022,016 | ---- | C] () -- C:\Windows\SysNative\xrxo3l6.dll
[2010/08/19 05:05:41 | 000,009,081 | ---- | C] () -- C:\Windows\hpdj3740.his
[2010/08/19 05:05:41 | 000,001,814 | ---- | C] () -- C:\Windows\hpdj3740.ini
[2010/08/15 19:11:10 | 000,002,552 | ---- | C] () -- E:\My Documents\Register Vegas Pro.htm
[2010/08/15 18:07:54 | 002,429,952 | ---- | C] () -- E:\My Documents\Peach.pub
[2010/08/15 18:07:54 | 002,018,117 | ---- | C] () -- E:\My Documents\Malina_Pain,Power+Personhood.pdf
[2010/08/15 18:07:54 | 000,729,283 | ---- | C] () -- E:\My Documents\SQ33.HY1322.洞真太上神虎玉經.ZH.pdf
[2010/08/15 18:07:54 | 000,625,664 | ---- | C] () -- E:\My Documents\Qigong.Daoyin.pub
[2010/08/15 18:07:54 | 000,262,765 | ---- | C] () -- E:\My Documents\Chinese.Family.Relations.gif
[2010/08/15 18:07:54 | 000,260,659 | ---- | C] () -- E:\My Documents\MikesChart.jpg
[2010/08/15 18:07:54 | 000,104,134 | ---- | C] () -- E:\My Documents\HoMiM.Final.Cut
[2010/08/15 18:07:54 | 000,092,160 | ---- | C] () -- E:\My Documents\SOAS Articles.doc
[2010/08/15 18:07:54 | 000,071,680 | ---- | C] () -- E:\My Documents\Mail from.doc
[2010/08/15 18:07:54 | 000,045,726 | ---- | C] () -- E:\My Documents\Mindmap.pdf
[2010/08/15 18:07:54 | 000,029,184 | ---- | C] () -- E:\My Documents\Lin.Fushi.SOAS.Readings.doc
[2010/08/15 18:07:54 | 000,011,174 | ---- | C] () -- E:\My Documents\Reading Notes Template.dotx
[2010/08/15 18:07:54 | 000,011,165 | ---- | C] () -- E:\My Documents\Reading Notes Template.docx
[2010/08/15 18:07:54 | 000,000,576 | ---- | C] () -- E:\My Documents\My Sharing Folders.lnk
[2010/08/15 18:07:54 | 000,000,572 | ---- | C] () -- E:\My Documents\spider.sav
[2010/08/15 18:07:54 | 000,000,162 | ---- | C] () -- E:\My Documents\~$uangzi Daos the Dao (Chinese text).doc
[2010/08/15 18:07:54 | 000,000,162 | ---- | C] () -- E:\My Documents\~$atsang.doc
[2010/08/15 18:07:54 | 000,000,162 | ---- | C] () -- E:\My Documents\~$apter 6 Poem Complete English Xferble.doc
[2010/08/15 18:07:51 | 090,710,912 | ---- | C] () -- E:\My Documents\HoMiM.Credits.Transcendence.wmv
[2010/08/15 18:07:51 | 001,357,824 | ---- | C] () -- E:\My Documents\C102 grading W12-16.xls
[2010/08/15 18:07:51 | 000,549,464 | ---- | C] () -- E:\My Documents\Buddhist Influence on Sun Simiao's Precious Prescriptions.pdf
[2010/08/15 18:07:51 | 000,111,535 | ---- | C] () -- E:\My Documents\Durenjing+notes.docx
[2010/08/15 18:07:51 | 000,105,760 | ---- | C] () -- E:\My Documents\filegame.gam
[2010/08/15 18:07:51 | 000,025,600 | ---- | C] () -- E:\My Documents\Fellow Canoeists.doc
[2010/08/15 18:07:51 | 000,001,798 | ---- | C] () -- E:\My Documents\Default.rdp
[2010/08/15 18:07:51 | 000,000,728 | ---- | C] () -- E:\My Documents\Default.sfvidcap
[2010/08/15 18:07:50 | 000,000,281 | ---- | C] () -- E:\My Documents\BACKUP (H).lnk
[2010/08/08 13:01:40 | 000,001,200 | ---- | C] () -- C:\Users\Xuyuan\Application Data\Microsoft\Internet Explorer\Quick Launch\OJOsoft Total Video Converter.lnk
[2010/08/08 12:13:56 | 000,156,910 | ---- | C] () -- C:\Windows\WMSysPr8.prx
[2010/08/08 12:13:56 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2010/08/08 12:13:55 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/08/08 12:13:55 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/08/08 09:57:46 | 000,000,934 | ---- | C] () -- C:\Users\Xuyuan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/08/07 14:29:44 | 000,022,486 | ---- | C] () -- C:\Windows\DjVuDoc.ico
[2010/08/06 20:57:47 | 460,320,404 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/06 19:42:52 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/08/06 17:14:19 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\rdInfo8
[2010/08/06 17:11:08 | 000,001,269 | ---- | C] () -- C:\Users\Xuyuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2010/08/05 17:11:58 | 000,529,478 | ---- | C] () -- C:\Windows\SysWow64\CP_949.NLS
[2010/08/05 17:11:58 | 000,486,850 | ---- | C] () -- C:\Windows\SysWow64\CP_950.NLS
[2010/08/05 17:11:57 | 000,537,858 | ---- | C] () -- C:\Windows\SysWow64\CP_936.NLS
[2010/08/05 17:11:57 | 000,408,546 | ---- | C] () -- C:\Windows\SysWow64\CP_932.NLS
[2010/08/05 17:11:52 | 000,212,992 | ---- | C] () -- C:\Windows\SysWow64\drwss.dll
[2010/08/05 17:11:52 | 000,058,784 | ---- | C] () -- C:\Windows\SysWow64\UC949A.nls
[2010/08/05 17:11:52 | 000,054,932 | ---- | C] () -- C:\Windows\SysWow64\UC950A.nls
[2010/08/05 17:11:52 | 000,051,236 | ---- | C] () -- C:\Windows\SysWow64\UC936B.nls
[2010/08/05 17:11:52 | 000,050,576 | ---- | C] () -- C:\Windows\SysWow64\UC936A.nls
[2010/08/05 17:11:52 | 000,042,842 | ---- | C] () -- C:\Windows\SysWow64\UC950B.nls
[2010/08/05 17:11:52 | 000,038,128 | ---- | C] () -- C:\Windows\SysWow64\UC949B.nls
[2010/08/05 17:11:51 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\Text32.dll
[2010/08/05 17:11:51 | 000,042,410 | ---- | C] () -- C:\Windows\SysWow64\UC932A.nls
[2010/08/05 17:11:51 | 000,026,112 | ---- | C] () -- C:\Windows\SysWow64\LevelApi.dll
[2010/08/05 17:11:51 | 000,025,254 | ---- | C] () -- C:\Windows\SysWow64\UC932B.nls
[2010/08/05 17:11:51 | 000,010,430 | ---- | C] () -- C:\Windows\SysWow64\TxtMan.vxd
[2010/08/05 17:11:49 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\ITToolTip.dll
[2010/08/05 17:11:48 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\AddToNote.dll
[2010/08/05 17:11:48 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\DreyeDBW.dll
[2010/08/05 17:11:48 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\DreyeDBU.dll
[2010/08/05 17:11:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\ClientProc.dll
[2010/08/05 17:11:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\DictInfo.dll
[2010/08/05 17:11:47 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\DreyeSkinCtrls80U.dll
[2010/08/05 17:11:47 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\exeProc.dll
[2010/08/05 17:11:47 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\DreyeMT.dll
[2010/08/03 00:21:37 | 000,919,754 | ---- | C] () -- C:\Windows\SysNative\oem29.inf
[2010/08/02 21:46:07 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/08/02 21:45:38 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/08/02 21:45:37 | 000,017,408 | ---- | C] () -- C:\Windows\SysNative\rpcnetp.exe
[2010/08/02 15:11:54 | 000,051,867 | ---- | C] () -- C:\Windows\Ultimate.xml
[2010/08/02 15:00:46 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/08/02 15:00:46 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/08/02 09:29:28 | 000,110,274 | ---- | C] () -- C:\Users\Xuyuan\Desktop\Bibliography_Taiwan.Daoism.1945-2000.htm
[2010/08/01 10:02:00 | 000,002,447 | ---- | C] () -- C:\Users\Xuyuan\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/08/01 08:03:50 | 000,000,130 | ---- | C] () -- C:\Users\Xuyuan\AppData\Roaming\default.rss
[2010/07/29 21:41:58 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/07/29 09:56:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/29 09:40:40 | 000,893,250 | ---- | C] () -- C:\Windows\SysNative\oem28.inf
[2010/07/29 09:33:29 | 000,001,930 | ---- | C] () -- C:\Users\Xuyuan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/29 07:19:20 | 000,913,264 | ---- | C] () -- C:\Windows\SysNative\oem27.inf
[2010/07/29 04:40:40 | 000,001,404 | ---- | C] () -- C:\Users\Xuyuan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/29 04:39:42 | 000,524,288 | -HS- | C] () -- C:\Users\Xuyuan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/29 04:39:42 | 000,524,288 | -HS- | C] () -- C:\Users\Xuyuan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/29 04:39:42 | 000,262,144 | -HS- | C] () -- C:\Users\Xuyuan\ntuser.dat.LOG1
[2010/07/29 04:39:42 | 000,065,536 | -HS- | C] () -- C:\Users\Xuyuan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/29 04:39:42 | 000,000,000 | -HS- | C] () -- C:\Users\Xuyuan\ntuser.dat.LOG2
[2010/07/29 04:39:35 | 000,007,597 | ---- | C] () -- C:\Users\Xuyuan\AppData\Local\Resmon.ResmonCfg
[2010/07/29 04:39:32 | 000,000,290 | ---- | C] () -- C:\Users\Xuyuan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/07/29 04:39:31 | 000,000,272 | ---- | C] () -- C:\Users\Xuyuan\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/29 04:39:29 | 009,699,328 | -HS- | C] () -- C:\Users\Xuyuan\NTUSER.DAT
[2010/07/29 04:39:29 | 000,000,020 | -HS- | C] () -- C:\Users\Xuyuan\ntuser.ini
[2010/02/15 22:16:08 | 000,000,090 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 03:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 03:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2010/07/29 21:45:53 | 000,000,000 | ---D | M] -- C:\Users\Xuyuan\AppData\Roaming\DAEMON Tools Lite
[2010/10/02 10:47:37 | 000,000,000 | ---D | M] -- C:\Users\Xuyuan\AppData\Roaming\Ectaco
[2010/10/13 13:04:17 | 000,000,000 | ---D | M] -- C:\Users\Xuyuan\AppData\Roaming\EndNote
[2010/08/07 00:59:20 | 000,000,000 | ---D | M] -- C:\Users\Xuyuan\AppData\Roaming\Inventec
[2010/08/06 21:31:43 | 000,000,000 | ---D | M] -- C:\Users\Xuyuan\AppData\Roaming\Publish Providers
[2010/07/29 22:22:36 | 000,000,000 | ---D | M] -- C:\Users\Xuyuan\AppData\Roaming\Sony
[2010/09/24 11:08:11 | 000,000,000 | ---D | M] -- C:\Users\Xuyuan\AppData\Roaming\TeamViewer
[2010/09/24 07:30:24 | 000,000,000 | ---D | M] -- C:\Users\Xuyuan\AppData\Roaming\UAs
[2010/10/13 14:12:29 | 000,000,000 | ---D | M] -- C:\Users\Xuyuan\AppData\Roaming\uTorrent
[2010/09/26 13:27:00 | 000,000,000 | ---D | M] -- C:\Users\Xuyuan\AppData\Roaming\xmldm
[2010/08/19 20:36:17 | 000,024,428 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/01/22 07:35:08 | 000,003,773 | RH-- | M] () -- C:\dell.sdr
[2010/10/13 10:52:56 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/01 17:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/10/13 10:53:37 | 4024,811,520 | -HS- | M] () -- C:\pagefile.sys
[2010/09/02 16:23:43 | 000,032,334 | ---- | M] () -- C:\ProgramList.txt
[2010/09/24 00:25:20 | 000,000,071 | ---- | M] () -- C:\ToasterLauncherLog.log

< %systemroot%\Fonts\*.com >
[2009/07/14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\*.scr >
[2009/07/10 20:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


< %PROGRAMFILES%\*.* >
[2009/07/14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/29 04:40:40 | 000,000,221 | -HS- | M] () -- C:\Users\Xuyuan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %systemroot%\ADDINS\*.* >
[2009/06/10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf
< %ALLUSERSPROFILE%\*.dat /x >
[2010/10/13 10:55:26 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib


< %systemroot%\system32\*.ico >
[2009/06/10 23:17:19 | 000,116,288 | ---- | M] () -- C:\Windows\SysWOW64\PerfCenterCpl.ico

< %systemroot%\logs\*.* >
[2010/08/31 16:48:32 | 000,634,327 | ---- | M] () -- C:\Windows\Logs\DirectX.log


< %UserProfile%\*.dat >
[2010/10/13 14:14:04 | 009,699,328 | -HS- | M] () -- C:\Users\Xuyuan\NTUSER.DAT


< %systemroot%\system32\*.mof >
[2009/07/13 22:29:26 | 000,000,714 | ---- | M] () -- C:\Windows\SysWOW64\RestartManager.mof
[2009/07/13 22:29:26 | 000,000,176 | ---- | M] () -- C:\Windows\SysWOW64\RestartManagerUninstall.mof

< %systemroot%\*.atm >


< %ProgramFiles%\*. >
[2010/08/16 18:45:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/08/19 16:19:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies
[2010/08/01 10:01:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/08/31 15:48:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Aspyr
[2010/09/21 15:30:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BUFFALO
[2010/07/29 07:20:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2010/01/22 06:05:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Citrix
[2010/09/29 10:37:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cobian Backup 10
[2010/08/21 18:04:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/01/22 06:22:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2010/01/22 06:21:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative Live! Cam
[2010/07/29 21:42:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/01/22 06:33:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell
[2010/10/13 10:55:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell DataSafe Local Backup
[2010/02/18 21:27:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Support Center
[2010/01/22 06:22:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Webcam
[2010/08/09 04:30:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivXLand
[2010/08/21 17:33:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dragon Age
[2010/08/16 06:34:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\dtSearch
[2010/08/03 01:57:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EndNote X4
[2010/08/16 03:41:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Exalead
[2010/08/20 03:25:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/10/02 11:10:44 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/09/30 03:24:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/08/05 17:11:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Inventec
[2010/02/15 22:40:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/09/26 13:51:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lavasoft
[2010/10/02 10:47:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LingvoSoft
[2010/08/07 14:29:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LizardTech
[2010/08/17 20:02:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LucasArts
[2010/09/24 07:31:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/01/22 06:18:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010/08/03 00:49:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/01/22 06:07:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2010/08/03 00:49:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/09/30 03:25:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/01/22 06:19:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/01/22 06:20:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/08/03 00:50:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/08/03 00:52:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/09/24 11:23:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2010/08/03 00:52:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/08/02 21:03:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/08/01 06:50:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2010/08/08 13:01:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OJOsoft
[2010/10/12 12:55:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Orange Internet
[2010/08/01 10:02:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/07/14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/01/22 06:13:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sensible Vision
[2010/08/16 03:02:49 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2010/08/05 17:06:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SlySoft
[2010/07/29 21:52:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sony
[2010/09/27 10:32:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sophos
[2010/09/29 18:00:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/08/21 18:04:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2010/09/27 00:45:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trend Micro
[2010/10/02 10:59:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ultralingua
[2009/07/14 06:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/08/08 09:57:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2010/07/29 13:31:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2010/02/16 00:41:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Virtual Earth 3D
[2009/07/14 07:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/02/15 23:21:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/01/22 06:17:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/08/01 04:11:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/01/22 07:33:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/14 07:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 07:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/14 07:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/08/02 19:34:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Virtual PC
[2010/08/17 13:21:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR
[2010/08/19 05:43:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Xerox
[2010/08/04 14:14:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\設定光碟路徑

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 15 October 2010 - 04:51 AM

Run OTL Script

We need to run an OTL Fix
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    CODE
    :OTL
    FF - prefs.js..network.proxy.http: " 195.37.16.152"
    FF - prefs.js..network.proxy.http_port: 3128
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O32 - AutoRun File - [2005/09/02 21:21:51 | 000,000,051 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
    O32 - AutoRun File - [2006/11/03 04:17:14 | 000,000,035 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{3d8b4fd4-1ce6-11df-8e07-c417fe36ac6a}\Shell - "" = AutoRun
    O33 - MountPoints2\{3d8b4fd4-1ce6-11df-8e07-c417fe36ac6a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{483a761e-1808-11df-b8d5-701a049c7437}\Shell - "" = AutoRun
    O33 - MountPoints2\{483a761e-1808-11df-b8d5-701a049c7437}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{9397b43d-cc31-11df-8bcf-d51af3a0fd6b}\Shell - "" = AutoRun
    O33 - MountPoints2\{9397b43d-cc31-11df-8bcf-d51af3a0fd6b}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
    O33 - MountPoints2\{cc867070-1cc2-11df-b93f-0026b91f220b}\Shell - "" = AutoRun
    O33 - MountPoints2\{cc867070-1cc2-11df-b93f-0026b91f220b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Michael_SB

Michael_SB
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 15 October 2010 - 07:26 AM

Hi, thank you for taking so much time to read through the scan. thumbup.gif

Is it possible to summarize what the OTL fix will do- for example, the fix on one of my Firefox proxies? I use that to log in to my work (with Multiproxy), and it is working fine.

The initial problem, the .exe with the random-generated filenames, such as "scnxowamer.exe", has not since resurfaced. Do the scans indicate the virus or whatever it was has been cleaned?

THanks again for your time and help. smile.gif

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 15 October 2010 - 11:34 AM

Hello

Is it possible to summarize what the OTL fix will do- for example, the fix on one of my Firefox proxies? I use that to log in to my work (with Multiproxy), and it is working fine.

Then please leave alone, when I checked out the ip it said it was from Amsterdam and I thought may have been wrong

The initial problem, the .exe with the random-generated filenames, such as "scnxowamer.exe", has not since resurfaced. Do the scans indicate the virus or whatever it was has been cleaned?
You haven't sent me the report from MBAM so it may have been taken care of then

Remove these two lines from the script and then run it

FF - prefs.js..network.proxy.http: " 195.37.16.152"
FF - prefs.js..network.proxy.http_port: 3128

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 17 October 2010 - 11:49 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 21 October 2010 - 02:07 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users