Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton keeps saying "Web Attack: Malicious Toolkit Website9"


  • This topic is locked This topic is locked
21 replies to this topic

#1 astralboy

astralboy

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 12 January 2012 - 09:43 PM

Hi,

My Norton Internet Security recently reported many security threats of "Web Attack: Malicious Toolkit Website9". Also, I recognized from "task manager" that svchost.exe always used up most of the cpu and memory resources. Occasionally, there was a pop up message saying there was an error in svchost.exe and svchost.exe has be be ended. So I suspected my laptop was infected by virus/Trojan. Doing a scan with Norton did not show any suspicious items. Then I ran Microsoft's malicious software removal tool and found my laptop was infected by a trojan: JS/Hiloti.F. That removal tool seems to have removed it. However, the primary issue hasn't been solved yet. Norton is still reporting security threats of Web attack and svchost.exe is still eating up all my resources. Could anyone advice me how to cleanup my laptop?
(P.S. My Ark.txt is too big for uploading as attachment...)
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by TsingWai at 19:54:19 on 2012-01-12
Microsoft Windows XP Home Edition 5.1.2600.3.950.886.1033.18.2686.1770 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\TsingWai\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\TsingWai\Desktop\procexp\procexp.exe
C:\WINDOWS\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>;*.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: 顯示 Norton 工具列: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\tsingwai\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\tsingwai\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\tsingwai\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\tsingwai\startm~1\programs\startup\rainle~1.lnk - c:\program files\rainlendar\Rainlendar.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: 下載編碼內容(S&martGet) - c:\documents and settings\tsingwai\desktop\smartget1.5\dl_text.html
IE: 使用S&martGet下載 - c:\documents and settings\tsingwai\desktop\smartget1.5\dl_link.htm
IE: 使用UUSee下? - c:\program files\uusee\geturltodown.htm
IE: 使用UUSee加速播放 - c:\program files\uusee\geturltoplay.htm
IE: 全部使用Smart&Get下載 - c:\documents and settings\tsingwai\desktop\smartget1.5\dl_all.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248647074250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2A5B5D9E-31C9-4670-8445-9FDCD233E272} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tsingwai\application data\mozilla\firefox\profiles\7ib66198.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-10-28 54960]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-1-5 106104]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120112.002\NAVENG.SYS [2012-1-12 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120112.002\NAVEX15.SYS [2012-1-12 1576312]
R3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2020-1-1 1251720]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
.
=============== Created Last 30 ================
.
2020-01-02 02:01:21 -------- d-sh--w- c:\documents and settings\tsingwai\IETldCache
2020-01-02 01:52:27 -------- d-----w- c:\documents and settings\tsingwai\application data\Symantec
2020-01-02 01:50:12 -------- d-----w- c:\program files\Norton Internet Security
2020-01-02 01:49:22 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2020-01-02 01:49:22 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2020-01-02 01:49:12 -------- d-----w- c:\program files\Symantec
2020-01-02 01:11:03 -------- d-----w- c:\documents and settings\all users\application data\Symantec
2020-01-02 01:10:27 -------- d-----w- c:\program files\common files\Symantec Shared
2012-01-12 04:28:42 -------- d-----w- c:\documents and settings\tsingwai\application data\Malwarebytes
2012-01-12 04:28:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-12 04:28:22 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-12 04:28:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-10 16:38:50 -------- d-----w- c:\windows\SDold
2012-01-10 13:35:57 -------- d-----w- c:\windows\pss
2012-01-09 09:21:37 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-01-09 09:21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-01-09 09:21:34 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-01-09 09:21:33 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-01-09 09:21:32 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-01-09 09:21:29 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-01-09 09:21:28 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-01-09 09:21:25 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-01-09 09:21:21 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-01-09 09:21:18 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-01-09 09:19:59 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2012-01-09 09:18:56 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2012-01-09 09:17:59 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2012-01-09 09:16:59 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2012-01-09 09:15:58 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2012-01-09 09:14:57 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2012-01-09 09:13:54 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2012-01-09 09:12:58 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2012-01-09 09:11:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2012-01-09 09:10:55 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2012-01-09 09:09:57 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2012-01-09 09:08:59 455199 -c--a-w- c:\windows\system32\dllcache\el985n51.sys
2012-01-09 09:07:59 65622 -c--a-w- c:\windows\system32\dllcache\digiasyn.dll
2012-01-09 09:06:58 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2012-01-09 09:05:41 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-01-09 09:04:56 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2012-01-09 09:02:57 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2012-01-05 00:48:24 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys
2012-01-04 00:28:51 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-04 00:28:51 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-04 00:28:51 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-04 00:28:51 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-13 19:02:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS722010K9SA00 rev.DC2OC76A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A72F49F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a736738]; MOV EAX, [0x8a7368ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AA88AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A94B7D0]
\Driver\atapi[0x8A944030] -> IRP_MJ_CREATE -> 0x8A72F49F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A72F2C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:56:34.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:21 AM

Posted 13 January 2012 - 03:28 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 astralboy

astralboy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 13 January 2012 - 07:00 AM

Hi SweetTech,

According to your advice, I ran TDSSKiller and OTL. Following is the log for TDSSKiller.

02:52:18.0734 2672 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
02:52:20.0734 2672 ============================================================
02:52:20.0734 2672 Current date / time: 2012/01/13 02:52:20.0734
02:52:20.0734 2672 SystemInfo:
02:52:20.0734 2672
02:52:20.0734 2672 OS Version: 5.1.2600 ServicePack: 3.0
02:52:20.0734 2672 Product type: Workstation
02:52:20.0734 2672 ComputerName: TSING-WZK1EYHAL
02:52:20.0734 2672 UserName: TsingWai
02:52:20.0734 2672 Windows directory: C:\WINDOWS
02:52:20.0734 2672 System windows directory: C:\WINDOWS
02:52:20.0734 2672 Processor architecture: Intel x86
02:52:20.0734 2672 Number of processors: 2
02:52:20.0734 2672 Page size: 0x1000
02:52:20.0734 2672 Boot type: Normal boot
02:52:20.0734 2672 ============================================================
02:52:23.0406 2672 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000, SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
02:52:23.0421 2672 Drive \Device\Harddisk1\DR3 - Size: 0x3C7200000, SectorSize: 0x200, Cylinders: 0x7B4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:52:23.0421 2672 Drive \Device\Harddisk2\DR4 - Size: 0xE8E0DB6000, SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:52:23.0515 2672 Initialize success
02:53:55.0250 4020 ============================================================
02:53:55.0250 4020 Scan started
02:53:55.0250 4020 Mode: Manual; SigCheck; TDLFS;
02:53:55.0250 4020 ============================================================
02:53:55.0484 4020 Abiosdsk - ok
02:53:55.0515 4020 abp480n5 - ok
02:53:55.0593 4020 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:53:56.0031 4020 ACPI - ok
02:53:56.0156 4020 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
02:53:56.0359 4020 ACPIEC - ok
02:53:56.0390 4020 adpu160m - ok
02:53:56.0437 4020 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
02:53:56.0656 4020 aec - ok
02:53:56.0703 4020 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
02:53:56.0750 4020 AFD - ok
02:53:56.0765 4020 Aha154x - ok
02:53:56.0781 4020 aic78u2 - ok
02:53:56.0796 4020 aic78xx - ok
02:53:56.0828 4020 AliIde - ok
02:53:56.0875 4020 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
02:53:56.0937 4020 AmdK8 - ok
02:53:56.0953 4020 amsint - ok
02:53:56.0968 4020 asc - ok
02:53:56.0984 4020 asc3350p - ok
02:53:57.0000 4020 asc3550 - ok
02:53:57.0046 4020 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:53:57.0265 4020 AsyncMac - ok
02:53:57.0375 4020 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:53:57.0609 4020 atapi - ok
02:53:57.0656 4020 Atdisk - ok
02:53:57.0750 4020 ati2mtag (e78b73eb84c257d0d940e041742d2699) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
02:53:57.0859 4020 ati2mtag - ok
02:53:58.0000 4020 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:53:58.0203 4020 Atmarpc - ok
02:53:58.0281 4020 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:53:58.0484 4020 audstub - ok
02:53:58.0640 4020 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
02:53:58.0718 4020 BCM43XX - ok
02:53:58.0765 4020 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
02:53:58.0828 4020 bcm4sbxp - ok
02:53:58.0921 4020 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:53:59.0140 4020 Beep - ok
02:53:59.0250 4020 catchme - ok
02:53:59.0375 4020 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:53:59.0593 4020 cbidf2k - ok
02:53:59.0718 4020 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:53:59.0937 4020 CCDECODE - ok
02:53:59.0968 4020 cd20xrnt - ok
02:53:59.0984 4020 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:54:00.0203 4020 Cdaudio - ok
02:54:00.0234 4020 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
02:54:00.0468 4020 Cdfs - ok
02:54:00.0515 4020 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:54:00.0734 4020 Cdrom - ok
02:54:00.0750 4020 Changer - ok
02:54:00.0796 4020 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
02:54:01.0031 4020 CmBatt - ok
02:54:01.0031 4020 CmdIde - ok
02:54:01.0093 4020 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
02:54:01.0125 4020 COH_Mon - ok
02:54:01.0156 4020 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
02:54:01.0375 4020 Compbatt - ok
02:54:01.0437 4020 CO_Mon (73f5d6835bfa66019c03e316d99649da) C:\WINDOWS\system32\drivers\CO_Mon.sys
02:54:01.0453 4020 CO_Mon - ok
02:54:01.0546 4020 Cpqarray - ok
02:54:01.0578 4020 dac2w2k - ok
02:54:01.0671 4020 dac960nt - ok
02:54:01.0750 4020 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
02:54:01.0984 4020 Disk - ok
02:54:02.0062 4020 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
02:54:02.0343 4020 dmboot - ok
02:54:02.0421 4020 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
02:54:02.0640 4020 dmio - ok
02:54:02.0671 4020 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:54:02.0906 4020 dmload - ok
02:54:03.0015 4020 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
02:54:03.0250 4020 DMusic - ok
02:54:03.0281 4020 dpti2o - ok
02:54:03.0328 4020 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
02:54:03.0531 4020 drmkaud - ok
02:54:03.0578 4020 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
02:54:03.0656 4020 dtscsi - ok
02:54:03.0765 4020 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
02:54:03.0859 4020 eeCtrl - ok
02:54:03.0890 4020 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
02:54:03.0906 4020 EraserUtilRebootDrv - ok
02:54:03.0984 4020 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
02:54:04.0203 4020 Fastfat - ok
02:54:04.0218 4020 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
02:54:04.0437 4020 Fdc - ok
02:54:04.0468 4020 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
02:54:04.0687 4020 Fips - ok
02:54:04.0781 4020 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
02:54:05.0000 4020 Flpydisk - ok
02:54:05.0125 4020 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
02:54:05.0359 4020 FltMgr - ok
02:54:05.0406 4020 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
02:54:05.0625 4020 FsVga - ok
02:54:05.0718 4020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:54:05.0921 4020 Fs_Rec - ok
02:54:05.0984 4020 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:54:06.0218 4020 Ftdisk - ok
02:54:06.0250 4020 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
02:54:06.0281 4020 GEARAspiWDM - ok
02:54:06.0328 4020 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:54:06.0546 4020 Gpc - ok
02:54:06.0609 4020 hcmon (18c29504ed5b8b791dd574071f84ad96) C:\WINDOWS\system32\drivers\hcmon.sys
02:54:06.0625 4020 hcmon - ok
02:54:06.0671 4020 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:54:06.0906 4020 HDAudBus - ok
02:54:06.0937 4020 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:54:07.0156 4020 hidusb - ok
02:54:07.0187 4020 hpn - ok
02:54:07.0250 4020 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
02:54:07.0312 4020 HSF_DPV - ok
02:54:07.0390 4020 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
02:54:07.0421 4020 HSXHWAZL - ok
02:54:07.0484 4020 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
02:54:07.0531 4020 HTTP - ok
02:54:07.0562 4020 i2omgmt - ok
02:54:07.0578 4020 i2omp - ok
02:54:07.0609 4020 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:54:07.0828 4020 i8042prt - ok
02:54:07.0843 4020 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:54:08.0062 4020 Imapi - ok
02:54:08.0078 4020 ini910u - ok
02:54:08.0109 4020 IntelIde - ok
02:54:08.0140 4020 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
02:54:08.0375 4020 ip6fw - ok
02:54:08.0390 4020 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:54:08.0625 4020 IpFilterDriver - ok
02:54:08.0734 4020 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:54:08.0968 4020 IpInIp - ok
02:54:09.0015 4020 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:54:09.0250 4020 IpNat - ok
02:54:09.0296 4020 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:54:09.0515 4020 IPSec - ok
02:54:09.0546 4020 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:54:09.0640 4020 IRENUM - ok
02:54:09.0687 4020 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:54:09.0953 4020 isapnp - ok
02:54:09.0984 4020 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:54:10.0218 4020 Kbdclass - ok
02:54:10.0312 4020 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:54:10.0531 4020 kbdhid - ok
02:54:10.0609 4020 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
02:54:10.0843 4020 kmixer - ok
02:54:10.0890 4020 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
02:54:10.0984 4020 KSecDD - ok
02:54:11.0062 4020 lbrtfdc - ok
02:54:11.0125 4020 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
02:54:11.0156 4020 LHidFilt - ok
02:54:11.0234 4020 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
02:54:11.0265 4020 LMouFilt - ok
02:54:11.0296 4020 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
02:54:11.0343 4020 mdmxsdk - ok
02:54:11.0406 4020 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:54:11.0625 4020 mnmdd - ok
02:54:11.0687 4020 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
02:54:11.0890 4020 Modem - ok
02:54:11.0937 4020 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:54:12.0171 4020 Mouclass - ok
02:54:12.0234 4020 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:54:12.0453 4020 mouhid - ok
02:54:12.0500 4020 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
02:54:12.0718 4020 MountMgr - ok
02:54:12.0765 4020 mraid35x - ok
02:54:12.0828 4020 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:54:13.0046 4020 MRxDAV - ok
02:54:13.0140 4020 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:54:13.0234 4020 MRxSmb - ok
02:54:13.0328 4020 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
02:54:13.0546 4020 Msfs - ok
02:54:13.0578 4020 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:54:13.0796 4020 MSKSSRV - ok
02:54:13.0843 4020 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:54:14.0140 4020 MSPCLOCK - ok
02:54:14.0812 4020 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
02:54:15.0125 4020 MSPQM - ok
02:54:15.0343 4020 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:54:15.0562 4020 mssmbios - ok
02:54:15.0984 4020 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
02:54:16.0234 4020 MSTEE - ok
02:54:16.0359 4020 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
02:54:16.0406 4020 Mup - ok
02:54:16.0531 4020 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:54:16.0765 4020 NABTSFEC - ok
02:54:16.0968 4020 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120112.019\NAVENG.SYS
02:54:16.0984 4020 NAVENG - ok
02:54:17.0062 4020 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120112.019\NAVEX15.SYS
02:54:17.0156 4020 NAVEX15 - ok
02:54:17.0406 4020 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
02:54:17.0703 4020 NDIS - ok
02:54:17.0765 4020 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:54:18.0015 4020 NdisIP - ok
02:54:18.0109 4020 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:54:18.0218 4020 NdisTapi - ok
02:54:18.0343 4020 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:54:18.0578 4020 Ndisuio - ok
02:54:18.0734 4020 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:54:18.0968 4020 NdisWan - ok
02:54:19.0000 4020 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
02:54:19.0078 4020 NDProxy - ok
02:54:19.0171 4020 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:54:19.0406 4020 NetBIOS - ok
02:54:19.0453 4020 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:54:19.0671 4020 NetBT - ok
02:54:19.0734 4020 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
02:54:19.0953 4020 Npfs - ok
02:54:20.0000 4020 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
02:54:20.0250 4020 Ntfs - ok
02:54:20.0468 4020 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:54:20.0671 4020 Null - ok
02:54:20.0750 4020 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:54:21.0000 4020 NwlnkFlt - ok
02:54:21.0156 4020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:54:21.0390 4020 NwlnkFwd - ok
02:54:21.0468 4020 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
02:54:21.0687 4020 Parport - ok
02:54:21.0765 4020 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
02:54:22.0000 4020 PartMgr - ok
02:54:22.0046 4020 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:54:22.0250 4020 ParVdm - ok
02:54:22.0359 4020 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
02:54:22.0578 4020 PCI - ok
02:54:22.0593 4020 PCIDump - ok
02:54:22.0625 4020 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:54:22.0812 4020 PCIIde - ok
02:54:22.0859 4020 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:54:23.0078 4020 Pcmcia - ok
02:54:23.0093 4020 PDCOMP - ok
02:54:23.0109 4020 PDFRAME - ok
02:54:23.0125 4020 PDRELI - ok
02:54:23.0140 4020 PDRFRAME - ok
02:54:23.0156 4020 perc2 - ok
02:54:23.0187 4020 perc2hib - ok
02:54:23.0250 4020 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:54:23.0468 4020 PptpMiniport - ok
02:54:23.0515 4020 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
02:54:23.0734 4020 Processor - ok
02:54:23.0843 4020 PROCEXP151 - ok
02:54:24.0015 4020 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
02:54:24.0234 4020 PSched - ok
02:54:24.0359 4020 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:54:24.0562 4020 Ptilink - ok
02:54:24.0734 4020 ql1080 - ok
02:54:24.0750 4020 Ql10wnt - ok
02:54:24.0765 4020 ql12160 - ok
02:54:24.0781 4020 ql1240 - ok
02:54:24.0796 4020 ql1280 - ok
02:54:24.0859 4020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:54:25.0078 4020 RasAcd - ok
02:54:25.0171 4020 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:54:25.0437 4020 Rasl2tp - ok
02:54:25.0625 4020 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:54:25.0890 4020 RasPppoe - ok
02:54:26.0000 4020 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:54:26.0312 4020 Raspti - ok
02:54:26.0609 4020 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:54:26.0859 4020 Rdbss - ok
02:54:27.0140 4020 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:54:27.0375 4020 RDPCDD - ok
02:54:27.0828 4020 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
02:54:27.0984 4020 RDPWD - ok
02:54:28.0046 4020 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:54:28.0296 4020 redbook - ok
02:54:28.0531 4020 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
02:54:28.0578 4020 rimmptsk - ok
02:54:28.0765 4020 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
02:54:29.0046 4020 sdbus - ok
02:54:29.0421 4020 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:54:29.0546 4020 Secdrv - ok
02:54:29.0750 4020 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
02:54:30.0000 4020 Serial - ok
02:54:30.0328 4020 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
02:54:30.0609 4020 sffdisk - ok
02:54:30.0718 4020 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
02:54:31.0031 4020 sffp_sd - ok
02:54:31.0156 4020 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:54:31.0406 4020 Sfloppy - ok
02:54:31.0453 4020 Simbad - ok
02:54:31.0515 4020 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:54:31.0812 4020 SLIP - ok
02:54:31.0843 4020 Sparrow - ok
02:54:31.0968 4020 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
02:54:32.0015 4020 SPBBCDrv - ok
02:54:32.0203 4020 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
02:54:32.0437 4020 splitter - ok
02:54:32.0609 4020 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\System32\Drivers\sptd.sys
02:54:32.0765 4020 sptd - ok
02:54:32.0859 4020 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
02:54:33.0015 4020 sr - ok
02:54:33.0203 4020 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\WINDOWS\system32\Drivers\SRTSP.SYS
02:54:33.0265 4020 SRTSP - ok
02:54:33.0390 4020 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
02:54:33.0500 4020 SRTSPL - ok
02:54:33.0578 4020 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
02:54:33.0609 4020 SRTSPX - ok
02:54:33.0687 4020 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
02:54:33.0781 4020 Srv - ok
02:54:34.0031 4020 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
02:54:34.0140 4020 STHDA - ok
02:54:34.0234 4020 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:54:34.0531 4020 streamip - ok
02:54:34.0656 4020 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:54:34.0890 4020 swenum - ok
02:54:34.0921 4020 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
02:54:35.0171 4020 swmidi - ok
02:54:35.0218 4020 symc810 - ok
02:54:35.0265 4020 symc8xx - ok
02:54:35.0312 4020 SYMDNS (fe9f8b3a8bc22d85332b42e92308ddf9) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
02:54:35.0328 4020 SYMDNS - ok
02:54:35.0421 4020 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
02:54:35.0453 4020 SymEvent - ok
02:54:35.0546 4020 SYMFW (a0ea9d273889e53cfaabf2444692ccbf) C:\WINDOWS\System32\Drivers\SYMFW.SYS
02:54:35.0578 4020 SYMFW - ok
02:54:35.0640 4020 SYMIDS (23527b9cd4f7b9e31160e98d340e7e85) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
02:54:35.0734 4020 SYMIDS - ok
02:54:36.0062 4020 SYMIDSCO (833cb6f07e4f91be1575fed7711748b9) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20120112.002\SymIDSCo.sys
02:54:36.0109 4020 SYMIDSCO - ok
02:54:36.0281 4020 SymIM (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys
02:54:36.0312 4020 SymIM - ok
02:54:36.0328 4020 SymIMMP (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys
02:54:36.0359 4020 SymIMMP - ok
02:54:36.0406 4020 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
02:54:36.0437 4020 symlcbrd - ok
02:54:36.0484 4020 SYMNDIS (d605af3a380a83f4a562f1ad3ee19ecd) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
02:54:36.0515 4020 SYMNDIS - ok
02:54:36.0546 4020 SYMREDRV (7c6505ea598e58099d3b7e1f70426864) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
02:54:36.0578 4020 SYMREDRV - ok
02:54:36.0609 4020 SYMTDI (e6ff7ace71d07ca90119f2c6ab592ba4) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
02:54:36.0640 4020 SYMTDI - ok
02:54:36.0671 4020 sym_hi - ok
02:54:36.0687 4020 sym_u3 - ok
02:54:36.0750 4020 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
02:54:36.0875 4020 SynTP - ok
02:54:37.0062 4020 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
02:54:37.0281 4020 sysaudio - ok
02:54:37.0375 4020 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:54:37.0500 4020 Tcpip - ok
02:54:37.0593 4020 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:54:37.0828 4020 TDPIPE - ok
02:54:37.0859 4020 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
02:54:38.0062 4020 TDTCP - ok
02:54:38.0093 4020 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:54:38.0328 4020 TermDD - ok
02:54:38.0375 4020 TosIde - ok
02:54:38.0484 4020 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
02:54:38.0687 4020 Udfs - ok
02:54:38.0765 4020 UIUSys - ok
02:54:38.0781 4020 ultra - ok
02:54:38.0906 4020 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
02:54:39.0125 4020 Update - ok
02:54:39.0203 4020 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:54:39.0437 4020 usbccgp - ok
02:54:39.0531 4020 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:54:39.0750 4020 usbehci - ok
02:54:39.0796 4020 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:54:40.0046 4020 usbhub - ok
02:54:40.0062 4020 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:54:40.0281 4020 usbohci - ok
02:54:40.0328 4020 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:54:40.0546 4020 usbprint - ok
02:54:40.0703 4020 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:54:40.0921 4020 USBSTOR - ok
02:54:41.0000 4020 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
02:54:41.0468 4020 usbvideo - ok
02:54:41.0531 4020 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
02:54:41.0750 4020 VgaSave - ok
02:54:41.0765 4020 ViaIde - ok
02:54:41.0828 4020 vmci (5137e48ad1d6ee1e789a20aa49b793e4) C:\WINDOWS\system32\Drivers\vmci.sys
02:54:41.0843 4020 vmci - ok
02:54:41.0890 4020 vmkbd (415a0bc09e9187e3994508968ffef9bf) C:\WINDOWS\system32\drivers\VMkbd.sys
02:54:41.0921 4020 vmkbd - ok
02:54:41.0953 4020 VMnetAdapter (898706a05d20b706848a440961c52436) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
02:54:41.0984 4020 VMnetAdapter - ok
02:54:42.0031 4020 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
02:54:42.0046 4020 VMnetBridge - ok
02:54:42.0078 4020 VMnetuserif (24294deae94290431a95bfe0ed5438da) C:\WINDOWS\system32\drivers\vmnetuserif.sys
02:54:42.0109 4020 VMnetuserif - ok
02:54:42.0125 4020 vmusb (25017db6451b002158db425961a82b7b) C:\WINDOWS\system32\Drivers\vmusb.sys
02:54:42.0171 4020 vmusb - ok
02:54:42.0281 4020 vmx86 (541f40e9cef74b6a7c766f8f0a838d07) C:\WINDOWS\system32\Drivers\vmx86.sys
02:54:42.0343 4020 vmx86 - ok
02:54:42.0437 4020 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
02:54:42.0781 4020 VolSnap - ok
02:54:42.0890 4020 vstor2-ws60 (70652ddbb219083acda28ca0cb0d6663) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
02:54:42.0953 4020 vstor2-ws60 - ok
02:54:43.0015 4020 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:54:43.0250 4020 Wanarp - ok
02:54:43.0312 4020 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
02:54:43.0359 4020 Wdf01000 - ok
02:54:43.0453 4020 WDICA - ok
02:54:43.0578 4020 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
02:54:43.0796 4020 wdmaud - ok
02:54:43.0875 4020 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
02:54:43.0937 4020 winachsf - ok
02:54:44.0078 4020 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
02:54:44.0281 4020 WmiAcpi - ok
02:54:44.0328 4020 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:54:44.0515 4020 WpdUsb - ok
02:54:44.0765 4020 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:54:45.0000 4020 WS2IFSL - ok
02:54:45.0109 4020 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:54:45.0359 4020 WSTCODEC - ok
02:54:45.0484 4020 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:54:45.0625 4020 WudfPf - ok
02:54:45.0750 4020 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:54:45.0828 4020 WudfRd - ok
02:54:45.0890 4020 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
02:54:45.0921 4020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
02:54:45.0921 4020 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
02:54:45.0968 4020 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
02:54:45.0968 4020 \Device\Harddisk0\DR0 - detected TDSS File System (1)
02:54:45.0984 4020 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
02:54:50.0437 4020 \Device\Harddisk1\DR3 - ok
02:54:50.0437 4020 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
02:54:50.0593 4020 \Device\Harddisk2\DR4 - ok
02:54:50.0593 4020 Boot (0x1200) (4d6dfbd35dc1c2110cadffd859494f42) \Device\Harddisk0\DR0\Partition0
02:54:50.0593 4020 \Device\Harddisk0\DR0\Partition0 - ok
02:54:50.0625 4020 Boot (0x1200) (75c6dc4ffbb68eb54078ac78b6db9a5c) \Device\Harddisk0\DR0\Partition1
02:54:50.0625 4020 \Device\Harddisk0\DR0\Partition1 - ok
02:54:50.0625 4020 Boot (0x1200) (04ef8e96e9efe1800a808c06823b3c99) \Device\Harddisk1\DR3\Partition0
02:54:50.0625 4020 \Device\Harddisk1\DR3\Partition0 - ok
02:54:50.0640 4020 Boot (0x1200) (309d77eee5a29a78b11c4f577a99cf89) \Device\Harddisk2\DR4\Partition0
02:54:50.0640 4020 \Device\Harddisk2\DR4\Partition0 - ok
02:54:50.0640 4020 ============================================================
02:54:50.0640 4020 Scan finished
02:54:50.0640 4020 ============================================================
02:54:50.0781 3348 Detected object count: 2
02:54:50.0781 3348 Actual detected object count: 2
02:55:47.0734 3348 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
02:55:47.0734 3348 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip
02:55:47.0750 3348 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
02:55:47.0750 3348 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
02:57:45.0250 2828 Deinitialize success

#4 astralboy

astralboy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 13 January 2012 - 07:06 AM

Here is the log for OTL.

OTL logfile created on: 1/13/2012 3:01:09 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\TsingWai\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.62 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 53.73% Memory free
4.47 Gb Paging File | 3.29 Gb Available in Paging File | 73.65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.71 Gb Total Space | 9.05 Gb Free Space | 16.84% Space Free | Partition Type: NTFS
Drive D: | 39.44 Gb Total Space | 3.65 Gb Free Space | 9.25% Space Free | Partition Type: NTFS
Drive S: | 931.51 Gb Total Space | 780.56 Gb Free Space | 83.79% Space Free | Partition Type: NTFS
Drive V: | 15.09 Gb Total Space | 0.24 Gb Free Space | 1.62% Space Free | Partition Type: FAT32

Computer Name: TSING-WZK1EYHAL | User Name: TsingWai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/13 02:58:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TsingWai\Desktop\OTL.exe
PRC - [2012/01/03 18:28:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/01 18:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\TsingWai\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/07/26 19:16:52 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/10/28 22:08:44 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2008/10/28 22:07:58 | 000,096,816 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2008/10/28 22:07:56 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008/10/28 22:07:20 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/05/27 16:57:00 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/27 16:53:06 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/31 10:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006/07/27 15:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 15:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004/05/09 05:36:40 | 000,040,960 | ---- | M] () -- C:\Program Files\Rainlendar\Rainlendar.exe


========== Modules (No Company Name) ==========

MOD - [2020/01/01 19:45:08 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2020/01/01 19:45:07 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2020/01/01 19:45:07 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2020/01/01 19:45:06 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/01/10 09:05:06 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_cf082df9\mscorlib.dll
MOD - [2012/01/10 09:05:02 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_7a559e11\system.drawing.dll
MOD - [2012/01/10 09:04:49 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_58a1843b\system.xml.dll
MOD - [2012/01/10 09:04:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_2903b3d7\system.windows.forms.dll
MOD - [2012/01/10 09:04:26 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2f051726\system.dll
MOD - [2012/01/10 09:04:12 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/10 09:04:11 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/01/10 09:04:09 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/01/03 18:28:49 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/13 13:02:54 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/07/23 02:54:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/07/26 19:16:52 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2009/07/26 19:16:52 | 000,362,376 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MOD - [2008/10/28 22:08:46 | 000,068,656 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\zlib1.dll
MOD - [2008/10/28 22:08:36 | 000,970,288 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\libxml2.dll
MOD - [2007/04/02 06:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006/11/01 13:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2004/05/09 05:43:25 | 000,348,160 | ---- | M] () -- C:\Program Files\Rainlendar\Rainlendar.dll
MOD - [2004/05/09 05:36:40 | 000,040,960 | ---- | M] () -- C:\Program Files\Rainlendar\Rainlendar.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2009/07/26 19:16:52 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/10/28 22:08:44 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008/10/28 22:07:56 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2008/10/28 22:07:20 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/10/02 17:25:42 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/05/27 16:54:28 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/08/31 10:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 06:35:24 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/21 17:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - [2012/01/04 18:48:24 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2011/11/08 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 03:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/17 16:22:25 | 000,268,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20120112.002\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2011/08/28 23:23:49 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/08/03 02:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120112.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 02:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120112.019\NAVENG.SYS -- (NAVENG)
DRV - [2009/07/29 22:05:10 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/07/27 01:56:40 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2009/03/17 11:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 12:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 12:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/10/28 22:08:58 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2008/10/28 22:08:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2008/10/28 22:08:56 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2008/10/28 22:08:54 | 000,857,392 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2008/10/28 22:08:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2008/10/28 16:03:28 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2008/10/28 16:03:28 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2008/10/28 16:03:28 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2008/10/02 17:24:48 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/02/29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/30 22:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 22:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 22:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/08/08 09:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/10/12 16:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/10/11 21:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/08/17 07:55:16 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/27 15:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2002/09/03 10:31:57 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CF 19 CE 03 71 51 3A 40 B6 92 AF B7 ED 6F D1 C2 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CF 19 CE 03 71 51 3A 40 B6 92 AF B7 ED 6F D1 C2 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CF 19 CE 03 71 51 3A 40 B6 92 AF B7 ED 6F D1 C2 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CF 19 CE 03 71 51 3A 40 B6 92 AF B7 ED 6F D1 C2 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2025429265-448539723-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2025429265-448539723-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 28 51 7F AD CF CC 01 [binary data]
IE - HKU\S-1-5-21-2025429265-448539723-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CF 19 CE 03 71 51 3A 40 B6 92 AF B7 ED 6F D1 C2 [binary data]
IE - HKU\S-1-5-21-2025429265-448539723-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2025429265-448539723-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: cctvplayer-plugin@www.cctv.com:0.11
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9E2E64EB-7D31-4E74-971B-946281FA911F}: C:\Documents and Settings\TsingWai\Local Settings\Application Data\{9E2E64EB-7D31-4E74-971B-946281FA911F}\ [2010/07/13 23:15:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{51863F06-0C9E-4768-802F-47F988452F90}: C:\Documents and Settings\TsingWai\Local Settings\Application Data\{51863F06-0C9E-4768-802F-47F988452F90}\ [2010/07/15 11:06:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBE73C1D-79A4-4EC3-B294-7800AF60987E}: C:\Documents and Settings\TsingWai\Local Settings\Application Data\{BBE73C1D-79A4-4EC3-B294-7800AF60987E}\ [2010/07/15 19:11:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{C2AF6B38-3212-495A-8D0A-56BA8D7FA668}: C:\Documents and Settings\TsingWai\Local Settings\Application Data\{C2AF6B38-3212-495A-8D0A-56BA8D7FA668}\ [2010/07/16 10:45:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B54B5207-4104-43F1-B405-56DB540C3740}: C:\Documents and Settings\TsingWai\Local Settings\Application Data\{B54B5207-4104-43F1-B405-56DB540C3740}\ [2010/07/18 18:48:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/03 18:28:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/26 11:18:00 | 000,000,000 | ---D | M]

[2012/01/11 20:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TsingWai\Application Data\Mozilla\Extensions
[2011/12/07 16:33:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TsingWai\Application Data\Mozilla\Firefox\Profiles\7ib66198.default\extensions
[2011/12/07 16:33:50 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\TsingWai\Application Data\Mozilla\Firefox\Profiles\7ib66198.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/11/09 10:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/03 18:28:50 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/08/24 03:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/10/27 07:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011/05/06 00:38:00 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\findbook-zh-TW.xml
[2011/05/06 00:38:00 | 000,001,222 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-zh-TW.xml
[2011/05/06 00:38:00 | 000,001,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-answer-zh-TW.xml
[2011/05/06 00:38:00 | 000,000,843 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-bid-zh-TW.xml
[2011/05/06 00:38:00 | 000,001,161 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-zh-TW.xml

O1 HOSTS File: ([2012/01/09 02:16:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (顯示 Norton 工具列) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2025429265-448539723-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2025429265-448539723-725345543-1004\..\Toolbar\WebBrowser: (顯示 Norton 工具列) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\TsingWai\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\TsingWai\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\TsingWai\Start Menu\Programs\Startup\Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025429265-448539723-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2025429265-448539723-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2025429265-448539723-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2025429265-448539723-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: 下載編碼內容(S&martGet) - C:\Documents and Settings\TsingWai\Desktop\SmartGet1.5\dl_text.html ()
O8 - Extra context menu item: 使用S&martGet下載 - C:\Documents and Settings\TsingWai\Desktop\SmartGet1.5\dl_link.htm ()
O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files\uusee\geturltodown.htm File not found
O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files\uusee\geturltoplay.htm File not found
O8 - Extra context menu item: 全部使用Smart&Get下載 - C:\Documents and Settings\TsingWai\Desktop\SmartGet1.5\dl_all.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248647074250 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A5B5D9E-31C9-4670-8445-9FDCD233E272}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ic32pp - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\TsingWai\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TsingWai\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/26 16:16:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2020/01/01 20:01:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\TsingWai\IETldCache
[2020/01/01 19:59:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2020/01/01 19:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TsingWai\Application Data\Symantec
[2020/01/01 19:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2020/01/01 19:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2020/01/01 19:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2020/01/01 19:49:22 | 000,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2020/01/01 19:49:22 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2020/01/01 19:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2020/01/01 19:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TsingWai\My Documents\Symantec
[2020/01/01 19:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2020/01/01 19:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/01/13 02:58:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TsingWai\Desktop\OTL.exe
[2012/01/13 02:51:42 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\TsingWai\Desktop\tdsskiller.exe
[2012/01/12 19:52:29 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\TsingWai\Desktop\dds.scr
[2012/01/12 11:31:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/01/12 06:04:54 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\TsingWai\Desktop\esetsmartinstaller_enu.exe
[2012/01/12 05:52:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/12 05:49:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/11 22:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TsingWai\Application Data\Malwarebytes
[2012/01/11 22:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/11 22:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/11 22:28:22 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/11 22:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/11 21:43:05 | 004,378,257 | R--- | C] (Swearware) -- C:\Documents and Settings\TsingWai\Desktop\ComboFix.exe
[2012/01/11 20:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TsingWai\Desktop\procexp
[2012/01/10 10:38:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\SDold
[2012/01/10 07:35:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/01/09 03:21:37 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2012/01/09 03:21:36 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2012/01/09 03:21:32 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2012/01/09 03:21:29 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2012/01/09 03:21:28 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2012/01/09 03:21:25 | 000,019,455 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys
[2012/01/09 03:21:21 | 000,012,063 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys
[2012/01/09 03:21:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2012/01/09 03:20:59 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2012/01/09 03:20:58 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2012/01/09 03:20:51 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2012/01/09 03:20:49 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2012/01/09 03:20:48 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2012/01/09 03:20:41 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
[2012/01/09 03:20:39 | 000,023,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2012/01/09 03:20:37 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2012/01/09 03:20:36 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2012/01/09 03:20:33 | 000,033,599 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys
[2012/01/09 03:20:31 | 000,019,551 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys
[2012/01/09 03:20:29 | 000,029,311 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys
[2012/01/09 03:20:26 | 000,011,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys
[2012/01/09 03:20:25 | 000,012,127 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys
[2012/01/09 03:20:23 | 000,012,415 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys
[2012/01/09 03:20:21 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2012/01/09 03:20:20 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2012/01/09 03:20:19 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2012/01/09 03:20:11 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2012/01/09 03:20:09 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2012/01/09 03:20:08 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2012/01/09 03:20:08 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2012/01/09 03:20:07 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2012/01/09 03:20:05 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2012/01/09 03:20:01 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2012/01/09 03:20:00 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2012/01/09 03:19:59 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2012/01/09 03:19:58 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2012/01/09 03:19:56 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2012/01/09 03:19:55 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2012/01/09 03:19:54 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2012/01/09 03:19:53 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2012/01/09 03:19:50 | 000,020,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbuhci.sys
[2012/01/09 03:19:48 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2012/01/09 03:19:47 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2012/01/09 03:19:43 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2012/01/09 03:19:41 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2012/01/09 03:19:37 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2012/01/09 03:19:37 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2012/01/09 03:19:36 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2012/01/09 03:19:36 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2012/01/09 03:19:36 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2012/01/09 03:19:35 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2012/01/09 03:19:34 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2012/01/09 03:19:33 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2012/01/09 03:19:33 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2012/01/09 03:19:32 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2012/01/09 03:19:31 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
[2012/01/09 03:19:29 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
[2012/01/09 03:19:24 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2012/01/09 03:19:24 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2012/01/09 03:19:24 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2012/01/09 03:19:23 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2012/01/09 03:19:22 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2012/01/09 03:19:21 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2012/01/09 03:19:20 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll
[2012/01/09 03:19:20 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
[2012/01/09 03:19:19 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2012/01/09 03:19:18 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll
[2012/01/09 03:19:16 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2012/01/09 03:19:15 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys
[2012/01/09 03:19:14 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys
[2012/01/09 03:19:13 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
[2012/01/09 03:19:12 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2012/01/09 03:19:09 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2012/01/09 03:19:09 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2012/01/09 03:19:07 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2012/01/09 03:19:04 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2012/01/09 03:19:03 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2012/01/09 03:18:56 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys
[2012/01/09 03:18:54 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2012/01/09 03:18:53 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2012/01/09 03:18:52 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2012/01/09 03:18:48 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys
[2012/01/09 03:18:47 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys
[2012/01/09 03:18:46 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys
[2012/01/09 03:18:45 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys
[2012/01/09 03:18:44 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2012/01/09 03:18:43 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2012/01/09 03:18:42 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2012/01/09 03:18:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2012/01/09 03:18:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2012/01/09 03:18:40 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2012/01/09 03:18:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2012/01/09 03:18:39 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2012/01/09 03:18:38 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2012/01/09 03:18:37 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2012/01/09 03:18:35 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2012/01/09 03:18:32 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2012/01/09 03:18:31 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2012/01/09 03:18:27 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2012/01/09 03:18:24 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2012/01/09 03:18:23 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2012/01/09 03:18:22 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2012/01/09 03:18:20 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2012/01/09 03:18:19 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys
[2012/01/09 03:18:18 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll
[2012/01/09 03:18:18 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys
[2012/01/09 03:18:17 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2012/01/09 03:18:15 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2012/01/09 03:18:14 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2012/01/09 03:18:05 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2012/01/09 03:18:04 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2012/01/09 03:18:02 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2012/01/09 03:18:02 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2012/01/09 03:18:01 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2012/01/09 03:18:01 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2012/01/09 03:17:59 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2012/01/09 03:17:57 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2012/01/09 03:17:57 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2012/01/09 03:17:56 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2012/01/09 03:17:55 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2012/01/09 03:17:53 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2012/01/09 03:17:44 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2012/01/09 03:17:43 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2012/01/09 03:17:42 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2012/01/09 03:17:42 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2012/01/09 03:17:42 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2012/01/09 03:17:40 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2012/01/09 03:17:40 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2012/01/09 03:17:40 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2012/01/09 03:17:39 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2012/01/09 03:17:39 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2012/01/09 03:17:38 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2012/01/09 03:17:37 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2012/01/09 03:17:29 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2012/01/09 03:17:28 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2012/01/09 03:17:28 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2012/01/09 03:17:28 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2012/01/09 03:17:27 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2012/01/09 03:17:23 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2012/01/09 03:17:23 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2012/01/09 03:17:20 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2012/01/09 03:17:18 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2012/01/09 03:17:17 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2012/01/09 03:17:12 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2012/01/09 03:17:11 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2012/01/09 03:17:10 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2012/01/09 03:17:10 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2012/01/09 03:17:07 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2012/01/09 03:17:07 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2012/01/09 03:17:04 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2012/01/09 03:17:03 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2012/01/09 03:17:02 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2012/01/09 03:17:01 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2012/01/09 03:17:00 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2012/01/09 03:16:59 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2012/01/09 03:16:58 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2012/01/09 03:16:57 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2012/01/09 03:16:57 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2012/01/09 03:16:57 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2012/01/09 03:16:56 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2012/01/09 03:16:56 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2012/01/09 03:16:54 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2012/01/09 03:16:54 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2012/01/09 03:16:48 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2012/01/09 03:16:47 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2012/01/09 03:16:42 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2012/01/09 03:16:42 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2012/01/09 03:16:41 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2012/01/09 03:16:38 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2012/01/09 03:16:37 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2012/01/09 03:16:34 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2012/01/09 03:16:33 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2012/01/09 03:16:32 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2012/01/09 03:16:23 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2012/01/09 03:16:19 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2012/01/09 03:16:19 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2012/01/09 03:16:18 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2012/01/09 03:16:17 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2012/01/09 03:16:09 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2012/01/09 03:16:09 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2012/01/09 03:16:07 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2012/01/09 03:16:06 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2012/01/09 03:16:05 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2012/01/09 03:16:03 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2012/01/09 03:16:01 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2012/01/09 03:16:00 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2012/01/09 03:16:00 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2012/01/09 03:15:58 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2012/01/09 03:15:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2012/01/09 03:15:55 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2012/01/09 03:15:52 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2012/01/09 03:15:49 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2012/01/09 03:15:48 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2012/01/09 03:15:46 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2012/01/09 03:15:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2012/01/09 03:15:34 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2012/01/09 03:15:33 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2012/01/09 03:15:33 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2012/01/09 03:15:32 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2012/01/09 03:15:31 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2012/01/09 03:15:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2012/01/09 03:15:29 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2012/01/09 03:15:27 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2012/01/09 03:15:26 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2012/01/09 03:15:24 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2012/01/09 03:15:22 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2012/01/09 03:15:21 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2012/01/09 03:15:20 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2012/01/09 03:15:19 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2012/01/09 03:15:18 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2012/01/09 03:15:17 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2012/01/09 03:15:16 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2012/01/09 03:15:16 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2012/01/09 03:15:15 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2012/01/09 03:15:13 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2012/01/09 03:15:12 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2012/01/09 03:15:09 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2012/01/09 03:15:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2012/01/09 03:15:07 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2012/01/09 03:15:06 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2012/01/09 03:15:06 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2012/01/09 03:15:06 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2012/01/09 03:15:05 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2012/01/09 03:15:05 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2012/01/09 03:15:04 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2012/01/09 03:15:04 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2012/01/09 03:15:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2012/01/09 03:15:03 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2012/01/09 03:15:03 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2012/01/09 03:15:02 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2012/01/09 03:15:01 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2012/01/09 03:14:57 | 000,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2012/01/09 03:14:52 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2012/01/09 03:14:51 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2012/01/09 03:14:46 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2012/01/09 03:14:38 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2012/01/09 03:14:38 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2012/01/09 03:14:36 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2012/01/09 03:14:33 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2012/01/09 03:14:32 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2012/01/09 03:14:30 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2012/01/09 03:14:29 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2012/01/09 03:14:25 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2012/01/09 03:14:23 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2012/01/09 03:14:22 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2012/01/09 03:14:21 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2012/01/09 03:14:17 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2012/01/09 03:14:16 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2012/01/09 03:14:15 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2012/01/09 03:14:14 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2012/01/09 03:14:13 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2012/01/09 03:14:12 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2012/01/09 03:14:11 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2012/01/09 03:14:10 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2012/01/09 03:14:09 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2012/01/09 03:14:09 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2012/01/09 03:14:08 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2012/01/09 03:14:07 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2012/01/09 03:14:06 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2012/01/09 03:14:04 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2012/01/09 03:13:54 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2012/01/09 03:13:51 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2012/01/09 03:13:46 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2012/01/09 03:13:43 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2012/01/09 03:13:36 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2012/01/09 03:13:35 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2012/01/09 03:13:33 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2012/01/09 03:13:28 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012/01/09 03:13:25 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2012/01/09 03:13:22 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2012/01/09 03:13:17 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2012/01/09 03:13:12 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2012/01/09 03:13:11 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2012/01/09 03:13:05 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2012/01/09 03:13:04 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2012/01/09 03:13:04 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2012/01/09 03:13:03 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012/01/09 03:13:00 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2012/01/09 03:12:58 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2012/01/09 03:12:57 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2012/01/09 03:12:56 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2012/01/09 03:12:54 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2012/01/09 03:12:53 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2012/01/09 03:12:51 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2012/01/09 03:12:50 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2012/01/09 03:12:49 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012/01/09 03:12:49 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2012/01/09 03:12:48 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2012/01/09 03:12:47 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012/01/09 03:12:46 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012/01/09 03:12:44 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2012/01/09 03:12:41 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2012/01/09 03:12:41 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2012/01/09 03:12:40 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012/01/09 03:12:39 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012/01/09 03:12:38 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2012/01/09 03:12:37 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2012/01/09 03:12:36 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2012/01/09 03:12:33 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2012/01/09 03:12:30 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2012/01/09 03:12:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2012/01/09 03:11:49 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2012/01/09 03:11:48 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2012/01/09 03:11:47 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2012/01/09 03:11:46 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2012/01/09 03:11:45 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2012/01/09 03:11:44 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2012/01/09 03:11:38 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2012/01/09 03:11:37 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2012/01/09 03:11:36 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2012/01/09 03:11:35 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2012/01/09 03:11:35 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2012/01/09 03:11:34 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2012/01/09 03:11:19 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2012/01/09 03:11:18 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2012/01/09 03:11:17 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2012/01/09 03:11:16 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2012/01/09 03:11:16 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2012/01/09 03:11:15 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2012/01/09 03:11:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2012/01/09 03:11:14 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2012/01/09 03:11:14 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2012/01/09 03:11:13 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2012/01/09 03:11:12 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2012/01/09 03:11:11 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2012/01/09 03:11:10 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2012/01/09 03:11:09 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2012/01/09 03:11:06 | 000,161,020 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2012/01/09 03:11:05 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2012/01/09 03:11:04 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2012/01/09 03:11:03 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2012/01/09 03:11:03 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2012/01/09 03:11:02 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2012/01/09 03:10:55 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2012/01/09 03:10:54 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2012/01/09 03:10:54 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2012/01/09 03:10:53 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2012/01/09 03:10:53 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2012/01/09 03:10:52 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2012/01/09 03:10:51 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2012/01/09 03:10:50 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2012/01/09 03:10:49 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2012/01/09 03:10:48 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2012/01/09 03:10:47 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2012/01/09 03:10:46 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2012/01/09 03:10:46 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2012/01/09 03:10:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2012/01/09 03:10:44 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2012/01/09 03:10:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2012/01/09 03:10:44 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2012/01/09 03:10:43 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2012/01/09 03:10:42 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2012/01/09 03:10:41 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2012/01/09 03:10:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2012/01/09 03:10:37 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2012/01/09 03:10:35 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2012/01/09 03:10:34 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2012/01/09 03:10:33 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2012/01/09 03:10:30 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2012/01/09 03:10:29 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2012/01/09 03:10:27 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2012/01/09 03:10:24 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2012/01/09 03:10:22 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/01/09 03:10:21 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2012/01/09 03:10:20 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2012/01/09 03:10:18 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2012/01/09 03:10:16 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2012/01/09 03:10:15 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2012/01/09 03:10:15 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2012/01/09 03:10:14 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2012/01/09 03:10:14 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2012/01/09 03:10:13 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2012/01/09 03:09:57 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2012/01/09 03:09:56 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2012/01/09 03:09:56 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2012/01/09 03:09:53 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2012/01/09 03:09:51 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2012/01/09 03:09:51 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2012/01/09 03:09:48 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012/01/09 03:09:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2012/01/09 03:09:43 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2012/01/09 03:09:42 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2012/01/09 03:09:39 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012/01/09 03:09:39 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2012/01/09 03:09:38 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2012/01/09 03:09:37 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2012/01/09 03:09:35 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2012/01/09 03:09:34 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2012/01/09 03:09:30 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2012/01/09 03:09:29 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2012/01/09 03:09:28 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2012/01/09 03:09:23 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2012/01/09 03:09:22 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2012/01/09 03:09:22 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2012/01/09 03:09:20 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2012/01/09 03:09:19 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2012/01/09 03:09:17 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2012/01/09 03:09:16 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2012/01/09 03:09:15 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2012/01/09 03:09:14 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2012/01/09 03:09:14 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2012/01/09 03:09:13 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2012/01/09 03:09:12 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2012/01/09 03:09:11 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2012/01/09 03:09:10 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2012/01/09 03:09:10 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2012/01/09 03:09:10 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2012/01/09 03:09:09 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2012/01/09 03:09:08 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\enum1394.sys
[2012/01/09 03:09:06 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2012/01/09 03:09:03 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2012/01/09 03:09:02 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2012/01/09 03:09:01 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2012/01/09 03:09:01 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2012/01/09 03:09:00 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2012/01/09 03:08:59 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2012/01/09 03:08:58 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2012/01/09 03:08:57 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2012/01/09 03:08:55 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2012/01/09 03:08:54 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2012/01/09 03:08:53 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2012/01/09 03:08:53 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2012/01/09 03:08:51 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2012/01/09 03:08:51 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2012/01/09 03:08:50 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2012/01/09 03:08:49 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2012/01/09 03:08:48 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2012/01/09 03:08:39 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2012/01/09 03:08:39 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2012/01/09 03:08:38 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2012/01/09 03:08:33 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2012/01/09 03:08:30 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2012/01/09 03:08:28 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012/01/09 03:08:27 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2012/01/09 03:08:26 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2012/01/09 03:08:25 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2012/01/09 03:08:24 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2012/01/09 03:08:18 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012/01/09 03:08:17 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2012/01/09 03:08:16 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2012/01/09 03:08:16 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2012/01/09 03:08:13 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012/01/09 03:08:12 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012/01/09 03:08:11 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012/01/09 03:08:11 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012/01/09 03:08:09 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012/01/09 03:08:08 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2012/01/09 03:08:07 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2012/01/09 03:08:06 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2012/01/09 03:08:05 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2012/01/09 03:08:04 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2012/01/09 03:08:03 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2012/01/09 03:08:03 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2012/01/09 03:08:02 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2012/01/09 03:08:02 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2012/01/09 03:08:01 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2012/01/09 03:08:00 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2012/01/09 03:08:00 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2012/01/09 03:07:59 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2012/01/09 03:07:56 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2012/01/09 03:07:56 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2012/01/09 03:07:54 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012/01/09 03:07:53 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012/01/09 03:07:52 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2012/01/09 03:07:51 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2012/01/09 03:07:49 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012/01/09 03:07:48 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2012/01/09 03:07:47 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2012/01/09 03:07:47 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2012/01/09 03:07:46 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2012/01/09 03:07:45 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2012/01/09 03:07:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2012/01/09 03:07:42 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2012/01/09 03:07:41 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2012/01/09 03:07:38 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2012/01/09 03:07:37 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2012/01/09 03:07:36 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2012/01/09 03:07:35 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2012/01/09 03:07:34 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2012/01/09 03:07:34 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2012/01/09 03:07:34 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2012/01/09 03:07:33 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2012/01/09 03:07:33 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2012/01/09 03:07:32 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012/01/09 03:07:31 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012/01/09 03:07:30 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012/01/09 03:07:29 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012/01/09 03:07:28 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2012/01/09 03:07:27 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2012/01/09 03:07:27 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2012/01/09 03:07:26 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2012/01/09 03:07:25 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/01/09 03:07:24 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2012/01/09 03:07:23 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2012/01/09 03:07:22 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2012/01/09 03:07:20 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2012/01/09 03:07:19 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2012/01/09 03:07:17 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2012/01/09 03:07:13 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2012/01/09 03:07:12 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2012/01/09 03:07:11 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2012/01/09 03:07:05 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2012/01/09 03:07:04 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2012/01/09 03:07:02 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2012/01/09 03:07:00 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012/01/09 03:06:58 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2012/01/09 03:06:57 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2012/01/09 03:06:56 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2012/01/09 03:06:55 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2012/01/09 03:06:54 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2012/01/09 03:06:52 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2012/01/09 03:06:51 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2012/01/09 03:06:45 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2012/01/09 03:06:42 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012/01/09 03:06:41 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012/01/09 03:06:40 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012/01/09 03:06:39 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012/01/09 03:06:38 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2012/01/09 03:06:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2012/01/09 03:06:35 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012/01/09 03:06:34 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012/01/09 03:06:33 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2012/01/09 03:06:32 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012/01/09 03:06:30 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012/01/09 03:06:29 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2012/01/09 03:06:27 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2012/01/09 03:06:27 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2012/01/09 03:06:26 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2012/01/09 03:06:25 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2012/01/09 03:06:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2012/01/09 03:06:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2012/01/09 03:06:21 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2012/01/09 03:06:20 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2012/01/09 03:06:19 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2012/01/09 03:05:41 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2012/01/09 03:05:39 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012/01/09 03:05:38 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012/01/09 03:05:37 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012/01/09 03:05:36 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012/01/09 03:05:35 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012/01/09 03:05:34 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012/01/09 03:05:33 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/01/09 03:05:32 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/01/09 03:05:30 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012/01/09 03:05:29 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012/01/09 03:05:28 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012/01/09 03:05:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2012/01/09 03:05:26 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012/01/09 03:05:25 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/01/09 03:05:24 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/01/09 03:05:23 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012/01/09 03:05:22 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012/01/09 03:05:21 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012/01/09 03:05:20 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012/01/09 03:05:18 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2012/01/09 03:05:16 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2012/01/09 03:05:15 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2012/01/09 03:05:14 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012/01/09 03:05:13 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2012/01/09 03:05:13 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2012/01/09 03:05:12 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2012/01/09 03:05:10 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/01/09 03:05:09 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/01/09 03:05:08 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2012/01/09 03:05:07 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/01/09 03:05:06 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012/01/09 03:05:05 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/01/09 03:05:04 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/01/09 03:05:03 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012/01/09 03:05:02 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2012/01/09 03:05:01 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2012/01/09 03:05:00 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2012/01/09 03:04:47 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2012/01/09 03:04:46 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2012/01/09 03:04:43 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2012/01/09 03:04:42 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2012/01/09 03:04:41 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2012/01/09 03:04:40 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2012/01/09 03:04:39 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2012/01/09 03:04:38 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2012/01/09 03:04:37 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2012/01/09 03:04:32 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2012/01/09 03:04:31 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2012/01/09 03:04:30 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/01/09 03:04:28 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2012/01/09 03:04:28 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2012/01/09 03:04:27 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2012/01/09 03:04:23 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2012/01/09 03:04:22 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2012/01/09 03:04:21 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2012/01/09 03:04:19 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/01/09 03:04:18 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2012/01/09 03:04:17 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2012/01/09 03:04:16 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2012/01/09 03:04:15 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2012/01/09 03:04:14 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2012/01/09 03:04:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2012/01/09 03:04:06 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2012/01/09 03:02:57 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2012/01/09 03:02:56 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/01/09 03:02:55 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/01/09 03:02:54 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/01/09 03:02:53 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/01/09 03:02:51 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/01/09 03:02:50 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2012/01/09 03:02:49 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2012/01/09 03:02:47 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/01/09 03:02:46 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2012/01/09 03:02:45 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2012/01/09 03:02:44 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2012/01/09 03:02:43 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2012/01/09 03:02:42 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2012/01/09 03:02:41 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/01/09 03:02:40 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/01/09 03:02:39 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2012/01/09 03:02:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2012/01/09 03:02:36 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2012/01/09 03:02:35 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/01/09 03:02:34 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/01/09 03:02:33 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/01/09 03:02:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2012/01/09 03:02:31 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2012/01/09 03:02:04 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2012/01/09 02:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2012/01/09 02:10:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/06 01:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/05 03:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2012/01/05 03:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\FileOpen
[2012/01/05 03:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2012/01/04 18:48:24 | 000,010,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2012/01/04 07:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2012/01/04 07:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\FileOpen
[2012/01/04 07:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/13 03:11:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/13 02:58:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TsingWai\Desktop\OTL.exe
[2012/01/13 02:53:29 | 000,386,272 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/13 02:53:29 | 000,055,152 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/13 02:51:48 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\TsingWai\Desktop\tdsskiller.exe
[2012/01/13 02:49:55 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/01/13 02:48:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/12 19:52:26 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\TsingWai\Desktop\dds.scr
[2012/01/12 19:43:49 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\TsingWai\defogger_reenable
[2012/01/12 19:41:05 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\TsingWai\Desktop\Defogger.exe
[2012/01/12 11:42:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/12 06:05:00 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\TsingWai\Desktop\esetsmartinstaller_enu.exe
[2012/01/11 22:02:58 | 004,378,257 | R--- | M] (Swearware) -- C:\Documents and Settings\TsingWai\Desktop\ComboFix.exe
[2012/01/11 21:35:36 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\TsingWai\Desktop\rkill.scr
[2012/01/11 10:45:05 | 000,002,052 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/11 01:09:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/11 00:22:26 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/09 09:48:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/01/09 09:48:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/01/09 04:01:28 | 000,175,104 | ---- | M] () -- C:\Documents and Settings\TsingWai\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/09 02:16:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/07 10:00:21 | 000,000,461 | ---- | M] () -- C:\Documents and Settings\TsingWai\Desktop\My Music.lnk
[2012/01/04 18:48:24 | 000,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2011/12/16 22:11:20 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2020/01/01 19:54:15 | 000,000,582 | ---- | C] () -- C:\WINDOWS\tasks\Norton Internet Security - 執行全系統掃描 - TsingWai.job
[2020/01/01 19:49:22 | 000,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2020/01/01 19:49:22 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/01/12 20:00:29 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\TsingWai\Desktop\gmer.exe
[2012/01/12 19:43:34 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\TsingWai\defogger_reenable
[2012/01/12 19:41:07 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\TsingWai\Desktop\Defogger.exe
[2012/01/11 21:35:37 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\TsingWai\Desktop\rkill.scr
[2012/01/11 10:45:05 | 000,002,052 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/01/09 03:21:34 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2012/01/09 03:21:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2012/01/09 03:15:55 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2012/01/09 03:15:53 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2012/01/09 03:13:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012/01/09 03:10:40 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2012/01/09 03:10:38 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2012/01/09 03:10:36 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2012/01/09 03:10:34 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2012/01/09 03:10:33 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2012/01/09 03:08:15 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2012/01/09 03:08:15 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2012/01/09 03:08:14 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2012/01/09 03:04:56 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/01/09 03:04:55 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/01/09 03:04:53 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/01/09 03:04:52 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/01/09 03:04:51 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/01/09 03:04:50 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/01/09 03:04:49 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/01/09 03:04:48 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/01/09 03:04:45 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/01/09 03:04:36 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/01/07 17:34:49 | 2027,847,680 | ---- | C] () -- C:\Documents and Settings\TsingWai\Desktop\kindan.iso
[2012/01/07 17:34:49 | 000,004,314 | ---- | C] () -- C:\Documents and Settings\TsingWai\Desktop\kindan.mds
[2012/01/07 10:00:10 | 000,000,461 | ---- | C] () -- C:\Documents and Settings\TsingWai\Desktop\My Music.lnk
[2012/01/06 01:03:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/23 01:22:50 | 000,000,063 | ---- | C] () -- C:\WINDOWS\kuraidvd.ini
[2011/08/28 02:28:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/28 02:28:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/28 02:28:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/28 02:28:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/28 02:28:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/13 02:05:49 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/12 14:31:36 | 000,000,118 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2010/06/12 14:31:36 | 000,000,017 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2010/04/05 21:22:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jzagofiwupuc.dat
[2010/04/05 21:22:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hfakutilesolasiw.bin
[2009/12/04 01:40:06 | 000,132,429 | ---- | C] () -- C:\WINDOWS\unstall.exe
[2009/08/22 13:01:51 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\TsingWai\Application Data\setup_ldm.iss
[2009/07/28 23:09:31 | 000,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll
[2009/07/27 01:26:32 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/26 23:30:46 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/07/26 23:30:41 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009/07/26 23:28:05 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\MXWMA.dll
[2009/07/26 18:05:03 | 000,175,104 | ---- | C] () -- C:\Documents and Settings\TsingWai\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/26 17:09:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/26 17:00:23 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/07/26 17:00:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/07/26 17:00:21 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/07/26 16:51:25 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\TsingWai\Local Settings\Application Data\fusioncache.dat
[2009/07/26 16:32:56 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/07/26 16:17:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/26 16:14:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/26 10:57:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/26 10:56:22 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/26 23:30:47 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/07/26 23:30:47 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/09/13 05:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2003/05/09 16:36:30 | 000,151,744 | ---- | C] () -- C:\WINDOWS\System32\ir32.dll
[2002/09/03 11:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 11:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 10:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 10:52:00 | 000,386,272 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 10:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 10:51:54 | 000,055,152 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 10:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 10:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 10:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 10:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 10:30:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== Files - Unicode (All) ==========
[2011/09/23 01:20:42 | 000,000,000 | ---D | M](C:\Program Files\FlyingShine?) -- C:\Program Files\FlyingShine黒
[2011/09/23 01:20:42 | 000,000,000 | ---D | M](C:\Program Files\FlyingShine?) -- C:\Program Files\FlyingShine黒
[2011/09/13 00:22:27 | 008,087,175 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\??軌跡.mp3) -- C:\Documents and Settings\TsingWai\Desktop\ゼロ軌跡.mp3
[2011/09/08 00:34:59 | 171,575,831 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FoxSUB]WIZARD GIRL AMBITIOUS 「????????~小振????????????反逆~」.mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FoxSUB]WIZARD GIRL AMBITIOUS 「ぷちパイ・アスカ~小振りなわがままウィザードの反逆~」.mp4
[2011/09/08 00:29:40 | 171,575,831 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FoxSUB]WIZARD GIRL AMBITIOUS 「????????~小振????????????反逆~」.mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FoxSUB]WIZARD GIRL AMBITIOUS 「ぷちパイ・アスカ~小振りなわがままウィザードの反逆~」.mp4
[2011/08/20 21:36:24 | 008,087,175 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\??軌跡.mp3) -- C:\Documents and Settings\TsingWai\Desktop\ゼロ軌跡.mp3
[2011/08/04 00:33:02 | 000,000,000 | ---D | M](C:\禁??病棟) -- C:\禁断の病棟
[2011/08/03 22:48:01 | 000,040,492 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]超昂閃忍??? ? 「?龍輪」[BDRIP][01][1920x1080][AVC_FLAC][032F8621].ssa) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]超昂閃忍ハルカ 壱 「双龍輪」[BDRIP][01][1920x1080][AVC_FLAC][032F8621].ssa
[2011/08/03 19:12:06 | 000,040,492 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]超昂閃忍??? ? 「?龍輪」[BDRIP][01][1920x1080][AVC_FLAC][032F8621].ssa) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]超昂閃忍ハルカ 壱 「双龍輪」[BDRIP][01][1920x1080][AVC_FLAC][032F8621].ssa
[2011/08/03 19:03:02 | 824,781,826 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]超昂閃忍??? ? 「?龍輪」[BDRIP][01][1920x1080][AVC_FLAC][032F8621].mkv) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]超昂閃忍ハルカ 壱 「双龍輪」[BDRIP][01][1920x1080][AVC_FLAC][032F8621].mkv
[2011/08/02 01:49:45 | 000,000,000 | ---D | C](C:\禁??病棟) -- C:\禁断の病棟
[2011/07/27 01:01:11 | 106,644,471 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]?園3~華麗???辱[854x480][x264_aac][mp4] .mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]学園3~華麗なる悦辱[854x480][x264_aac][mp4] .mp4
[2011/07/27 00:56:54 | 106,644,471 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]?園3~華麗???辱[854x480][x264_aac][mp4] .mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]学園3~華麗なる悦辱[854x480][x264_aac][mp4] .mp4
[2011/07/10 19:07:33 | 129,786,363 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]魔法少女??? Vol.01「???、????!」[854x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]魔法少女えれな Vol.01「えれな、イキます!」[854x480][x264_aac][mp4].mp4
[2011/07/10 19:02:18 | 129,786,363 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]魔法少女??? Vol.01「???、????!」[854x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]魔法少女えれな Vol.01「えれな、イキます!」[854x480][x264_aac][mp4].mp4
[2011/07/03 14:43:36 | 145,778,508 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]??????夜 第一?「????捕縛」」[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]くのいち・咲夜 第一巻「くのいち捕縛」」[720x480][x264_aac][mp4].mp4
[2011/06/26 18:03:50 | 147,340,139 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]-桃音-貴方???????[854x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]-桃音-貴方だけこんばんわ[854x480][x264_aac][mp4].mp4
[2011/06/26 17:57:53 | 147,340,139 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]-桃音-貴方???????[854x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]-桃音-貴方だけこんばんわ[854x480][x264_aac][mp4].mp4
[2011/06/26 17:19:30 | 086,366,805 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]Bust to Bust-??????- ?????????腐?????美味??????[854x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]Bust to Bust-ちちはちちに- 続・ちょっとくらい腐ってるのが美味いんですよ?[854x480][x264_aac][mp4].mp4
[2011/06/26 17:16:04 | 086,366,805 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]Bust to Bust-??????- ?????????腐?????美味??????[854x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]Bust to Bust-ちちはちちに- 続・ちょっとくらい腐ってるのが美味いんですよ?[854x480][x264_aac][mp4].mp4
[2011/06/26 00:12:39 | 098,067,508 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]H??????好?????~ 二甘 Sweet Home~02[854x480][x264_aac].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]Hなお姉さんは好きですか?~ 二甘 Sweet Home~02[854x480][x264_aac].mp4
[2011/06/26 00:08:41 | 098,067,508 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]H??????好?????~ 二甘 Sweet Home~02[854x480][x264_aac].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]Hなお姉さんは好きですか?~ 二甘 Sweet Home~02[854x480][x264_aac].mp4
[2011/06/25 23:23:19 | 242,623,326 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]山??花 -真?-[DVDrip][848x480][x264_aac][mkv].mkv) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]山姫の花 -真穂-[DVDrip][848x480][x264_aac][mkv].mkv
[2011/06/25 23:13:30 | 242,623,326 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]山??花 -真?-[DVDrip][848x480][x264_aac][mkv].mkv) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]山姫の花 -真穂-[DVDrip][848x480][x264_aac][mkv].mkv
[2011/05/20 01:39:01 | 146,019,215 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]15美少女漂流? 3[854x480][x264_aac][mkv].mkv) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]15美少女漂流记 3[854x480][x264_aac][mkv].mkv
[2011/05/20 01:32:35 | 146,019,215 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]15美少女漂流? 3[854x480][x264_aac][mkv].mkv) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]15美少女漂流记 3[854x480][x264_aac][mkv].mkv
[2011/05/06 01:05:56 | 136,525,663 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]??????部 ~第一話 山崎鈴子?桂木愛子~[854x480][x264_aac][mp4] .mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]りんかん倶楽部 ~第一話 山崎鈴子と桂木愛子~[854x480][x264_aac][mp4] .mp4
[2011/05/06 01:00:25 | 136,525,663 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]??????部 ~第一話 山崎鈴子?桂木愛子~[854x480][x264_aac][mp4] .mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]りんかん倶楽部 ~第一話 山崎鈴子と桂木愛子~[854x480][x264_aac][mp4] .mp4
[2011/04/11 00:53:42 | 146,012,210 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB] 少女?機 ????????? 「美神?落??=?????」[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB] 少女戦機 ブレインジャッカー 「美神陥落リン=カイフォン」[720x480][x264_aac][mp4].mp4
[2011/04/11 00:47:48 | 146,012,210 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB] 少女?機 ????????? 「美神?落??=?????」[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB] 少女戦機 ブレインジャッカー 「美神陥落リン=カイフォン」[720x480][x264_aac][mp4].mp4
[2011/03/27 01:30:31 | 077,835,361 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]?園 3 ~華麗???辱~ THE ANIMATION EPISODE01[720x480][x264_aac][mp4](2).mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]学園 3 ~華麗なる悦辱~ THE ANIMATION EPISODE01[720x480][x264_aac][mp4](2).mp4
[2011/03/27 01:27:23 | 077,835,361 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]?園 3 ~華麗???辱~ THE ANIMATION EPISODE01[720x480][x264_aac][mp4](2).mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]学園 3 ~華麗なる悦辱~ THE ANIMATION EPISODE01[720x480][x264_aac][mp4](2).mp4
[2011/03/23 22:05:22 | 003,996,074 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\KOKIA - ?????.mp3) -- C:\Documents and Settings\TsingWai\Desktop\KOKIA - ありがとう.mp3
[2011/03/23 21:32:14 | 003,996,074 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\KOKIA - ?????.mp3) -- C:\Documents and Settings\TsingWai\Desktop\KOKIA - ありがとう.mp3
[2011/03/20 02:00:23 | 089,748,479 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]綾音-貴方???????[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]綾音-貴方だけこんばんわ[720x480][x264_aac][mp4].mp4
[2011/03/20 01:56:47 | 089,748,479 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]綾音-貴方???????[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]綾音-貴方だけこんばんわ[720x480][x264_aac][mp4].mp4
[2011/03/18 19:10:11 | 144,301,861 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]吸尻鬼 上? 淫肛??望??一族[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]吸尻鬼 上巻 淫肛を渇望する一族[720x480][x264_aac][mp4].mp4
[2011/03/18 19:04:25 | 144,301,861 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]吸尻鬼 上? 淫肛??望??一族[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]吸尻鬼 上巻 淫肛を渇望する一族[720x480][x264_aac][mp4].mp4
[2011/03/05 03:35:04 | 145,778,508 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]??????夜 第一?「????捕縛」」[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]くのいち・咲夜 第一巻「くのいち捕縛」」[720x480][x264_aac][mp4].mp4
[2011/02/26 18:36:51 | 074,654,837 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]??×2[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]オナ×2[720x480][x264_aac][mp4].mp4
[2011/02/26 18:33:54 | 074,654,837 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]??×2[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]オナ×2[720x480][x264_aac][mp4].mp4
[2011/01/19 21:23:56 | 000,000,000 | ---D | M](C:\Documents and Settings\TsingWai\Desktop\eufonius - 比翼?羽根) -- C:\Documents and Settings\TsingWai\Desktop\eufonius - 比翼の羽根
[2011/01/19 21:23:54 | 000,000,000 | ---D | C](C:\Documents and Settings\TsingWai\Desktop\eufonius - 比翼?羽根) -- C:\Documents and Settings\TsingWai\Desktop\eufonius - 比翼の羽根
[2010/12/25 12:04:13 | 824,781,826 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]超昂閃忍??? ? 「?龍輪」[BDRIP][01][1920x1080][AVC_FLAC][032F8621].mkv) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]超昂閃忍ハルカ 壱 「双龍輪」[BDRIP][01][1920x1080][AVC_FLAC][032F8621].mkv
[2010/08/09 01:49:56 | 000,000,000 | ---D | M](C:\Documents and Settings\TsingWai\???? ????) -- C:\Documents and Settings\TsingWai\スタート メニュー
[2010/06/27 12:02:56 | 000,000,720 | ---- | M] ()(C:\Documents and Settings\TsingWai\Application Data\Microsoft\Internet Explorer\Quick Launch\UUSee 网???.lnk) -- C:\Documents and Settings\TsingWai\Application Data\Microsoft\Internet Explorer\Quick Launch\UUSee 网络电视.lnk
[2010/06/27 12:02:56 | 000,000,720 | ---- | C] ()(C:\Documents and Settings\TsingWai\Application Data\Microsoft\Internet Explorer\Quick Launch\UUSee 网???.lnk) -- C:\Documents and Settings\TsingWai\Application Data\Microsoft\Internet Explorer\Quick Launch\UUSee 网络电视.lnk
[2010/03/14 01:35:23 | 016,137,635 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[星辰往人小?]灼眼的夏娜小?1-18卷 外? (附豪??集).rar) -- C:\Documents and Settings\TsingWai\Desktop\[星辰往人小组]灼眼的夏娜小说1-18卷 外传 (附豪华图集).rar
[2010/03/14 01:09:20 | 016,137,635 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[星辰往人小?]灼眼的夏娜小?1-18卷 外? (附豪??集).rar) -- C:\Documents and Settings\TsingWai\Desktop\[星辰往人小组]灼眼的夏娜小说1-18卷 外传 (附豪华图集).rar
[2009/09/15 19:51:58 | 000,000,912 | ---- | M] ()(C:\Documents and Settings\TsingWai\My Documents\?????@???????.lnk) -- C:\Documents and Settings\TsingWai\My Documents\ァレェコヲ@・ホク・ニァィ.lnk
[2009/09/15 19:51:58 | 000,000,912 | ---- | C] ()(C:\Documents and Settings\TsingWai\My Documents\?????@???????.lnk) -- C:\Documents and Settings\TsingWai\My Documents\ァレェコヲ@・ホク・ニァィ.lnk
[2009/07/29 02:16:04 | 000,000,000 | ---D | M](C:\Documents and Settings\TsingWai\Desktop\(同人???)[090608]「???????? 」???????「DL版」) -- C:\Documents and Settings\TsingWai\Desktop\(同人ゲーム)[090608]「ディーゼルマイン 」はじめてどうし「DL版」
[2009/07/29 02:01:02 | 000,000,000 | ---D | C](C:\Documents and Settings\TsingWai\Desktop\(同人???)[090608]「???????? 」???????「DL版」) -- C:\Documents and Settings\TsingWai\Desktop\(同人ゲーム)[090608]「ディーゼルマイン 」はじめてどうし「DL版」
(C:\Program Files\FlyingShine?) -- C:\Program Files\FlyingShine黒
(C:\Documents and Settings\TsingWai\Start Menu\Programs\禁??病棟) -- C:\Documents and Settings\TsingWai\Start Menu\Programs\禁断の病棟
(C:\Documents and Settings\TsingWai\???? ????) -- C:\Documents and Settings\TsingWai\スタート メニュー
(C:\Documents and Settings\All Users\Start Menu\Programs\FlyingShine?) -- C:\Documents and Settings\All Users\Start Menu\Programs\FlyingShine黒

< End of report >

OTL Extras logfile created on: 1/13/2012 3:01:09 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\TsingWai\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.62 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 53.73% Memory free
4.47 Gb Paging File | 3.29 Gb Available in Paging File | 73.65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.71 Gb Total Space | 9.05 Gb Free Space | 16.84% Space Free | Partition Type: NTFS
Drive D: | 39.44 Gb Total Space | 3.65 Gb Free Space | 9.25% Space Free | Partition Type: NTFS
Drive S: | 931.51 Gb Total Space | 780.56 Gb Free Space | 83.79% Space Free | Partition Type: NTFS
Drive V: | 15.09 Gb Total Space | 0.24 Gb Free Space | 1.62% Space Free | Partition Type: FAT32

Computer Name: TSING-WZK1EYHAL | User Name: TsingWai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2025429265-448539723-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"18110:TCP" = 18110:TCP:*:Enabled:BitComet 18110 TCP
"18110:UDP" = 18110:UDP:*:Enabled:BitComet 18110 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.EXE" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.EXE:*:Enabled:AGE2_X1 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires II\DPLAY61A.EXE" = C:\Program Files\Microsoft Games\Age of Empires II\DPLAY61A.EXE:*:Enabled:DPLAY61A -- (Microsoft Corporation)
"C:\Documents and Settings\TsingWai\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\TsingWai\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live 、Wク・uィ
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F7D702-6641-4555-B998-B971CB2D5EC4}" = 淫烙の巫女
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47AD10CC-88A8-4B41-8331-51298579830C}" = SymNet
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C8DE96A-0AB8-4B3F-AA53-BF902FB54811}" = 姦獄学園
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{64893225-ADBA-469E-B114-F3B2C1FBBA77}" = san11
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}" = FileOpen Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6963450-7577-4049-8793-2B66B85237C1}" = ATI Catalyst Control Center
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F12B2B6E-E8F6-4B95-8A9D-7C14FFFC2D29}" = Symantec Real Time Storage Protection Component
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Babylon" = Babylon
"BitComet" = BitComet 1.26
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HaaliMkx" = Haali Media Splitter
"ie8" = Windows Internet Explorer 8
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"lavfilters_is1" = LAV Filters 0.37
"LiveVDO plugin" = LiveVDO plugin 1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 9.0.1 (x86 zh-TW)" = Mozilla Firefox 9.0.1 (x86 zh-TW)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero 7_is1" = Nero Burning ROM 7.0.8.2
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Rainlendar" = Rainlendar (remove only)
"RealAlt_is1" = Real Alternative 2.0.2 Lite
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"szPlayer" = szPlayer 1.2.3.9
"Unicode-At-on" = Unicode-At-on (BIG5 Extension) 2.40 alpha3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 壓縮工具
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"弊祩11哏薯樓唳NETSHOW俇淕唳_is1" = 弊祩11哏薯樓唳NETSHOW俇淕唳

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2025429265-448539723-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"InstallShield_{64893225-ADBA-469E-B114-F3B2C1FBBA77}" = 三國志11
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2012 3:09:30 AM | Computer Name = TSING-WZK1EYHAL | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/11/2012 3:14:11 AM | Computer Name = TSING-WZK1EYHAL | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/11/2012 3:16:38 AM | Computer Name = TSING-WZK1EYHAL | Source = Application Error | ID = 1001
Description = Fault bucket 00536409.

Error - 1/11/2012 12:45:06 PM | Computer Name = TSING-WZK1EYHAL | Source = Microsoft Security Client | ID = 5000
Description =

Error - 1/12/2012 2:20:59 PM | Computer Name = TSING-WZK1EYHAL | Source = Microsoft Office 12 | ID = 5000
Description = EventType offdiag12, P1 384384e2-f558-4b18-9414-8ce672917b472c4e16d8-4c25-4211-93b7-fb9ed7e566a4,
P2 NIL, P3 NIL, P4 NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 1/12/2012 2:21:08 PM | Computer Name = TSING-WZK1EYHAL | Source = Microsoft Office 12 | ID = 5000
Description = EventType offdiag12, P1 384384e2-f558-4b18-9414-8ce672917b472c4e16d8-4c25-4211-93b7-fb9ed7e566a4,
P2 NIL, P3 NIL, P4 NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 1/12/2012 2:37:09 PM | Computer Name = TSING-WZK1EYHAL | Source = EventSystem | ID = 4613
Description = The COM+ Event System detected an unexpected error from a Win32 API
call at line 819 of d:\comxp_sp3\com\com1x\src\events\tier2\notify.cpp. A call
to CreateThread failed with error code 8: "Not enough storage is available to process
this command. " Please contact Microsoft Product Support Services to report this
erro

Error - 1/12/2012 2:37:13 PM | Computer Name = TSING-WZK1EYHAL | Source = EventSystem | ID = 4613
Description = The COM+ Event System detected an unexpected error from a Win32 API
call at line 819 of d:\comxp_sp3\com\com1x\src\events\tier2\notify.cpp. A call
to CreateThread failed with error code 8: "Not enough storage is available to process
this command. " Please contact Microsoft Product Support Services to report this
erro

Error - 1/12/2012 2:37:16 PM | Computer Name = TSING-WZK1EYHAL | Source = EventSystem | ID = 4613
Description = The COM+ Event System detected an unexpected error from a Win32 API
call at line 819 of d:\comxp_sp3\com\com1x\src\events\tier2\notify.cpp. A call
to CreateThread failed with error code 8: "Not enough storage is available to process
this command. " Please contact Microsoft Product Support Services to report this
erro

Error - 1/12/2012 2:37:17 PM | Computer Name = TSING-WZK1EYHAL | Source = EventSystem | ID = 4613
Description = The COM+ Event System detected an unexpected error from a Win32 API
call at line 819 of d:\comxp_sp3\com\com1x\src\events\tier2\notify.cpp. A call
to CreateThread failed with error code 8: "Not enough storage is available to process
this command. " Please contact Microsoft Product Support Services to report this
erro

[ System Events ]
Error - 1/13/2012 4:48:52 AM | Computer Name = TSING-WZK1EYHAL | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/13/2012 4:48:52 AM | Computer Name = TSING-WZK1EYHAL | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/13/2012 4:48:52 AM | Computer Name = TSING-WZK1EYHAL | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/13/2012 4:48:52 AM | Computer Name = TSING-WZK1EYHAL | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/13/2012 4:48:52 AM | Computer Name = TSING-WZK1EYHAL | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/13/2012 4:48:52 AM | Computer Name = TSING-WZK1EYHAL | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/13/2012 4:50:25 AM | Computer Name = TSING-WZK1EYHAL | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/13/2012 4:50:25 AM | Computer Name = TSING-WZK1EYHAL | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/13/2012 4:50:25 AM | Computer Name = TSING-WZK1EYHAL | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/13/2012 4:50:25 AM | Computer Name = TSING-WZK1EYHAL | Source = ati2mtag | ID = 43015
Description = I2c return failed


< End of report >

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:21 AM

Posted 14 January 2012 - 01:52 AM

Hi!

Please re-run TDSSKiller and allow it to cure this item (if the option to cure if available).

02:55:47.0734 3348 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
02:55:47.0734 3348 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip


Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



NEXT:




Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 astralboy

astralboy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 14 January 2012 - 11:22 AM

Hi,

Here is the new log of TDSSkiller.

09:36:59.0171 5700 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
09:37:01.0171 5700 ============================================================
09:37:01.0171 5700 Current date / time: 2012/01/14 09:37:01.0171
09:37:01.0171 5700 SystemInfo:
09:37:01.0171 5700
09:37:01.0171 5700 OS Version: 5.1.2600 ServicePack: 3.0
09:37:01.0171 5700 Product type: Workstation
09:37:01.0171 5700 ComputerName: TSING-WZK1EYHAL
09:37:01.0171 5700 UserName: TsingWai
09:37:01.0171 5700 Windows directory: C:\WINDOWS
09:37:01.0171 5700 System windows directory: C:\WINDOWS
09:37:01.0171 5700 Processor architecture: Intel x86
09:37:01.0171 5700 Number of processors: 2
09:37:01.0171 5700 Page size: 0x1000
09:37:01.0171 5700 Boot type: Normal boot
09:37:01.0171 5700 ============================================================
09:37:03.0000 5700 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000, SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
09:37:03.0015 5700 Drive \Device\Harddisk1\DR3 - Size: 0x3C7200000, SectorSize: 0x200, Cylinders: 0x7B4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:37:03.0078 5700 Initialize success
09:38:19.0000 5456 ============================================================
09:38:19.0000 5456 Scan started
09:38:19.0000 5456 Mode: Manual; SigCheck; TDLFS;
09:38:19.0000 5456 ============================================================
09:38:19.0640 5456 Abiosdsk - ok
09:38:19.0671 5456 abp480n5 - ok
09:38:19.0765 5456 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:38:20.0203 5456 ACPI - ok
09:38:20.0312 5456 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:38:20.0500 5456 ACPIEC - ok
09:38:20.0578 5456 adpu160m - ok
09:38:20.0703 5456 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:38:20.0937 5456 aec - ok
09:38:21.0031 5456 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:38:21.0109 5456 AFD - ok
09:38:21.0140 5456 Aha154x - ok
09:38:21.0156 5456 aic78u2 - ok
09:38:21.0171 5456 aic78xx - ok
09:38:21.0203 5456 AliIde - ok
09:38:21.0265 5456 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
09:38:21.0343 5456 AmdK8 - ok
09:38:21.0359 5456 amsint - ok
09:38:21.0375 5456 asc - ok
09:38:21.0390 5456 asc3350p - ok
09:38:21.0406 5456 asc3550 - ok
09:38:21.0453 5456 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:38:21.0656 5456 AsyncMac - ok
09:38:21.0718 5456 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:38:21.0968 5456 atapi - ok
09:38:21.0984 5456 Atdisk - ok
09:38:22.0093 5456 ati2mtag (e78b73eb84c257d0d940e041742d2699) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:38:22.0218 5456 ati2mtag - ok
09:38:22.0343 5456 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:38:22.0562 5456 Atmarpc - ok
09:38:22.0625 5456 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:38:22.0859 5456 audstub - ok
09:38:22.0953 5456 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
09:38:23.0015 5456 BCM43XX - ok
09:38:23.0078 5456 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
09:38:23.0156 5456 bcm4sbxp - ok
09:38:23.0187 5456 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:38:23.0406 5456 Beep - ok
09:38:23.0515 5456 catchme - ok
09:38:23.0546 5456 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:38:23.0781 5456 cbidf2k - ok
09:38:23.0875 5456 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:38:24.0109 5456 CCDECODE - ok
09:38:24.0187 5456 cd20xrnt - ok
09:38:24.0218 5456 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:38:24.0437 5456 Cdaudio - ok
09:38:24.0500 5456 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:38:24.0703 5456 Cdfs - ok
09:38:24.0765 5456 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:38:25.0000 5456 Cdrom - ok
09:38:25.0015 5456 Changer - ok
09:38:25.0062 5456 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:38:25.0281 5456 CmBatt - ok
09:38:25.0296 5456 CmdIde - ok
09:38:25.0343 5456 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
09:38:25.0375 5456 COH_Mon - ok
09:38:25.0390 5456 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:38:25.0609 5456 Compbatt - ok
09:38:25.0718 5456 CO_Mon (73f5d6835bfa66019c03e316d99649da) C:\WINDOWS\system32\drivers\CO_Mon.sys
09:38:25.0750 5456 CO_Mon - ok
09:38:25.0843 5456 Cpqarray - ok
09:38:25.0859 5456 dac2w2k - ok
09:38:25.0875 5456 dac960nt - ok
09:38:25.0921 5456 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:38:26.0140 5456 Disk - ok
09:38:26.0203 5456 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:38:26.0500 5456 dmboot - ok
09:38:26.0609 5456 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:38:26.0843 5456 dmio - ok
09:38:26.0890 5456 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:38:27.0093 5456 dmload - ok
09:38:27.0203 5456 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:38:27.0421 5456 DMusic - ok
09:38:27.0484 5456 dpti2o - ok
09:38:27.0578 5456 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:38:27.0796 5456 drmkaud - ok
09:38:27.0875 5456 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
09:38:27.0937 5456 dtscsi - ok
09:38:28.0062 5456 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:38:28.0140 5456 eeCtrl - ok
09:38:28.0171 5456 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:38:28.0203 5456 EraserUtilRebootDrv - ok
09:38:28.0265 5456 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:38:28.0484 5456 Fastfat - ok
09:38:28.0546 5456 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:38:28.0765 5456 Fdc - ok
09:38:28.0859 5456 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:38:29.0078 5456 Fips - ok
09:38:29.0109 5456 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:38:29.0312 5456 Flpydisk - ok
09:38:29.0328 5456 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:38:29.0546 5456 FltMgr - ok
09:38:29.0578 5456 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
09:38:29.0796 5456 FsVga - ok
09:38:29.0812 5456 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:38:30.0015 5456 Fs_Rec - ok
09:38:30.0031 5456 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:38:30.0250 5456 Ftdisk - ok
09:38:30.0281 5456 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:38:30.0296 5456 GEARAspiWDM - ok
09:38:30.0328 5456 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:38:30.0515 5456 Gpc - ok
09:38:30.0578 5456 hcmon (18c29504ed5b8b791dd574071f84ad96) C:\WINDOWS\system32\drivers\hcmon.sys
09:38:30.0609 5456 hcmon - ok
09:38:30.0656 5456 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:38:30.0890 5456 HDAudBus - ok
09:38:31.0000 5456 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:38:31.0187 5456 hidusb - ok
09:38:31.0265 5456 hpn - ok
09:38:31.0390 5456 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
09:38:31.0468 5456 HSF_DPV - ok
09:38:31.0562 5456 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
09:38:31.0593 5456 HSXHWAZL - ok
09:38:31.0671 5456 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:38:31.0718 5456 HTTP - ok
09:38:31.0765 5456 i2omgmt - ok
09:38:31.0796 5456 i2omp - ok
09:38:31.0812 5456 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:38:32.0046 5456 i8042prt - ok
09:38:32.0078 5456 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:38:32.0296 5456 Imapi - ok
09:38:32.0421 5456 ini910u - ok
09:38:32.0437 5456 IntelIde - ok
09:38:32.0484 5456 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:38:32.0703 5456 ip6fw - ok
09:38:32.0796 5456 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:38:33.0046 5456 IpFilterDriver - ok
09:38:33.0093 5456 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:38:33.0312 5456 IpInIp - ok
09:38:33.0359 5456 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:38:33.0562 5456 IpNat - ok
09:38:33.0609 5456 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:38:33.0828 5456 IPSec - ok
09:38:33.0875 5456 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:38:33.0984 5456 IRENUM - ok
09:38:34.0062 5456 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:38:34.0265 5456 isapnp - ok
09:38:34.0296 5456 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:38:34.0515 5456 Kbdclass - ok
09:38:34.0578 5456 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:38:34.0781 5456 kbdhid - ok
09:38:34.0828 5456 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:38:35.0062 5456 kmixer - ok
09:38:35.0109 5456 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:38:35.0203 5456 KSecDD - ok
09:38:35.0218 5456 lbrtfdc - ok
09:38:35.0265 5456 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
09:38:35.0296 5456 LHidFilt - ok
09:38:35.0406 5456 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
09:38:35.0437 5456 LMouFilt - ok
09:38:35.0468 5456 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:38:35.0500 5456 mdmxsdk - ok
09:38:35.0546 5456 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:38:35.0765 5456 mnmdd - ok
09:38:35.0812 5456 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:38:36.0031 5456 Modem - ok
09:38:36.0109 5456 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:38:36.0312 5456 Mouclass - ok
09:38:36.0359 5456 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:38:36.0593 5456 mouhid - ok
09:38:36.0609 5456 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:38:36.0843 5456 MountMgr - ok
09:38:36.0890 5456 mraid35x - ok
09:38:36.0906 5456 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:38:37.0125 5456 MRxDAV - ok
09:38:37.0171 5456 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:38:37.0234 5456 MRxSmb - ok
09:38:37.0312 5456 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:38:37.0531 5456 Msfs - ok
09:38:37.0578 5456 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:38:37.0796 5456 MSKSSRV - ok
09:38:37.0890 5456 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:38:38.0109 5456 MSPCLOCK - ok
09:38:38.0156 5456 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:38:38.0359 5456 MSPQM - ok
09:38:38.0375 5456 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:38:38.0562 5456 mssmbios - ok
09:38:38.0609 5456 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:38:38.0812 5456 MSTEE - ok
09:38:38.0859 5456 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:38:38.0906 5456 Mup - ok
09:38:38.0937 5456 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:38:39.0140 5456 NABTSFEC - ok
09:38:39.0265 5456 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120113.017\NAVENG.SYS
09:38:39.0296 5456 NAVENG - ok
09:38:39.0359 5456 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120113.017\NAVEX15.SYS
09:38:39.0437 5456 NAVEX15 - ok
09:38:39.0562 5456 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:38:39.0796 5456 NDIS - ok
09:38:39.0859 5456 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:38:40.0078 5456 NdisIP - ok
09:38:40.0156 5456 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:38:40.0218 5456 NdisTapi - ok
09:38:40.0265 5456 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:38:40.0484 5456 Ndisuio - ok
09:38:40.0546 5456 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:38:40.0781 5456 NdisWan - ok
09:38:40.0828 5456 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:38:40.0875 5456 NDProxy - ok
09:38:40.0968 5456 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:38:41.0187 5456 NetBIOS - ok
09:38:41.0265 5456 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:38:41.0484 5456 NetBT - ok
09:38:41.0562 5456 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:38:41.0781 5456 Npfs - ok
09:38:41.0859 5456 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:38:42.0109 5456 Ntfs - ok
09:38:42.0187 5456 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:38:42.0375 5456 Null - ok
09:38:42.0468 5456 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:38:42.0703 5456 NwlnkFlt - ok
09:38:42.0750 5456 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:38:42.0984 5456 NwlnkFwd - ok
09:38:43.0046 5456 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
09:38:43.0281 5456 Parport - ok
09:38:43.0343 5456 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:38:43.0562 5456 PartMgr - ok
09:38:43.0656 5456 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:38:43.0890 5456 ParVdm - ok
09:38:44.0015 5456 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:38:44.0250 5456 PCI - ok
09:38:44.0281 5456 PCIDump - ok
09:38:44.0375 5456 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:38:44.0609 5456 PCIIde - ok
09:38:44.0687 5456 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:38:44.0921 5456 Pcmcia - ok
09:38:44.0953 5456 PDCOMP - ok
09:38:44.0968 5456 PDFRAME - ok
09:38:45.0000 5456 PDRELI - ok
09:38:45.0015 5456 PDRFRAME - ok
09:38:45.0031 5456 perc2 - ok
09:38:45.0046 5456 perc2hib - ok
09:38:45.0125 5456 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:38:45.0375 5456 PptpMiniport - ok
09:38:45.0437 5456 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:38:45.0656 5456 Processor - ok
09:38:45.0703 5456 PROCEXP151 (c4fcefd41d42a46441c71f4776e43e72) C:\WINDOWS\system32\Drivers\PROCEXP151.SYS
09:38:45.0734 5456 PROCEXP151 - ok
09:38:45.0765 5456 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:38:46.0000 5456 PSched - ok
09:38:46.0031 5456 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:38:46.0250 5456 Ptilink - ok
09:38:46.0281 5456 ql1080 - ok
09:38:46.0296 5456 Ql10wnt - ok
09:38:46.0312 5456 ql12160 - ok
09:38:46.0328 5456 ql1240 - ok
09:38:46.0343 5456 ql1280 - ok
09:38:46.0390 5456 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:38:46.0609 5456 RasAcd - ok
09:38:46.0703 5456 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:38:46.0937 5456 Rasl2tp - ok
09:38:46.0984 5456 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:38:47.0203 5456 RasPppoe - ok
09:38:47.0234 5456 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:38:47.0453 5456 Raspti - ok
09:38:47.0500 5456 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:38:47.0718 5456 Rdbss - ok
09:38:47.0765 5456 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:38:47.0968 5456 RDPCDD - ok
09:38:48.0031 5456 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:38:48.0125 5456 RDPWD - ok
09:38:48.0171 5456 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:38:48.0406 5456 redbook - ok
09:38:48.0484 5456 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
09:38:48.0531 5456 rimmptsk - ok
09:38:48.0625 5456 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:38:48.0859 5456 sdbus - ok
09:38:48.0921 5456 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:38:49.0031 5456 Secdrv - ok
09:38:49.0078 5456 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:38:49.0296 5456 Serial - ok
09:38:49.0328 5456 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
09:38:49.0546 5456 sffdisk - ok
09:38:49.0578 5456 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
09:38:49.0796 5456 sffp_sd - ok
09:38:49.0843 5456 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:38:50.0062 5456 Sfloppy - ok
09:38:50.0140 5456 Simbad - ok
09:38:50.0203 5456 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:38:50.0453 5456 SLIP - ok
09:38:50.0468 5456 Sparrow - ok
09:38:50.0593 5456 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
09:38:50.0625 5456 SPBBCDrv - ok
09:38:50.0687 5456 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:38:50.0890 5456 splitter - ok
09:38:51.0031 5456 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\System32\Drivers\sptd.sys
09:38:51.0109 5456 sptd - ok
09:38:51.0171 5456 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:38:51.0265 5456 sr - ok
09:38:51.0343 5456 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\WINDOWS\system32\Drivers\SRTSP.SYS
09:38:51.0375 5456 SRTSP - ok
09:38:51.0437 5456 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
09:38:51.0484 5456 SRTSPL - ok
09:38:51.0546 5456 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
09:38:51.0562 5456 SRTSPX - ok
09:38:51.0625 5456 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:38:51.0687 5456 Srv - ok
09:38:51.0828 5456 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
09:38:51.0937 5456 STHDA - ok
09:38:52.0250 5456 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:38:52.0421 5456 streamip - ok
09:38:52.0468 5456 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:38:52.0687 5456 swenum - ok
09:38:52.0765 5456 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:38:52.0968 5456 swmidi - ok
09:38:53.0000 5456 symc810 - ok
09:38:53.0015 5456 symc8xx - ok
09:38:53.0078 5456 SYMDNS (fe9f8b3a8bc22d85332b42e92308ddf9) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
09:38:53.0093 5456 SYMDNS - ok
09:38:53.0140 5456 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
09:38:53.0171 5456 SymEvent - ok
09:38:53.0187 5456 SYMFW (a0ea9d273889e53cfaabf2444692ccbf) C:\WINDOWS\System32\Drivers\SYMFW.SYS
09:38:53.0218 5456 SYMFW - ok
09:38:53.0234 5456 SYMIDS (23527b9cd4f7b9e31160e98d340e7e85) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
09:38:53.0265 5456 SYMIDS - ok
09:38:53.0421 5456 SYMIDSCO (833cb6f07e4f91be1575fed7711748b9) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20120112.002\SymIDSCo.sys
09:38:53.0453 5456 SYMIDSCO - ok
09:38:53.0625 5456 SymIM (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys
09:38:53.0656 5456 SymIM - ok
09:38:53.0656 5456 SymIMMP (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys
09:38:53.0687 5456 SymIMMP - ok
09:38:53.0828 5456 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
09:38:53.0890 5456 symlcbrd - ok
09:38:54.0031 5456 SYMNDIS (d605af3a380a83f4a562f1ad3ee19ecd) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
09:38:54.0078 5456 SYMNDIS - ok
09:38:54.0125 5456 SYMREDRV (7c6505ea598e58099d3b7e1f70426864) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
09:38:54.0140 5456 SYMREDRV - ok
09:38:54.0187 5456 SYMTDI (e6ff7ace71d07ca90119f2c6ab592ba4) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
09:38:54.0203 5456 SYMTDI - ok
09:38:54.0218 5456 sym_hi - ok
09:38:54.0234 5456 sym_u3 - ok
09:38:54.0281 5456 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:38:54.0359 5456 SynTP - ok
09:38:54.0390 5456 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:38:54.0625 5456 sysaudio - ok
09:38:54.0703 5456 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:38:54.0812 5456 Tcpip - ok
09:38:54.0937 5456 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:38:55.0187 5456 TDPIPE - ok
09:38:55.0234 5456 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:38:55.0437 5456 TDTCP - ok
09:38:55.0468 5456 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:38:55.0718 5456 TermDD - ok
09:38:55.0765 5456 TosIde - ok
09:38:55.0828 5456 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:38:56.0046 5456 Udfs - ok
09:38:56.0078 5456 UIUSys - ok
09:38:56.0093 5456 ultra - ok
09:38:56.0125 5456 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:38:56.0375 5456 Update - ok
09:38:56.0421 5456 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:38:56.0640 5456 usbccgp - ok
09:38:56.0671 5456 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:38:56.0875 5456 usbehci - ok
09:38:56.0984 5456 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:38:57.0234 5456 usbhub - ok
09:38:57.0250 5456 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:38:57.0453 5456 usbohci - ok
09:38:57.0531 5456 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:38:57.0750 5456 usbprint - ok
09:38:57.0812 5456 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:38:58.0015 5456 USBSTOR - ok
09:38:58.0046 5456 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:38:58.0250 5456 usbvideo - ok
09:38:58.0343 5456 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:38:58.0562 5456 VgaSave - ok
09:38:58.0687 5456 ViaIde - ok
09:38:58.0750 5456 vmci (5137e48ad1d6ee1e789a20aa49b793e4) C:\WINDOWS\system32\Drivers\vmci.sys
09:38:58.0781 5456 vmci - ok
09:38:58.0859 5456 vmkbd (415a0bc09e9187e3994508968ffef9bf) C:\WINDOWS\system32\drivers\VMkbd.sys
09:38:58.0890 5456 vmkbd - ok
09:38:58.0906 5456 VMnetAdapter (898706a05d20b706848a440961c52436) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
09:38:58.0921 5456 VMnetAdapter - ok
09:38:58.0953 5456 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
09:38:58.0984 5456 VMnetBridge - ok
09:38:59.0031 5456 VMnetuserif (24294deae94290431a95bfe0ed5438da) C:\WINDOWS\system32\drivers\vmnetuserif.sys
09:38:59.0046 5456 VMnetuserif - ok
09:38:59.0078 5456 vmusb (25017db6451b002158db425961a82b7b) C:\WINDOWS\system32\Drivers\vmusb.sys
09:38:59.0109 5456 vmusb - ok
09:38:59.0187 5456 vmx86 (541f40e9cef74b6a7c766f8f0a838d07) C:\WINDOWS\system32\Drivers\vmx86.sys
09:38:59.0250 5456 vmx86 - ok
09:38:59.0375 5456 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:38:59.0578 5456 VolSnap - ok
09:38:59.0718 5456 vstor2-ws60 (70652ddbb219083acda28ca0cb0d6663) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
09:38:59.0750 5456 vstor2-ws60 - ok
09:38:59.0828 5456 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:39:00.0031 5456 Wanarp - ok
09:39:00.0093 5456 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:39:00.0125 5456 Wdf01000 - ok
09:39:00.0203 5456 WDICA - ok
09:39:00.0265 5456 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:39:00.0484 5456 wdmaud - ok
09:39:00.0562 5456 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
09:39:00.0625 5456 winachsf - ok
09:39:00.0734 5456 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:39:00.0921 5456 WmiAcpi - ok
09:39:01.0000 5456 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:39:01.0093 5456 WpdUsb - ok
09:39:01.0125 5456 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:39:01.0343 5456 WS2IFSL - ok
09:39:01.0421 5456 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:39:01.0625 5456 WSTCODEC - ok
09:39:01.0671 5456 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:39:01.0734 5456 WudfPf - ok
09:39:01.0828 5456 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:39:01.0859 5456 WudfRd - ok
09:39:01.0921 5456 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
09:39:01.0937 5456 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
09:39:01.0937 5456 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
09:39:01.0968 5456 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:39:01.0968 5456 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:39:01.0984 5456 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
09:39:06.0484 5456 \Device\Harddisk1\DR3 - ok
09:39:06.0500 5456 Boot (0x1200) (4d6dfbd35dc1c2110cadffd859494f42) \Device\Harddisk0\DR0\Partition0
09:39:06.0500 5456 \Device\Harddisk0\DR0\Partition0 - ok
09:39:06.0515 5456 Boot (0x1200) (75c6dc4ffbb68eb54078ac78b6db9a5c) \Device\Harddisk0\DR0\Partition1
09:39:06.0515 5456 \Device\Harddisk0\DR0\Partition1 - ok
09:39:06.0531 5456 Boot (0x1200) (04ef8e96e9efe1800a808c06823b3c99) \Device\Harddisk1\DR3\Partition0
09:39:06.0531 5456 \Device\Harddisk1\DR3\Partition0 - ok
09:39:06.0531 5456 ============================================================
09:39:06.0531 5456 Scan finished
09:39:06.0531 5456 ============================================================
09:39:06.0671 4696 Detected object count: 2
09:39:06.0671 4696 Actual detected object count: 2
09:42:17.0562 4696 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
09:42:17.0593 4696 \Device\Harddisk0\DR0 - ok
09:42:17.0593 4696 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
09:42:17.0656 4696 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:42:17.0656 4696 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:43:16.0312 5836 Deinitialize success

#7 astralboy

astralboy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 14 January 2012 - 11:27 AM

And here is the log for ComboFix. There is a message saying "Error: Cfiles.dat". Do you have any idea what does it mean?

ComboFix 12-01-13.05 - TsingWai 4/2012 Sat 9:56.17.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.950.886.1033.18.2686.1868 [GMT -6:00]
執行位置: c:\documents and settings\TsingWai\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
Error: Cfiles.dat
.
((((((((((((((((((((((((( 2011-12-14 至 2012-01-14 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2020-01-02 02:01 . 2020-01-02 02:01 -------- d-sh--w- c:\documents and settings\TsingWai\IETldCache
2020-01-02 01:52 . 2020-01-02 01:52 -------- d-----w- c:\documents and settings\TsingWai\Application Data\Symantec
2020-01-02 01:50 . 2020-01-02 01:50 -------- d-----w- c:\program files\Windows Sidebar
2020-01-02 01:50 . 2009-07-27 01:47 -------- d-----w- c:\program files\Norton Internet Security
2020-01-02 01:49 . 2009-07-30 04:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2020-01-02 01:49 . 2009-07-30 04:05 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2020-01-02 01:49 . 2009-07-30 04:05 -------- d-----w- c:\program files\Symantec
2020-01-02 01:11 . 2012-01-09 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2020-01-02 01:10 . 2012-01-14 16:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-01-12 04:28 . 2012-01-12 04:28 -------- d-----w- c:\documents and settings\TsingWai\Application Data\Malwarebytes
2012-01-12 04:28 . 2012-01-12 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-12 04:28 . 2012-01-12 04:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-12 04:28 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-10 16:38 . 2012-01-11 16:37 -------- d-----w- c:\windows\SDold
2012-01-09 09:21 . 2008-04-14 01:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-01-09 09:21 . 2001-08-18 04:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-01-09 09:21 . 2008-04-14 01:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-01-09 09:21 . 2001-08-18 04:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-01-09 09:21 . 2001-08-18 04:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-01-09 09:21 . 2001-08-18 04:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-01-09 09:21 . 2001-08-17 18:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-01-09 09:21 . 2004-08-04 06:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-01-09 09:21 . 2004-08-04 06:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-01-09 09:21 . 2008-04-14 01:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-01-09 09:19 . 2001-08-17 19:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2012-01-09 09:18 . 2001-08-17 19:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2012-01-09 09:17 . 2008-04-13 19:36 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2012-01-09 09:16 . 2001-08-17 20:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2012-01-09 09:15 . 2008-04-14 01:12 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2012-01-09 09:14 . 2008-04-13 19:46 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2012-01-09 09:13 . 2008-04-13 19:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2012-01-09 09:12 . 2001-08-17 18:19 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2012-01-09 09:11 . 2001-08-17 19:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2012-01-09 09:10 . 2001-08-17 19:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2012-01-09 09:09 . 2001-08-18 04:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2012-01-09 09:08 . 2001-08-17 18:11 455199 -c--a-w- c:\windows\system32\dllcache\el985n51.sys
2012-01-09 09:07 . 2001-08-18 04:36 65622 -c--a-w- c:\windows\system32\dllcache\digiasyn.dll
2012-01-09 09:06 . 2001-08-17 19:57 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2012-01-09 09:05 . 2001-08-17 19:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-01-09 09:04 . 2001-08-17 18:49 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2012-01-09 09:02 . 2001-08-17 20:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2012-01-09 07:47 . 2012-01-09 18:22 -------- d-----w- c:\documents and settings\Administrator
2012-01-05 09:24 . 2012-01-05 09:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2012-01-05 09:23 . 2012-01-05 09:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\FileOpen
2012-01-05 09:23 . 2012-01-05 09:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-01-05 00:48 . 2012-01-05 00:48 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys
2012-01-04 13:55 . 2012-01-04 13:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2012-01-04 13:54 . 2012-01-04 13:54 -------- d-----w- c:\documents and settings\NetworkService\Application Data\FileOpen
2012-01-04 13:54 . 2012-01-04 13:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-01-04 00:28 . 2012-01-04 00:28 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-04 00:28 . 2012-01-04 00:28 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-04 00:28 . 2012-01-04 00:28 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-04 00:28 . 2012-01-04 00:28 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2002-09-03 17:11 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-13 19:02 . 2011-05-21 01:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2002-09-03 17:12 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2002-09-03 16:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2002-09-03 16:35 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2002-09-03 16:50 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2002-09-03 16:29 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2002-09-03 16:50 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2002-08-29 01:04 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2002-09-03 16:32 186880 ----a-w- c:\windows\system32\encdec.dll
2012-01-04 00:28 . 2011-05-06 06:37 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-12_04.20.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-14 15:46 . 2012-01-14 15:46 16384 c:\windows\temp\Perflib_Perfdata_ad8.dat
- 2002-09-03 16:51 . 2012-01-12 04:01 55152 c:\windows\system32\perfc009.dat
+ 2002-09-03 16:51 . 2012-01-14 15:50 55152 c:\windows\system32\perfc009.dat
- 2012-01-11 16:47 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\update\spcustom.dll
- 2012-01-11 16:47 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\spmsg.dll
- 2012-01-11 16:48 . 2008-04-14 00:12 58368 c:\windows\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\backup\sp3qfe\packager.exe
- 2012-01-11 16:48 . 2008-04-14 00:12 58368 c:\windows\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\backup\sp3gdr\packager.exe
- 2012-01-11 16:48 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\spcustom.dll
- 2012-01-11 16:48 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\spmsg.dll
- 2012-01-11 16:48 . 2008-04-14 00:11 23040 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\backup\sp3qfe\mciseq.dll
- 2012-01-11 16:48 . 2008-04-14 00:11 23040 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\backup\sp3gdr\mciseq.dll
- 2012-01-11 16:53 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\spcustom.dll
- 2012-01-11 16:53 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\spmsg.dll
- 2012-01-11 16:52 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\update\spcustom.dll
- 2012-01-11 16:52 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\spmsg.dll
+ 2012-01-11 16:47 . 2010-07-05 13:15 26488 c:\windows\SDold\Download\aed4d56139363b579c1082a39bd5dcdd\update\spcustom.dll
+ 2012-01-11 16:47 . 2010-07-05 13:15 17272 c:\windows\SDold\Download\aed4d56139363b579c1082a39bd5dcdd\spmsg.dll
+ 2012-01-11 16:48 . 2008-04-14 00:12 58368 c:\windows\SDold\Download\aed4d56139363b579c1082a39bd5dcdd\backup\sp3qfe\packager.exe
+ 2012-01-11 16:48 . 2008-04-14 00:12 58368 c:\windows\SDold\Download\aed4d56139363b579c1082a39bd5dcdd\backup\sp3gdr\packager.exe
+ 2012-01-11 16:48 . 2010-07-05 13:15 26488 c:\windows\SDold\Download\21156e54b0f0f47f81dab4a39e109501\update\spcustom.dll
+ 2012-01-11 16:48 . 2010-07-05 13:15 17272 c:\windows\SDold\Download\21156e54b0f0f47f81dab4a39e109501\spmsg.dll
+ 2012-01-11 16:48 . 2008-04-14 00:11 23040 c:\windows\SDold\Download\21156e54b0f0f47f81dab4a39e109501\backup\sp3qfe\mciseq.dll
+ 2012-01-11 16:48 . 2008-04-14 00:11 23040 c:\windows\SDold\Download\21156e54b0f0f47f81dab4a39e109501\backup\sp3gdr\mciseq.dll
+ 2012-01-11 16:53 . 2010-07-05 13:15 26488 c:\windows\SDold\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\spcustom.dll
+ 2012-01-11 16:53 . 2010-07-05 13:15 17272 c:\windows\SDold\Download\163d01893aa68b49abc63d8d6c9a7bb2\spmsg.dll
+ 2012-01-11 16:52 . 2010-07-05 13:15 26488 c:\windows\SDold\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\update\spcustom.dll
+ 2012-01-11 16:52 . 2010-07-05 13:15 17272 c:\windows\SDold\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\spmsg.dll
- 2009-07-27 06:35 . 2012-01-11 04:52 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-07-27 06:35 . 2012-01-12 05:57 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-07-27 06:35 . 2012-01-11 04:52 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-07-27 06:35 . 2012-01-12 05:57 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-07-27 06:35 . 2012-01-11 04:52 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-07-27 06:35 . 2012-01-12 05:57 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2003-06-13 22:23 . 2003-06-13 22:23 81408 c:\windows\AppPatch\AlLayer.dll
+ 2003-06-13 23:23 . 2003-06-13 23:23 81408 c:\windows\AppPatch\AlLayer.dll
- 2002-09-03 16:52 . 2012-01-12 04:01 386272 c:\windows\system32\perfh009.dat
+ 2002-09-03 16:52 . 2012-01-14 15:50 386272 c:\windows\system32\perfh009.dat
- 2012-01-11 16:47 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\update\updspapi.dll
- 2012-01-11 16:47 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\update\update.exe
- 2012-01-11 16:47 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\spuninst.exe
- 2012-01-11 16:48 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\updspapi.dll
- 2012-01-11 16:48 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\update.exe
- 2012-01-11 16:48 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\spuninst.exe
- 2012-01-11 16:48 . 2008-04-14 00:12 176128 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\backup\sp3qfe\winmm.dll
- 2012-01-11 16:48 . 2008-04-14 00:12 176128 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\backup\sp3gdr\winmm.dll
- 2012-01-11 16:53 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\updspapi.dll
- 2012-01-11 16:53 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\update.exe
- 2012-01-11 16:53 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\spuninst.exe
- 2012-01-11 16:53 . 2011-06-20 17:44 293376 c:\windows\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\backup\sp3qfe\winsrv.dll
- 2012-01-11 16:53 . 2011-06-20 17:44 293376 c:\windows\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\backup\sp3gdr\winsrv.dll
- 2012-01-11 16:52 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\update\updspapi.dll
- 2012-01-11 16:52 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\update\update.exe
- 2012-01-11 16:52 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\spuninst.exe
- 2012-01-11 16:53 . 2008-04-14 00:12 386048 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\backup\sp3qfe\qdvd.dll
- 2012-01-11 16:53 . 2008-04-14 00:12 386048 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\backup\sp3gdr\qdvd.dll
+ 2012-01-11 16:47 . 2010-07-05 13:16 382840 c:\windows\SDold\Download\aed4d56139363b579c1082a39bd5dcdd\update\updspapi.dll
+ 2012-01-11 16:47 . 2010-07-05 13:15 755576 c:\windows\SDold\Download\aed4d56139363b579c1082a39bd5dcdd\update\update.exe
+ 2012-01-11 16:47 . 2010-07-05 13:15 231288 c:\windows\SDold\Download\aed4d56139363b579c1082a39bd5dcdd\spuninst.exe
+ 2011-11-22 17:57 . 2011-11-22 17:57 496512 c:\windows\SDold\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\windowsxp-kb2603381-x86-enu.exe
+ 2012-01-11 16:48 . 2010-07-05 13:16 382840 c:\windows\SDold\Download\21156e54b0f0f47f81dab4a39e109501\update\updspapi.dll
+ 2012-01-11 16:48 . 2010-07-05 13:15 755576 c:\windows\SDold\Download\21156e54b0f0f47f81dab4a39e109501\update\update.exe
+ 2012-01-11 16:48 . 2010-07-05 13:15 231288 c:\windows\SDold\Download\21156e54b0f0f47f81dab4a39e109501\spuninst.exe
+ 2012-01-11 16:48 . 2008-04-14 00:12 176128 c:\windows\SDold\Download\21156e54b0f0f47f81dab4a39e109501\backup\sp3qfe\winmm.dll
+ 2012-01-11 16:48 . 2008-04-14 00:12 176128 c:\windows\SDold\Download\21156e54b0f0f47f81dab4a39e109501\backup\sp3gdr\winmm.dll
+ 2012-01-11 16:53 . 2010-07-05 13:16 382840 c:\windows\SDold\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\updspapi.dll
+ 2012-01-11 16:53 . 2010-07-05 13:15 755576 c:\windows\SDold\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\update.exe
+ 2012-01-11 16:53 . 2010-07-05 13:15 231288 c:\windows\SDold\Download\163d01893aa68b49abc63d8d6c9a7bb2\spuninst.exe
+ 2012-01-11 16:53 . 2011-06-20 17:44 293376 c:\windows\SDold\Download\163d01893aa68b49abc63d8d6c9a7bb2\backup\sp3qfe\winsrv.dll
+ 2012-01-11 16:53 . 2011-06-20 17:44 293376 c:\windows\SDold\Download\163d01893aa68b49abc63d8d6c9a7bb2\backup\sp3gdr\winsrv.dll
+ 2012-01-11 16:52 . 2010-07-05 13:16 382840 c:\windows\SDold\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\update\updspapi.dll
+ 2012-01-11 16:52 . 2010-07-05 13:15 755576 c:\windows\SDold\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\update\update.exe
+ 2012-01-11 16:52 . 2010-07-05 13:15 231288 c:\windows\SDold\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\spuninst.exe
+ 2012-01-11 16:53 . 2008-04-14 00:12 386048 c:\windows\SDold\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\backup\sp3qfe\qdvd.dll
+ 2012-01-11 16:53 . 2008-04-14 00:12 386048 c:\windows\SDold\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\backup\sp3gdr\qdvd.dll
- 2009-07-27 06:35 . 2012-01-11 04:52 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-07-27 06:35 . 2012-01-12 05:57 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-07-27 06:35 . 2012-01-11 04:52 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-07-27 06:35 . 2012-01-12 05:57 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-07-27 06:35 . 2012-01-12 05:57 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-07-27 06:35 . 2012-01-11 04:52 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-07-27 06:35 . 2012-01-11 04:52 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-07-27 06:35 . 2012-01-12 05:57 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-07-27 06:35 . 2012-01-11 04:52 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-07-27 06:35 . 2012-01-12 05:57 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-07-27 06:35 . 2012-01-11 04:52 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-07-27 06:35 . 2012-01-12 05:57 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-07-27 06:35 . 2012-01-11 04:52 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-07-27 06:35 . 2012-01-12 05:57 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2012-01-11 16:53 . 2010-02-05 18:27 1291776 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\backup\sp3qfe\quartz.dll
- 2012-01-11 16:53 . 2010-02-05 18:27 1291776 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\backup\sp3gdr\quartz.dll
+ 2012-01-11 16:53 . 2010-02-05 18:27 1291776 c:\windows\SDold\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\backup\sp3qfe\quartz.dll
+ 2012-01-11 16:53 . 2010-02-05 18:27 1291776 c:\windows\SDold\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\backup\sp3gdr\quartz.dll
+ 2011-12-09 01:24 . 2011-12-09 01:24 4989952 c:\windows\Installer\6f79dd.msp
- 2009-07-27 06:35 . 2012-01-11 04:52 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-07-27 06:35 . 2012-01-12 05:57 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-07-27 06:35 . 2012-01-12 05:57 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-07-27 06:35 . 2012-01-11 04:52 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-04-14 08:03 . 2012-01-12 17:44 52128560 c:\windows\system32\MRT.exe
.
-- 快照技術重新設置 --
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\TsingWai\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\TsingWai\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\TsingWai\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\TsingWai\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-09-03 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-09-03 455168]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-10-29 96816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\TsingWai\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\TsingWai\Application Data\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2004-5-9 40960]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-7-26 25214]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-22 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-27 22:54 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\DPLAY61A.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\TsingWai\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18110:TCP"= 18110:TCP:BitComet 18110 TCP
"18110:UDP"= 18110:UDP:BitComet 18110 UDP
.
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/24/2007 3:07 PM 149352]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [10/28/2008 10:08 PM 54960]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 6:55 AM 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/5/2012 1:12 AM 106104]
R3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/26/2009 5:07 PM 721904]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
‘計劃任務’ 文件夾 裡的內容
.
2011-06-20 c:\windows\Tasks\Norton Internet Security - 執行全系統掃描 - TsingWai.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 17:19]
.
.
------- 而外的掃描 -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: 下載編碼內容(S&martGet) - c:\documents and settings\TsingWai\Desktop\SmartGet1.5\dl_text.html
IE: 使用S&martGet下載 - c:\documents and settings\TsingWai\Desktop\SmartGet1.5\dl_link.htm
IE: 使用UUSee下? - c:\program files\uusee\geturltodown.htm
IE: 使用UUSee加速播放 - c:\program files\uusee\geturltoplay.htm
IE: 全部使用Smart&Get下載 - c:\documents and settings\TsingWai\Desktop\SmartGet1.5\dl_all.htm
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\TsingWai\Application Data\Mozilla\Firefox\Profiles\7ib66198.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-14 10:11
Windows 5.1.2600 Service Pack 3 NTFS
.
掃描被隱藏的進程 ...
.
掃描被隱藏的啟動組 ...
.
掃描被隱藏的文件 ...
.
掃描完成
被隱藏的檔案: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-448539723-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Koei\ N W莤1*1*]
"Order"=hex:08,00,00,00,02,00,00,00,8c,00,00,00,01,00,00,00,01,00,00,00,80,00,
00,00,00,00,00,00,72,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,60,00,36,\
.
[HKEY_USERS\S-1-5-21-2025429265-448539723-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\???\十jn0sY???D*L*Hr]
"Order"=hex:08,00,00,00,02,00,00,00,0e,01,00,00,01,00,00,00,02,00,00,00,7c,00,
00,00,00,00,00,00,6e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,32,\
.
[HKEY_USERS\S-1-5-21-2025429265-448539723-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\f?&b虥*0)Y"Y]
"Order"=hex:08,00,00,00,02,00,00,00,14,01,00,00,01,00,00,00,02,00,00,00,84,00,
00,00,00,00,00,00,76,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,64,00,36,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\f?&b虥*0)Y"Y]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,b0,9e,cf,00,00,00,00,1c,d4,61,
c1,2a,0f,ca,01,01,00,00,00,43,00,3a,00,5c,00,4c,00,69,00,4c,00,69,00,4d,00,\
"Changed"=dword:00000000
.
--------------------- 運行進程下的動態鏈接庫 ---------------------
.
- - - - - - - > 'winlogon.exe'(1368)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2284)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\documents and settings\TsingWai\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
完成時間: 2012-01-14 10:17:33
ComboFix-quarantined-files.txt 2012-01-14 16:17
ComboFix2.txt 2012-01-12 04:24
ComboFix3.txt 2012-01-09 08:24
ComboFix4.txt 2012-01-07 20:45
ComboFix5.txt 2012-01-14 15:55
.
Pre-Run: 9,908,940,800 bytes free
Post-Run: 10,955,264,000 bytes free
.
- - End Of File - - 3B9CC4362B9C8BD222CC79F00DD28797

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:21 AM

Posted 14 January 2012 - 11:52 AM

Hi!

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 astralboy

astralboy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 14 January 2012 - 02:38 PM

Hi,

Thanks for spending time in looking the log files from different tools :thumbup2:
First, Malwarebytes' did not find anything in a quick scan. Here is the log file.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.14.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
TsingWai :: TSING-WZK1EYHAL [administrator]

1/14/2012 11:04:59 AM
mbam-log-2012-01-14 (11-04-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186194
Time elapsed: 10 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 astralboy

astralboy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 14 January 2012 - 02:47 PM

Then, ESET OnlineScan found a long list of suspicious objects. In the first four lines, the question marks are the file name "my received files" of MSN messenger in Chinese Character. Somehow they are not displayed correctly. Most of suspicious objects are mp3 files. Is it possible to have any Trojan or virus in these files? Or are they just false alarm which I can safely ignore the warnings?

C:\Documents and Settings\TsingWai\My Documents\???????\20- ?????????????????.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\TsingWai\My Documents\???????\Adobe Acrobat 8.1.rar a variant of Win32/Keygen.AH application
C:\Documents and Settings\TsingWai\My Documents\???????\Software.rar Win32/Adware.Toolbar.Dealio application
C:\Documents and Settings\TsingWai\My Documents\???????\???????.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a1h.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a1j.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a1t.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a2c.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a2s.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a3d.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a3g.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a3k.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a3n.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a4b.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b1b.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b4e.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5a.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5c.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5d.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5f.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5h.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b6d.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b6i.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b6m.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c1b.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c2e.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c3a.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c3f.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c4b.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c4c.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c4h.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c5g.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e1e.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e1n.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e2a.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e2c.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e2f.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e3a.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e4f.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e4h.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e4o.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e4y.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e5a.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e5c.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e5h.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e6b.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g1g.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g1m.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g2e.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g2g.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g2h.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g3b.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g5j.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g6a.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g6d.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g6g.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j1q.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j1u.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j1z.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j2a.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j3g.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j3i.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j4j.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j5a.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j5i.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\WudfPf.sys.vir Win32/Olmarik.ZC trojan

At last, here is the log of Security Check.

Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
ESET Online Scanner v3
Norton AntiVirus
Norton AntiVirus Help
Norton Internet Security (Symantec Corporation)
Norton Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Java™ 6 Update 15
Java version out of date!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbam.exe
``````````End of Log````````````

#11 astralboy

astralboy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 14 January 2012 - 03:13 PM

Also, an update for the status of my laptop.
Over the past hour, I did not see any security threat message from my Norton, and "svchost.exe" did not take up all the computer resources. Before, it used up over 1Gb of physical memory. Now, it only used ~30 Mb of physical memory.
It seems like removing "Rootkit.Boot.Pihar.b" by TDSSKiller solved the issue.
So, is my laptop clean from any infections?

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:21 AM

Posted 15 January 2012 - 03:27 AM

Hi!

So, is my laptop clean from any infections?

We still have work to do.

Most of suspicious objects are mp3 files. Is it possible to have any Trojan or virus in these files? Or are they just false alarm which I can safely ignore the warnings?

Yes, it is possible to have infections in these files.

I need you to manually delete these files that were detected.

C:\Documents and Settings\TsingWai\My Documents\???????\20- ?????????????????.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\TsingWai\My Documents\???????\Adobe Acrobat 8.1.rar a variant of Win32/Keygen.AH application
C:\Documents and Settings\TsingWai\My Documents\???????\Software.rar Win32/Adware.Toolbar.Dealio application
C:\Documents and Settings\TsingWai\My Documents\???????\???????.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan

-------

These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\WudfPf.sys.vir Win32/Olmarik.ZC trojan


These threat(s) below will be removed very shortly:

C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a1h.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a1j.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a1t.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a2c.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a2s.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a3d.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a3g.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a3k.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a3n.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a4b.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b1b.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b4e.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5a.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5c.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5d.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5f.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5h.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b6d.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b6i.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b6m.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c1b.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c2e.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c3a.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c3f.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c4b.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c4c.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c4h.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c5g.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e1e.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e1n.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e2a.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e2c.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e2f.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e3a.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e4f.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e4h.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e4o.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e4y.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e5a.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e5c.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e5h.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e6b.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g1g.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g1m.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g2e.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g2g.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g2h.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g3b.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g5j.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g6a.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g6d.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g6g.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j1q.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j1u.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j1z.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j2a.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j3g.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j3i.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j4j.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j5a.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j5i.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586-s.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Files
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a1h.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a1j.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a1t.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a2c.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a2s.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a3d.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a3g.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a3k.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a3n.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a4b.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b1b.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b4e.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5a.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5c.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5d.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5f.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5h.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b6d.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b6i.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b6m.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c1b.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c2e.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c3a.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c3f.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c4b.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c4c.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c4h.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c5g.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e1e.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e1n.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e2a.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e2c.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e2f.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e3a.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e4f.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e4h.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e4o.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e4y.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e5a.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e5c.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e5h.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e6b.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g1g.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g1m.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g2e.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g2g.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g2h.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g3b.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g5j.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g6a.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g6d.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g6g.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j1q.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j1u.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j1z.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j2a.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j3g.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j3i.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j4j.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j5a.mp3
    C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j5i.mp3
    ipconfig /flushdns /c
    :Commands
    [purity]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 astralboy

astralboy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 15 January 2012 - 10:03 AM

Hi,

Thanks for your reply. I removed those four files manually and updated Java according to your advice.

Here is the log of running OTL fix.

All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a1h.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a1j.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a1t.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a2c.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a2s.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a3d.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a3g.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a3k.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a3n.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\a4b.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b1b.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b4e.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5a.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5c.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5d.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5f.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b5h.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b6d.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b6i.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\b6m.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c1b.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c2e.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c3a.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c3f.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c4b.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c4c.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c4h.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\c5g.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e1e.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e1n.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e2a.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e2c.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e2f.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e3a.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e4f.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e4h.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e4o.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e4y.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e5a.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e5c.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e5h.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\e6b.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g1g.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g1m.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g2e.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g2g.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g2h.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g3b.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g5j.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g6a.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g6d.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\g6g.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j1q.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j1u.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j1z.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j2a.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j3g.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j3i.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j4j.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j5a.mp3 moved successfully.
C:\Program Files\Microsoft Games\Age of Empires II\Sound\scenario\j5i.mp3 moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\TsingWai\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\TsingWai\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 76322 bytes
->FireFox cache emptied: 12854428 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 8749190 bytes
->Flash cache emptied: 24219 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 44939 bytes

User: TsingWai
->Temp folder emptied: 3304551 bytes
->Temporary Internet Files folder emptied: 1251070 bytes
->Java cache emptied: 49108179 bytes
->FireFox cache emptied: 490539121 bytes
->Flash cache emptied: 244462 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1145933 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 41380 bytes
RecycleBin emptied: 1451302232 bytes

Total Files Cleaned = 1,925.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: TsingWai
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01152012_081735

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\JETFADA.tmp not found!

Registry entries deleted on Reboot...

#14 astralboy

astralboy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 15 January 2012 - 10:05 AM

Next, here is the log of running OTL custom scan.

OTL logfile created on: 1/15/2012 8:45:32 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\TsingWai\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.62 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 71.78% Memory free
4.47 Gb Paging File | 3.91 Gb Available in Paging File | 87.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.71 Gb Total Space | 9.00 Gb Free Space | 16.76% Space Free | Partition Type: NTFS
Drive D: | 39.44 Gb Total Space | 3.36 Gb Free Space | 8.53% Space Free | Partition Type: NTFS
Drive S: | 931.51 Gb Total Space | 780.56 Gb Free Space | 83.79% Space Free | Partition Type: NTFS
Drive V: | 15.09 Gb Total Space | 0.39 Gb Free Space | 2.55% Space Free | Partition Type: FAT32

Computer Name: TSING-WZK1EYHAL | User Name: TsingWai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/13 02:58:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TsingWai\Desktop\OTL.exe
PRC - [2012/01/03 18:28:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/01 18:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\TsingWai\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2008/10/28 22:08:44 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2008/10/28 22:07:58 | 000,096,816 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2008/10/28 22:07:56 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008/10/28 22:07:20 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/05/27 16:57:00 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/27 16:53:06 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/31 10:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006/07/27 15:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 15:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004/05/09 05:36:40 | 000,040,960 | ---- | M] () -- C:\Program Files\Rainlendar\Rainlendar.exe


========== Modules (No Company Name) ==========

MOD - [2020/01/01 19:45:08 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2020/01/01 19:45:07 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2020/01/01 19:45:07 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2020/01/01 19:45:06 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/01/10 09:05:06 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_cf082df9\mscorlib.dll
MOD - [2012/01/10 09:05:02 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_7a559e11\system.drawing.dll
MOD - [2012/01/10 09:04:49 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_58a1843b\system.xml.dll
MOD - [2012/01/10 09:04:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_2903b3d7\system.windows.forms.dll
MOD - [2012/01/10 09:04:26 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2f051726\system.dll
MOD - [2012/01/10 09:04:12 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/10 09:04:11 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/01/10 09:04:09 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/01/03 18:28:49 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/07/23 02:54:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/10/28 22:08:46 | 000,068,656 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\zlib1.dll
MOD - [2008/10/28 22:08:36 | 000,970,288 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\libxml2.dll
MOD - [2007/04/02 06:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006/11/01 13:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/08/17 07:04:50 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004/05/09 05:43:25 | 000,348,160 | ---- | M] () -- C:\Program Files\Rainlendar\Rainlendar.dll
MOD - [2004/05/09 05:36:40 | 000,040,960 | ---- | M] () -- C:\Program Files\Rainlendar\Rainlendar.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2009/07/26 19:16:52 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/10/28 22:08:44 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008/10/28 22:07:56 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2008/10/28 22:07:20 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/10/02 17:25:42 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/05/27 16:54:28 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/08/31 10:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 06:35:24 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/21 17:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - [2012/01/04 18:48:24 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2011/11/08 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 03:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/17 16:22:25 | 000,268,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20120112.002\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2011/08/28 23:23:49 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/08/03 02:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120114.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 02:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120114.019\NAVENG.SYS -- (NAVENG)
DRV - [2009/07/29 22:05:10 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/07/27 01:56:40 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2009/03/17 11:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 12:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 12:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/10/28 22:08:58 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2008/10/28 22:08:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2008/10/28 22:08:56 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2008/10/28 22:08:54 | 000,857,392 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2008/10/28 22:08:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2008/10/28 16:03:28 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2008/10/28 16:03:28 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2008/10/28 16:03:28 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2008/10/02 17:24:48 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/02/29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/30 22:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 22:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 22:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/08/08 09:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/10/12 16:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/10/11 21:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/08/17 07:55:16 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/27 15:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2002/09/03 10:31:57 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 28 51 7F AD CF CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CF 19 CE 03 71 51 3A 40 B6 92 AF B7 ED 6F D1 C2 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: cctvplayer-plugin@www.cctv.com:0.11
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9E2E64EB-7D31-4E74-971B-946281FA911F}: C:\Documents and Settings\TsingWai\Local Settings\Application Data\{9E2E64EB-7D31-4E74-971B-946281FA911F}\ [2010/07/13 23:15:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{51863F06-0C9E-4768-802F-47F988452F90}: C:\Documents and Settings\TsingWai\Local Settings\Application Data\{51863F06-0C9E-4768-802F-47F988452F90}\ [2010/07/15 11:06:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBE73C1D-79A4-4EC3-B294-7800AF60987E}: C:\Documents and Settings\TsingWai\Local Settings\Application Data\{BBE73C1D-79A4-4EC3-B294-7800AF60987E}\ [2010/07/15 19:11:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{C2AF6B38-3212-495A-8D0A-56BA8D7FA668}: C:\Documents and Settings\TsingWai\Local Settings\Application Data\{C2AF6B38-3212-495A-8D0A-56BA8D7FA668}\ [2010/07/16 10:45:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B54B5207-4104-43F1-B405-56DB540C3740}: C:\Documents and Settings\TsingWai\Local Settings\Application Data\{B54B5207-4104-43F1-B405-56DB540C3740}\ [2010/07/18 18:48:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/03 18:28:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/15 08:07:44 | 000,000,000 | ---D | M]

[2012/01/11 20:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TsingWai\Application Data\Mozilla\Extensions
[2011/12/07 16:33:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TsingWai\Application Data\Mozilla\Firefox\Profiles\7ib66198.default\extensions
[2011/12/07 16:33:50 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\TsingWai\Application Data\Mozilla\Firefox\Profiles\7ib66198.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/11/09 10:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/03 18:28:50 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/08/24 03:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/10/27 07:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011/05/06 00:38:00 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\findbook-zh-TW.xml
[2011/05/06 00:38:00 | 000,001,222 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-zh-TW.xml
[2011/05/06 00:38:00 | 000,001,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-answer-zh-TW.xml
[2011/05/06 00:38:00 | 000,000,843 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-bid-zh-TW.xml
[2011/05/06 00:38:00 | 000,001,161 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-zh-TW.xml

O1 HOSTS File: ([2012/01/09 02:16:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (顯示 Norton 工具列) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (顯示 Norton 工具列) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\TsingWai\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\TsingWai\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\TsingWai\Start Menu\Programs\Startup\Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: 下載編碼內容(S&martGet) - C:\Documents and Settings\TsingWai\Desktop\SmartGet1.5\dl_text.html ()
O8 - Extra context menu item: 使用S&martGet下載 - C:\Documents and Settings\TsingWai\Desktop\SmartGet1.5\dl_link.htm ()
O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files\uusee\geturltodown.htm File not found
O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files\uusee\geturltoplay.htm File not found
O8 - Extra context menu item: 全部使用Smart&Get下載 - C:\Documents and Settings\TsingWai\Desktop\SmartGet1.5\dl_all.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248647074250 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A5B5D9E-31C9-4670-8445-9FDCD233E272}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ic32pp - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\TsingWai\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TsingWai\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/26 16:16:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32.dll ()
Drivers32: vidc.IV45 - C:\WINDOWS\System32\ir41_qc.dll (Intel Corporation.)
Drivers32: VIDC.VMnc - C:\WINDOWS\System32\vmnc.dll (VMware, Inc.)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2020/01/01 20:01:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\TsingWai\IETldCache
[2020/01/01 19:59:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2020/01/01 19:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TsingWai\Application Data\Symantec
[2020/01/01 19:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2020/01/01 19:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2020/01/01 19:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2020/01/01 19:49:22 | 000,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2020/01/01 19:49:22 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2020/01/01 19:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2020/01/01 19:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TsingWai\My Documents\Symantec
[2020/01/01 19:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2020/01/01 19:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/01/15 08:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TsingWai\Local Settings\Application Data\Sun
[2012/01/15 08:17:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/15 08:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/01/15 08:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/14 11:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/14 11:17:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/13 02:58:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TsingWai\Desktop\OTL.exe
[2012/01/13 02:51:42 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\TsingWai\Desktop\tdsskiller.exe
[2012/01/12 19:52:29 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\TsingWai\Desktop\dds.scr
[2012/01/12 11:31:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/01/11 22:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TsingWai\Application Data\Malwarebytes
[2012/01/11 22:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/11 22:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/11 22:28:22 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/11 22:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/11 21:43:05 | 004,383,253 | R--- | C] (Swearware) -- C:\Documents and Settings\TsingWai\Desktop\ComboFix.exe
[2012/01/11 20:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TsingWai\Desktop\procexp
[2012/01/10 10:38:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\SDold
[2012/01/10 07:35:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/01/09 03:21:37 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2012/01/09 03:21:36 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2012/01/09 03:21:29 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2012/01/09 03:21:28 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2012/01/09 03:20:59 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2012/01/09 03:20:58 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2012/01/09 03:20:51 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2012/01/09 03:20:36 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2012/01/09 03:20:21 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2012/01/09 03:20:20 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2012/01/09 03:20:19 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2012/01/09 03:20:11 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2012/01/09 03:20:09 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2012/01/09 03:20:08 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2012/01/09 03:20:08 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2012/01/09 03:20:00 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2012/01/09 03:19:55 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2012/01/09 03:19:54 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2012/01/09 03:19:53 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2012/01/09 03:19:41 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2012/01/09 03:19:36 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2012/01/09 03:19:33 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2012/01/09 03:19:32 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2012/01/09 03:19:24 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2012/01/09 03:19:24 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2012/01/09 03:19:24 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2012/01/09 03:19:23 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2012/01/09 03:19:22 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2012/01/09 03:19:21 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2012/01/09 03:19:12 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2012/01/09 03:19:09 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2012/01/09 03:19:09 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2012/01/09 03:19:07 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2012/01/09 03:19:04 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2012/01/09 03:19:03 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2012/01/09 03:18:53 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2012/01/09 03:18:52 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2012/01/09 03:18:39 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2012/01/09 03:18:38 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2012/01/09 03:18:37 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2012/01/09 03:18:35 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2012/01/09 03:18:32 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2012/01/09 03:18:22 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2012/01/09 03:18:05 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2012/01/09 03:18:04 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2012/01/09 03:18:02 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2012/01/09 03:18:02 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2012/01/09 03:18:01 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2012/01/09 03:17:44 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2012/01/09 03:17:43 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2012/01/09 03:17:42 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2012/01/09 03:17:40 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2012/01/09 03:17:29 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2012/01/09 03:17:28 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2012/01/09 03:17:28 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2012/01/09 03:17:28 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2012/01/09 03:17:12 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2012/01/09 03:17:10 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2012/01/09 03:17:10 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2012/01/09 03:17:02 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2012/01/09 03:17:01 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2012/01/09 03:17:00 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2012/01/09 03:16:59 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2012/01/09 03:16:58 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2012/01/09 03:16:57 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2012/01/09 03:16:57 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2012/01/09 03:16:57 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2012/01/09 03:16:56 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2012/01/09 03:16:54 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2012/01/09 03:16:54 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2012/01/09 03:16:48 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2012/01/09 03:16:47 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2012/01/09 03:16:38 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2012/01/09 03:16:34 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2012/01/09 03:16:33 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2012/01/09 03:16:32 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2012/01/09 03:16:19 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2012/01/09 03:16:19 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2012/01/09 03:16:01 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2012/01/09 03:16:00 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2012/01/09 03:16:00 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2012/01/09 03:15:52 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2012/01/09 03:15:18 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2012/01/09 03:15:15 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2012/01/09 03:15:13 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2012/01/09 03:15:12 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2012/01/09 03:15:03 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2012/01/09 03:15:03 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2012/01/09 03:15:02 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2012/01/09 03:15:01 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2012/01/09 03:14:46 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2012/01/09 03:14:33 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2012/01/09 03:14:32 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2012/01/09 03:14:29 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2012/01/09 03:14:23 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2012/01/09 03:14:22 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2012/01/09 03:14:17 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2012/01/09 03:14:16 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2012/01/09 03:14:15 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2012/01/09 03:14:14 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2012/01/09 03:14:13 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2012/01/09 03:14:12 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2012/01/09 03:14:09 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2012/01/09 03:14:09 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2012/01/09 03:14:08 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2012/01/09 03:14:07 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2012/01/09 03:14:06 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2012/01/09 03:13:28 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012/01/09 03:13:03 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012/01/09 03:12:51 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2012/01/09 03:12:50 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2012/01/09 03:12:49 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012/01/09 03:12:48 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2012/01/09 03:12:47 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012/01/09 03:12:46 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012/01/09 03:12:41 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2012/01/09 03:12:41 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2012/01/09 03:12:40 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012/01/09 03:12:39 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012/01/09 03:12:37 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2012/01/09 03:12:36 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2012/01/09 03:11:46 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2012/01/09 03:11:19 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2012/01/09 03:10:41 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2012/01/09 03:10:37 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2012/01/09 03:10:22 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/01/09 03:10:21 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2012/01/09 03:10:20 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2012/01/09 03:10:13 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2012/01/09 03:09:56 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2012/01/09 03:09:56 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2012/01/09 03:09:53 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2012/01/09 03:09:51 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2012/01/09 03:09:51 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2012/01/09 03:09:48 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012/01/09 03:09:39 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012/01/09 03:09:38 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2012/01/09 03:09:37 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2012/01/09 03:08:33 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2012/01/09 03:08:28 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012/01/09 03:08:18 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012/01/09 03:08:16 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2012/01/09 03:08:16 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2012/01/09 03:08:13 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012/01/09 03:08:12 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012/01/09 03:08:11 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012/01/09 03:08:11 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012/01/09 03:08:09 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012/01/09 03:07:54 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012/01/09 03:07:53 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012/01/09 03:07:49 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012/01/09 03:07:32 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012/01/09 03:07:31 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012/01/09 03:07:30 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012/01/09 03:07:29 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012/01/09 03:07:28 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2012/01/09 03:07:27 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2012/01/09 03:07:27 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2012/01/09 03:07:25 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/01/09 03:07:17 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2012/01/09 03:07:00 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012/01/09 03:06:51 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2012/01/09 03:06:42 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012/01/09 03:06:41 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012/01/09 03:06:40 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012/01/09 03:06:39 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012/01/09 03:06:38 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2012/01/09 03:06:35 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012/01/09 03:06:34 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012/01/09 03:06:33 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2012/01/09 03:06:32 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012/01/09 03:06:30 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012/01/09 03:06:29 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2012/01/09 03:05:39 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012/01/09 03:05:38 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012/01/09 03:05:37 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012/01/09 03:05:36 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012/01/09 03:05:35 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012/01/09 03:05:34 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012/01/09 03:05:33 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/01/09 03:05:32 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/01/09 03:05:30 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012/01/09 03:05:29 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012/01/09 03:05:28 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012/01/09 03:05:26 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012/01/09 03:05:25 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/01/09 03:05:24 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/01/09 03:05:23 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012/01/09 03:05:22 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012/01/09 03:05:21 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012/01/09 03:05:20 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012/01/09 03:05:14 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012/01/09 03:05:10 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/01/09 03:05:09 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/01/09 03:05:07 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/01/09 03:05:06 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012/01/09 03:05:05 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/01/09 03:05:04 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/01/09 03:05:03 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012/01/09 03:04:30 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/01/09 03:04:19 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/01/09 03:02:56 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/01/09 03:02:55 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/01/09 03:02:54 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/01/09 03:02:53 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/01/09 03:02:51 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/01/09 03:02:47 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/01/09 03:02:41 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/01/09 03:02:40 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/01/09 03:02:35 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/01/09 03:02:34 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/01/09 03:02:33 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/01/09 02:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2012/01/09 02:10:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/06 01:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/05 03:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2012/01/05 03:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\FileOpen
[2012/01/05 03:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2012/01/04 18:48:24 | 000,010,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2012/01/04 07:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2012/01/04 07:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\FileOpen
[2012/01/04 07:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2012/01/15 08:29:11 | 000,386,272 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/15 08:29:11 | 000,055,152 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/15 08:24:12 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/01/15 08:23:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/14 16:57:50 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/14 13:31:31 | 000,879,683 | ---- | M] () -- C:\Documents and Settings\TsingWai\Desktop\SecurityCheck.exe
[2012/01/14 09:50:36 | 004,383,253 | R--- | M] (Swearware) -- C:\Documents and Settings\TsingWai\Desktop\ComboFix.exe
[2012/01/14 09:36:24 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\TsingWai\Desktop\tdsskiller.exe
[2012/01/13 21:19:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/13 02:58:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TsingWai\Desktop\OTL.exe
[2012/01/12 19:52:26 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\TsingWai\Desktop\dds.scr
[2012/01/12 19:43:49 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\TsingWai\defogger_reenable
[2012/01/12 19:41:05 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\TsingWai\Desktop\Defogger.exe
[2012/01/12 11:42:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/11 21:35:36 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\TsingWai\Desktop\rkill.scr
[2012/01/11 10:45:05 | 000,002,052 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/11 00:22:26 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/09 09:48:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/01/09 09:48:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/01/09 04:01:28 | 000,175,104 | ---- | M] () -- C:\Documents and Settings\TsingWai\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/09 02:16:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/08 18:46:04 | 000,238,439 | ---- | M] () -- C:\Documents and Settings\TsingWai\Desktop\h_047at098pl.jpg
[2012/01/07 10:00:21 | 000,000,461 | ---- | M] () -- C:\Documents and Settings\TsingWai\Desktop\My Music.lnk
[2012/01/06 18:51:37 | 1432,710,050 | ---- | M] () -- C:\Documents and Settings\TsingWai\Desktop\性感的女學生在上學的路上 遇到癡漢玩到中出.avi
[2012/01/04 18:48:24 | 000,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2011/12/16 22:11:20 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2020/01/01 19:54:15 | 000,000,582 | ---- | C] () -- C:\WINDOWS\tasks\Norton Internet Security - 執行全系統掃描 - TsingWai.job
[2020/01/01 19:49:22 | 000,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2020/01/01 19:49:22 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/01/14 22:42:16 | 1432,710,050 | ---- | C] () -- C:\Documents and Settings\TsingWai\Desktop\性感的女學生在上學的路上 遇到癡漢玩到中出.avi
[2012/01/14 22:42:15 | 000,238,439 | ---- | C] () -- C:\Documents and Settings\TsingWai\Desktop\h_047at098pl.jpg
[2012/01/14 13:31:31 | 000,879,683 | ---- | C] () -- C:\Documents and Settings\TsingWai\Desktop\SecurityCheck.exe
[2012/01/12 20:00:29 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\TsingWai\Desktop\gmer.exe
[2012/01/12 19:43:34 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\TsingWai\defogger_reenable
[2012/01/12 19:41:07 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\TsingWai\Desktop\Defogger.exe
[2012/01/11 21:35:37 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\TsingWai\Desktop\rkill.scr
[2012/01/11 10:45:05 | 000,002,052 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/01/09 03:21:34 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2012/01/09 03:21:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2012/01/09 03:15:55 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2012/01/09 03:15:53 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2012/01/09 03:13:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012/01/09 03:10:40 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2012/01/09 03:10:38 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2012/01/09 03:10:36 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2012/01/09 03:10:34 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2012/01/09 03:10:33 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2012/01/09 03:08:15 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2012/01/09 03:08:15 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2012/01/09 03:08:14 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2012/01/09 03:04:56 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/01/09 03:04:55 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/01/09 03:04:53 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/01/09 03:04:52 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/01/09 03:04:51 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/01/09 03:04:50 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/01/09 03:04:49 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/01/09 03:04:48 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/01/09 03:04:45 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/01/09 03:04:36 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/01/07 17:34:49 | 2027,847,680 | ---- | C] () -- C:\Documents and Settings\TsingWai\Desktop\kindan.iso
[2012/01/07 17:34:49 | 000,004,314 | ---- | C] () -- C:\Documents and Settings\TsingWai\Desktop\kindan.mds
[2012/01/07 10:00:10 | 000,000,461 | ---- | C] () -- C:\Documents and Settings\TsingWai\Desktop\My Music.lnk
[2012/01/06 01:03:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/23 01:22:50 | 000,000,063 | ---- | C] () -- C:\WINDOWS\kuraidvd.ini
[2011/08/28 02:28:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/28 02:28:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/28 02:28:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/28 02:28:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/28 02:28:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/13 02:05:49 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/12 14:31:36 | 000,000,118 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2010/06/12 14:31:36 | 000,000,017 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2010/04/05 21:22:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jzagofiwupuc.dat
[2010/04/05 21:22:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hfakutilesolasiw.bin
[2009/12/04 01:40:06 | 000,132,429 | ---- | C] () -- C:\WINDOWS\unstall.exe
[2009/08/22 13:01:51 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\TsingWai\Application Data\setup_ldm.iss
[2009/07/28 23:09:31 | 000,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll
[2009/07/27 01:26:32 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/26 23:30:46 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/07/26 23:30:41 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009/07/26 23:28:05 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\MXWMA.dll
[2009/07/26 18:05:03 | 000,175,104 | ---- | C] () -- C:\Documents and Settings\TsingWai\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/26 17:09:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/26 17:00:23 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/07/26 17:00:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/07/26 17:00:21 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/07/26 16:51:25 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\TsingWai\Local Settings\Application Data\fusioncache.dat
[2009/07/26 16:32:56 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/07/26 16:17:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/26 16:14:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/26 10:57:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/26 10:56:22 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/26 23:30:47 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/07/26 23:30:47 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/09/13 05:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2003/05/09 16:36:30 | 000,151,744 | ---- | C] () -- C:\WINDOWS\System32\ir32.dll
[2002/09/03 11:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 11:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 10:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 10:52:00 | 000,386,272 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 10:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 10:51:54 | 000,055,152 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 10:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 10:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 10:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 10:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 10:30:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2010/08/09 02:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASign
[2011/08/20 19:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010/04/20 20:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2010/02/25 22:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grid
[2010/10/19 21:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/10/26 20:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2010/01/31 10:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLiveVA
[2011/07/03 14:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/19 22:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TsingWai\Application Data\Anim
[2011/08/20 19:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TsingWai\Application Data\Babylon
[2010/08/31 01:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TsingWai\Application Data\BDL+P
[2011/04/20 17:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TsingWai\Application Data\BitComet
[2010/06/12 14:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TsingWai\Application Data\CCTV
[2012/01/15 08:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TsingWai\Application Data\Dropbox
[2010/04/20 20:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TsingWai\Application Data\FileOpen
[2009/08/08 00:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TsingWai\Application Data\iSilo
[2010/10/19 21:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TsingWai\Application Data\Juniper Networks
[2009/08/22 13:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TsingWai\Application Data\Leadertech
[2009/07/29 01:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TsingWai\Application Data\PPLiveVA
[2010/04/19 20:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TsingWai\Application Data\PPStream
[2009/07/28 11:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TsingWai\Application Data\Rainlendar

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/03 18:28:44 | 000,713,272 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/03 18:28:44 | 000,713,272 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/03 18:28:44 | 000,713,272 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/03 18:28:50 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/03 18:28:50 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/03 18:28:50 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 05:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 05:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 05:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/09/03 10:45:27 | 000,094,208 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2011/09/23 01:20:42 | 000,000,000 | ---D | M](C:\Program Files\FlyingShine?) -- C:\Program Files\FlyingShine黒
[2011/09/23 01:20:42 | 000,000,000 | ---D | M](C:\Program Files\FlyingShine?) -- C:\Program Files\FlyingShine黒
[2011/09/13 00:22:27 | 008,087,175 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\??軌跡.mp3) -- C:\Documents and Settings\TsingWai\Desktop\ゼロ軌跡.mp3
[2011/09/08 00:34:59 | 171,575,831 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FoxSUB]WIZARD GIRL AMBITIOUS 「????????~小振????????????反逆~」.mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FoxSUB]WIZARD GIRL AMBITIOUS 「ぷちパイ・アスカ~小振りなわがままウィザードの反逆~」.mp4
[2011/09/08 00:29:40 | 171,575,831 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FoxSUB]WIZARD GIRL AMBITIOUS 「????????~小振????????????反逆~」.mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FoxSUB]WIZARD GIRL AMBITIOUS 「ぷちパイ・アスカ~小振りなわがままウィザードの反逆~」.mp4
[2011/08/20 21:36:24 | 008,087,175 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\??軌跡.mp3) -- C:\Documents and Settings\TsingWai\Desktop\ゼロ軌跡.mp3
[2011/08/04 00:33:02 | 000,000,000 | ---D | M](C:\禁??病棟) -- C:\禁断の病棟
[2011/08/03 22:48:01 | 000,040,492 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]超昂閃忍??? ? 「?龍輪」[BDRIP][01][1920x1080][AVC_FLAC][032F8621].ssa) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]超昂閃忍ハルカ 壱 「双龍輪」[BDRIP][01][1920x1080][AVC_FLAC][032F8621].ssa
[2011/08/03 19:12:06 | 000,040,492 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]超昂閃忍??? ? 「?龍輪」[BDRIP][01][1920x1080][AVC_FLAC][032F8621].ssa) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]超昂閃忍ハルカ 壱 「双龍輪」[BDRIP][01][1920x1080][AVC_FLAC][032F8621].ssa
[2011/08/03 19:03:02 | 824,781,826 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]超昂閃忍??? ? 「?龍輪」[BDRIP][01][1920x1080][AVC_FLAC][032F8621].mkv) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]超昂閃忍ハルカ 壱 「双龍輪」[BDRIP][01][1920x1080][AVC_FLAC][032F8621].mkv
[2011/08/02 01:49:45 | 000,000,000 | ---D | C](C:\禁??病棟) -- C:\禁断の病棟
[2011/07/27 01:01:11 | 106,644,471 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]?園3~華麗???辱[854x480][x264_aac][mp4] .mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]学園3~華麗なる悦辱[854x480][x264_aac][mp4] .mp4
[2011/07/27 00:56:54 | 106,644,471 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]?園3~華麗???辱[854x480][x264_aac][mp4] .mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]学園3~華麗なる悦辱[854x480][x264_aac][mp4] .mp4
[2011/07/10 19:07:33 | 129,786,363 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]魔法少女??? Vol.01「???、????!」[854x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]魔法少女えれな Vol.01「えれな、イキます!」[854x480][x264_aac][mp4].mp4
[2011/07/10 19:02:18 | 129,786,363 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]魔法少女??? Vol.01「???、????!」[854x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]魔法少女えれな Vol.01「えれな、イキます!」[854x480][x264_aac][mp4].mp4
[2011/07/03 14:43:36 | 145,778,508 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]??????夜 第一?「????捕縛」」[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]くのいち・咲夜 第一巻「くのいち捕縛」」[720x480][x264_aac][mp4].mp4
[2011/06/26 18:03:50 | 147,340,139 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]-桃音-貴方???????[854x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]-桃音-貴方だけこんばんわ[854x480][x264_aac][mp4].mp4
[2011/06/26 17:57:53 | 147,340,139 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]-桃音-貴方???????[854x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]-桃音-貴方だけこんばんわ[854x480][x264_aac][mp4].mp4
[2011/06/26 17:19:30 | 086,366,805 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]Bust to Bust-??????- ?????????腐?????美味??????[854x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]Bust to Bust-ちちはちちに- 続・ちょっとくらい腐ってるのが美味いんですよ?[854x480][x264_aac][mp4].mp4
[2011/06/26 17:16:04 | 086,366,805 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]Bust to Bust-??????- ?????????腐?????美味??????[854x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]Bust to Bust-ちちはちちに- 続・ちょっとくらい腐ってるのが美味いんですよ?[854x480][x264_aac][mp4].mp4
[2011/06/26 00:12:39 | 098,067,508 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]H??????好?????~ 二甘 Sweet Home~02[854x480][x264_aac].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]Hなお姉さんは好きですか?~ 二甘 Sweet Home~02[854x480][x264_aac].mp4
[2011/06/26 00:08:41 | 098,067,508 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]H??????好?????~ 二甘 Sweet Home~02[854x480][x264_aac].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]Hなお姉さんは好きですか?~ 二甘 Sweet Home~02[854x480][x264_aac].mp4
[2011/06/25 23:23:19 | 242,623,326 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]山??花 -真?-[DVDrip][848x480][x264_aac][mkv].mkv) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]山姫の花 -真穂-[DVDrip][848x480][x264_aac][mkv].mkv
[2011/06/25 23:13:30 | 242,623,326 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]山??花 -真?-[DVDrip][848x480][x264_aac][mkv].mkv) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]山姫の花 -真穂-[DVDrip][848x480][x264_aac][mkv].mkv
[2011/05/20 01:39:01 | 146,019,215 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]15美少女漂流? 3[854x480][x264_aac][mkv].mkv) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]15美少女漂流记 3[854x480][x264_aac][mkv].mkv
[2011/05/20 01:32:35 | 146,019,215 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]15美少女漂流? 3[854x480][x264_aac][mkv].mkv) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]15美少女漂流记 3[854x480][x264_aac][mkv].mkv
[2011/05/06 01:05:56 | 136,525,663 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]??????部 ~第一話 山崎鈴子?桂木愛子~[854x480][x264_aac][mp4] .mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]りんかん倶楽部 ~第一話 山崎鈴子と桂木愛子~[854x480][x264_aac][mp4] .mp4
[2011/05/06 01:00:25 | 136,525,663 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]??????部 ~第一話 山崎鈴子?桂木愛子~[854x480][x264_aac][mp4] .mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]りんかん倶楽部 ~第一話 山崎鈴子と桂木愛子~[854x480][x264_aac][mp4] .mp4
[2011/04/11 00:53:42 | 146,012,210 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB] 少女?機 ????????? 「美神?落??=?????」[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB] 少女戦機 ブレインジャッカー 「美神陥落リン=カイフォン」[720x480][x264_aac][mp4].mp4
[2011/04/11 00:47:48 | 146,012,210 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB] 少女?機 ????????? 「美神?落??=?????」[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB] 少女戦機 ブレインジャッカー 「美神陥落リン=カイフォン」[720x480][x264_aac][mp4].mp4
[2011/03/27 01:30:31 | 077,835,361 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]?園 3 ~華麗???辱~ THE ANIMATION EPISODE01[720x480][x264_aac][mp4](2).mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]学園 3 ~華麗なる悦辱~ THE ANIMATION EPISODE01[720x480][x264_aac][mp4](2).mp4
[2011/03/27 01:27:23 | 077,835,361 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]?園 3 ~華麗???辱~ THE ANIMATION EPISODE01[720x480][x264_aac][mp4](2).mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]学園 3 ~華麗なる悦辱~ THE ANIMATION EPISODE01[720x480][x264_aac][mp4](2).mp4
[2011/03/23 22:05:22 | 003,996,074 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\KOKIA - ?????.mp3) -- C:\Documents and Settings\TsingWai\Desktop\KOKIA - ありがとう.mp3
[2011/03/23 21:32:14 | 003,996,074 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\KOKIA - ?????.mp3) -- C:\Documents and Settings\TsingWai\Desktop\KOKIA - ありがとう.mp3
[2011/03/20 02:00:23 | 089,748,479 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]綾音-貴方???????[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]綾音-貴方だけこんばんわ[720x480][x264_aac][mp4].mp4
[2011/03/20 01:56:47 | 089,748,479 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]綾音-貴方???????[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]綾音-貴方だけこんばんわ[720x480][x264_aac][mp4].mp4
[2011/03/18 19:10:11 | 144,301,861 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]吸尻鬼 上? 淫肛??望??一族[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]吸尻鬼 上巻 淫肛を渇望する一族[720x480][x264_aac][mp4].mp4
[2011/03/18 19:04:25 | 144,301,861 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]吸尻鬼 上? 淫肛??望??一族[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]吸尻鬼 上巻 淫肛を渇望する一族[720x480][x264_aac][mp4].mp4
[2011/03/05 03:35:04 | 145,778,508 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]??????夜 第一?「????捕縛」」[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]くのいち・咲夜 第一巻「くのいち捕縛」」[720x480][x264_aac][mp4].mp4
[2011/02/26 18:36:51 | 074,654,837 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]??×2[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]オナ×2[720x480][x264_aac][mp4].mp4
[2011/02/26 18:33:54 | 074,654,837 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]??×2[720x480][x264_aac][mp4].mp4) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]オナ×2[720x480][x264_aac][mp4].mp4
[2011/01/19 21:23:56 | 000,000,000 | ---D | M](C:\Documents and Settings\TsingWai\Desktop\eufonius - 比翼?羽根) -- C:\Documents and Settings\TsingWai\Desktop\eufonius - 比翼の羽根
[2011/01/19 21:23:54 | 000,000,000 | ---D | C](C:\Documents and Settings\TsingWai\Desktop\eufonius - 比翼?羽根) -- C:\Documents and Settings\TsingWai\Desktop\eufonius - 比翼の羽根
[2010/12/25 12:04:13 | 824,781,826 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]超昂閃忍??? ? 「?龍輪」[BDRIP][01][1920x1080][AVC_FLAC][032F8621].mkv) -- C:\Documents and Settings\TsingWai\Desktop\[FOXSUB]超昂閃忍ハルカ 壱 「双龍輪」[BDRIP][01][1920x1080][AVC_FLAC][032F8621].mkv
[2010/08/09 01:49:56 | 000,000,000 | ---D | M](C:\Documents and Settings\TsingWai\???? ????) -- C:\Documents and Settings\TsingWai\スタート メニュー
[2010/06/27 12:02:56 | 000,000,720 | ---- | M] ()(C:\Documents and Settings\TsingWai\Application Data\Microsoft\Internet Explorer\Quick Launch\UUSee 网???.lnk) -- C:\Documents and Settings\TsingWai\Application Data\Microsoft\Internet Explorer\Quick Launch\UUSee 网络电视.lnk
[2010/06/27 12:02:56 | 000,000,720 | ---- | C] ()(C:\Documents and Settings\TsingWai\Application Data\Microsoft\Internet Explorer\Quick Launch\UUSee 网???.lnk) -- C:\Documents and Settings\TsingWai\Application Data\Microsoft\Internet Explorer\Quick Launch\UUSee 网络电视.lnk
[2010/03/14 01:35:23 | 016,137,635 | ---- | M] ()(C:\Documents and Settings\TsingWai\Desktop\[星辰往人小?]灼眼的夏娜小?1-18卷 外? (附豪??集).rar) -- C:\Documents and Settings\TsingWai\Desktop\[星辰往人小组]灼眼的夏娜小说1-18卷 外传 (附豪华图集).rar
[2010/03/14 01:09:20 | 016,137,635 | ---- | C] ()(C:\Documents and Settings\TsingWai\Desktop\[星辰往人小?]灼眼的夏娜小?1-18卷 外? (附豪??集).rar) -- C:\Documents and Settings\TsingWai\Desktop\[星辰往人小组]灼眼的夏娜小说1-18卷 外传 (附豪华图集).rar
[2009/09/15 19:51:58 | 000,000,912 | ---- | M] ()(C:\Documents and Settings\TsingWai\My Documents\?????@???????.lnk) -- C:\Documents and Settings\TsingWai\My Documents\ァレェコヲ@・ホク・ニァィ.lnk
[2009/09/15 19:51:58 | 000,000,912 | ---- | C] ()(C:\Documents and Settings\TsingWai\My Documents\?????@???????.lnk) -- C:\Documents and Settings\TsingWai\My Documents\ァレェコヲ@・ホク・ニァィ.lnk
[2009/07/29 02:16:04 | 000,000,000 | ---D | M](C:\Documents and Settings\TsingWai\Desktop\(同人???)[090608]「???????? 」???????「DL版」) -- C:\Documents and Settings\TsingWai\Desktop\(同人ゲーム)[090608]「ディーゼルマイン 」はじめてどうし「DL版」
[2009/07/29 02:01:02 | 000,000,000 | ---D | C](C:\Documents and Settings\TsingWai\Desktop\(同人???)[090608]「???????? 」???????「DL版」) -- C:\Documents and Settings\TsingWai\Desktop\(同人ゲーム)[090608]「ディーゼルマイン 」はじめてどうし「DL版」
(C:\Program Files\FlyingShine?) -- C:\Program Files\FlyingShine黒
(C:\Documents and Settings\TsingWai\Start Menu\Programs\禁??病棟) -- C:\Documents and Settings\TsingWai\Start Menu\Programs\禁断の病棟
(C:\Documents and Settings\TsingWai\???? ????) -- C:\Documents and Settings\TsingWai\スタート メニュー
(C:\Documents and Settings\All Users\Start Menu\Programs\FlyingShine?) -- C:\Documents and Settings\All Users\Start Menu\Programs\FlyingShine黒

< End of report >

#15 astralboy

astralboy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 15 January 2012 - 10:11 AM

Until now, my computer is running fine. The cpu and physical memory looks reasonable. Norton did not show any warning message of web attack. Everything looks normal to me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users