Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

doubtful existence of malicious software, combofix hangs when tries to shutdown


  • Please log in to reply
28 replies to this topic

#1 bsmile

bsmile

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 09 April 2014 - 12:32 PM

I used combofix for removal of weird bad software (sorry, I know it's not right to use it by myself until I get to the forum for help). Combofix can always find several things to delete. When it starts to shut down the computer and restart, it hungs there with mouse, keyboard still responding normally. I have to manually restart it and everything comes back to normal. But those bad things come back too as is verified by running combofix immediately after the restart. Actually I don't know whether they are truely bad things as they hadn't interfere with my everyday usage of the computer. And, it could be combofix miscategorizes something as bad. But now I am preparing a clean system for ghost backup, and I think I really need to address the concern of failure to restart by combofix, thus I come here for help.

 

DDS (Ver_2012-11-20.01) - FAT32_x86
Internet Explorer: 8.0.6001.18702
Run by MS at 11:58:19 on 2014-04-09
Microsoft Windows XP Professional  5.1.2600.3.936.86.1033.18.2006.658 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ActualWindowMinimizer\ActualWindowMinimizerCenter.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Belkin\F9L1101\V1\PBN.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\QvodPlayer\QvodTerminal.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
D:\software\putty.exe
D:\software\putty.exe
D:\software\putty.exe
D:\software\putty.exe
D:\software\putty.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
D:\software\putty.exe
D:\software\putty.exe
D:\software\putty.exe
D:\software\putty.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.daemonsearch.com/intl/
uInternet Connection Wizard,ShellNext = hxxp://google.daemonsearch.com/intl/
BHO: ThunderAtOnce Class: {01443AEC-0FD1-40fd-9C87-E93D1494C233} - c:\program files\thunder network\thunder\comdlls\TDAtOnce_Now.dll
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: QvodExtend: {A8502600-B272-4F68-A67B-A0305D46D297} - c:\program files\qvodplayer\qvodextend\5.0.91.0\QvodExtend.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Actual Window Minimizer] "c:\program files\actualwindowminimizer\ActualWindowMinimizerCenter.exe"
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TrackPointSrv] tp4serv.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TpShocks] TpShocks.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f9l1101\v1\PBN.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: 使用迅雷下载 - c:\program files\thunder network\thunder\program\geturl.htm
IE: 使用迅雷下载全部链接 - c:\program files\thunder network\thunder\program\getallurl.htm
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\thunder network\thunder\Thunder.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 147.155.199.4 147.155.92.5 147.155.91.12
TCP: Interfaces\{B20190D9-E3E8-48EE-9F7D-8BF1CF754961} : DHCPNameServer = 147.155.199.4 147.155.92.5 147.155.91.12
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ms\application data\mozilla\firefox\profiles\m4j09occ.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\qvodplayer\npQvodInsert.dll
FF - plugin: c:\program files\qvodplayer\npShareModule.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2014-1-3 14624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-4-1 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-4-1 857912]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-8-27 1464856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-1 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-4-1 107736]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2008-8-26 13840]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-3-30 171416]
S2 WLANBelkinService;Belkin WLAN service;c:\program files\belkin\f9l1101\v1\wlansrv.exe [2012-10-5 86016]
S3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2009-11-6 642432]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-3-30 3921880]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-3-30 1042272]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE
ShellExec: regsvr32.exe: RegDLL=regsvr32 %1
ShellExec: regsvr32.exe: UnRegDLL=regsvr32 /u %1
.
=============== Created Last 30 ================
.
2014-04-09 05:58:32    --------    d-s---w-    C:\ComboFix
2014-04-06 03:28:09    --------    d-----w-    c:\documents and settings\ms\local settings\application data\Google
2014-04-05 16:12:25    --------    d-----w-    c:\program files\Belkin
2014-04-05 16:12:07    --------    d-----w-    c:\windows\{FF6654AC-6C49-4BA9-B6CC-868D13DE0321}
2014-04-03 20:20:14    --------    d-----w-    c:\program files\jj5.2
2014-04-02 15:18:47    --------    d-----w-    c:\documents and settings\ms\local settings\application data\jjtmp
2014-04-02 15:18:39    --------    d-----w-    c:\program files\jj
2014-04-01 16:35:00    --------    d-sha-r-    C:\cmdcons
2014-04-01 16:33:51    98816    ----a-w-    c:\windows\sed.exe
2014-04-01 16:33:51    256000    ----a-w-    c:\windows\PEV.exe
2014-04-01 16:33:51    208896    ----a-w-    c:\windows\MBR.exe
2014-04-01 16:07:21    107736    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-01 16:06:43    50648    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-04-01 16:06:43    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-01 16:06:43    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-04-01 16:06:43    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2014-03-31 15:37:09    272128    ------w-    c:\windows\system32\dllcache\bthport.sys
2014-03-31 15:37:01    953856    ------w-    c:\windows\system32\dllcache\mfc40u.dll
2014-03-31 15:36:36    456320    ------w-    c:\windows\system32\dllcache\mrxsmb.sys
2014-03-31 15:36:22    617472    ------w-    c:\windows\system32\dllcache\comctl32.dll
2014-03-31 15:36:06    471552    ------w-    c:\windows\system32\dllcache\aclayers.dll
2014-03-31 15:35:55    25088    ------w-    c:\windows\system32\dllcache\hidparse.sys
2014-03-31 15:35:54    14976    ------w-    c:\windows\system32\dllcache\usbscan.sys
2014-03-31 15:35:35    744448    ------w-    c:\windows\system32\dllcache\helpsvc.exe
2014-03-31 15:35:00    81920    ------w-    c:\windows\system32\dllcache\fontsub.dll
2014-03-31 15:35:00    119808    ------w-    c:\windows\system32\dllcache\t2embed.dll
2014-03-31 15:33:25    536576    ------w-    c:\windows\system32\dllcache\msado15.dll
2014-03-31 15:33:24    203136    ------w-    c:\windows\system32\dllcache\rmcast.sys
2014-03-31 15:33:14    331776    ------w-    c:\windows\system32\dllcache\msadce.dll
2014-03-31 15:32:17    105472    ------w-    c:\windows\system32\dllcache\mup.sys
2014-03-31 15:31:22    3558912    ------w-    c:\windows\system32\dllcache\moviemk.exe
2014-03-31 15:31:20    139784    ------w-    c:\windows\system32\dllcache\rdpwd.sys
2014-03-31 15:31:12    5376    ------w-    c:\windows\system32\dllcache\usbd.sys
2014-03-31 15:31:12    32384    ------w-    c:\windows\system32\dllcache\usbccgp.sys
2014-03-31 15:31:12    30336    ------w-    c:\windows\system32\dllcache\usbehci.sys
2014-03-31 15:31:12    144128    ------w-    c:\windows\system32\dllcache\usbport.sys
2014-03-31 15:30:34    718336    ------w-    c:\windows\system32\dllcache\ntdll.dll
2014-03-31 15:30:33    2193536    ------w-    c:\windows\system32\dllcache\ntoskrnl.exe
2014-03-31 15:30:33    2149888    ------w-    c:\windows\system32\dllcache\ntkrnlmp.exe
2014-03-31 15:30:33    2070144    ------w-    c:\windows\system32\dllcache\ntkrnlpa.exe
2014-03-31 15:30:33    2028544    ------w-    c:\windows\system32\dllcache\ntkrpamp.exe
2014-03-31 15:30:26    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
2014-03-31 15:30:23    218112    ------w-    c:\windows\system32\dllcache\wordpad.exe
2014-03-31 15:29:54    --------    d-----w-    c:\documents and settings\ms\local settings\application data\Thunderbird
2014-03-31 15:29:45    10496    ------w-    c:\windows\system32\dllcache\ndistapi.sys
2014-03-31 15:29:21    3072    ------w-    c:\windows\system32\iacenc.dll
2014-03-31 15:29:21    3072    ------w-    c:\windows\system32\dllcache\iacenc.dll
2014-03-31 15:29:18    40960    ------w-    c:\windows\system32\dllcache\ndproxy.sys
2014-03-31 15:28:11    45568    ------w-    c:\windows\system32\dllcache\wab.exe
2014-03-31 08:34:01    --------    d-----w-    c:\documents and settings\ms\local settings\application data\IsolatedStorage
2014-03-31 08:33:55    --------    d-----w-    c:\documents and settings\ms\local settings\application data\Intuit
2014-03-31 08:16:03    --------    d-----w-    c:\documents and settings\ms\application data\Intuit
2014-03-31 08:13:23    --------    d-----w-    c:\program files\common files\Intuit
2014-03-31 07:51:29    --------    d-----w-    c:\program files\TurboTax
2014-03-31 07:47:23    --------    d-----w-    c:\documents and settings\all users\application data\Intuit
2014-03-31 07:07:59    --------    d-sh--w-    c:\documents and settings\ms\PrivacIE
2014-03-31 06:44:59    --------    d-sh--w-    c:\documents and settings\ms\IETldCache
2014-03-31 06:40:11    --------    d-----w-    c:\documents and settings\ms\local settings\application data\Skype
2014-03-31 06:39:38    --------    d-----r-    c:\program files\Skype
2014-03-31 06:37:41    --------    d-----w-    c:\windows\ie8updates
2014-03-31 06:35:09    --------    d--h--w-    c:\windows\ie8
2014-03-31 06:33:17    522240    ------w-    c:\windows\system32\dllcache\jsdbgui.dll
2014-03-31 06:33:08    6144    ------w-    c:\windows\system32\dllcache\iecompat.dll
2014-03-31 06:33:05    630272    ------w-    c:\windows\system32\dllcache\msfeeds.dll
2014-03-31 06:33:05    55296    ------w-    c:\windows\system32\dllcache\msfeedsbs.dll
2014-03-31 06:33:05    12800    ------w-    c:\windows\system32\dllcache\xpshims.dll
2014-03-31 06:33:04    743424    ------w-    c:\windows\system32\dllcache\iedvtool.dll
2014-03-31 06:33:04    247808    ------w-    c:\windows\system32\dllcache\ieproxy.dll
2014-03-31 06:33:03    2006016    ------w-    c:\windows\system32\dllcache\iertutil.dll
2014-03-31 06:33:01    11113472    ------w-    c:\windows\system32\dllcache\ieframe.dll
2014-03-31 06:29:29    --------    d-----w-    c:\program files\MSECache
2014-03-31 06:28:07    --------    d-----w-    C:\TDDOWNLOAD
2014-03-31 06:23:51    --------    d-----w-    c:\documents and settings\ms\application data\Wise Disk Cleaner
2014-03-31 06:23:48    --------    d-----w-    c:\program files\Wise
2014-03-31 06:13:08    294912    ------w-    c:\program files\windows media player\dlimport.exe
2014-03-31 06:13:05    294912    ------w-    c:\windows\system32\dllcache\dlimport.exe
2014-03-31 06:07:34    19569    ----a-w-    c:\windows\002929_.tmp
2014-03-31 05:51:00    --------    d-----w-    c:\program files\MSXML 6.0
2014-03-31 05:50:56    --------    d-----w-    c:\program files\MSXML 4.0
2014-03-31 04:22:14    378152    ----a-w-    c:\windows\system32\ml32i3.dll
2014-03-31 04:22:14    185640    ----a-w-    c:\windows\system32\mlmodule32.dll
2014-03-31 04:14:26    --------    d-----w-    c:\program files\WinISO
2014-03-31 03:32:15    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 03:32:15    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-30 19:15:14    --------    d-----w-    c:\documents and settings\ms\application data\baiduAddr
2014-03-30 19:13:47    --------    d-----w-    c:\documents and settings\ms\local settings\application data\Pyjj
2014-03-30 19:10:28    --------    d--h--w-    c:\documents and settings\all users\Device
2014-03-30 19:10:16    --------    d-----w-    c:\documents and settings\all users\QvodPlayer
2014-03-30 19:10:15    --------    d-----w-    c:\program files\QvodPlayer
2014-03-30 19:07:05    --------    d-----w-    c:\program files\Vim
2014-03-30 18:39:39    --------    d-----w-    c:\documents and settings\ms\application data\Actual Tools
2014-03-30 18:39:18    --------    d-----w-    c:\program files\ActualWindowMinimizer
2014-03-30 18:36:01    164120    ----a-w-    c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
2014-03-30 18:35:55    --------    d-----w-    c:\program files\Tracker Software
2014-03-30 18:28:30    --------    d-----w-    c:\windows\pss
2014-03-30 18:26:59    18968    ----a-w-    c:\windows\system32\sdnclean.exe
2014-03-30 18:26:52    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2014-03-30 18:18:21    --------    d-----w-    c:\windows\system32\appmgmt
.
==================== Find3M  ====================
.
2014-02-25 00:46:36    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-25 00:45:58    43520    ------w-    c:\windows\system32\licmgr10.dll
2014-02-25 00:45:58    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2014-02-25 00:45:42    18944    ------w-    c:\windows\system32\corpol.dll
2014-02-24 23:54:22    385024    ------w-    c:\windows\system32\html.iec
2014-02-07 01:01:38    1879040    ----a-w-    c:\windows\system32\win32k.sys
2014-02-05 07:55:04    562688    ----a-w-    c:\windows\system32\qedit.dll
.
============= FINISH: 11:58:50.48 ===============

Attached File  attach.txt   12.62KB   1 downloads



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 14 April 2014 - 12:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/530500 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 bsmile

bsmile
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 16 April 2014 - 11:16 PM

I ran combofix to clean my system. It  always finds several things to delete. When it starts to shut down the computer and restart, it hungs there with mouse, keyboard still responding normally. I have to manually restart it and everything comes back to normal. But those bad things come back too as is verified by running combofix immediately after the restart. I want help to fix this failure to restart the computer by combofix.

 

I do NOT have my original CD available.

 

Thanks for your help.

 

=========================================

=========================================

DDS (Ver_2012-11-20.01) - FAT32_x86
Internet Explorer: 8.0.6001.18702
Run by MS at 23:02:36 on 2014-04-16
Microsoft Windows XP Professional  5.1.2600.3.936.86.1033.18.2006.1246 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\QvodPlayer\QvodTerminal.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ActualWindowMinimizer\ActualWindowMinimizerCenter.exe
C:\Program Files\Belkin\F9L1101\V1\PBN.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.daemonsearch.com/intl/
uInternet Connection Wizard,ShellNext = hxxp://google.daemonsearch.com/intl/
BHO: ThunderAtOnce Class: {01443AEC-0FD1-40fd-9C87-E93D1494C233} - c:\program files\thunder network\thunder\comdlls\TDAtOnce_Now.dll
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: QvodExtend: {A8502600-B272-4F68-A67B-A0305D46D297} - c:\program files\qvodplayer\qvodextend\5.0.91.0\QvodExtend.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Actual Window Minimizer] "c:\program files\actualwindowminimizer\ActualWindowMinimizerCenter.exe"
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TrackPointSrv] tp4serv.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TpShocks] TpShocks.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [QvodTerminal] "c:\program files\qvodplayer\QvodTerminal.exe" -autorun
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f9l1101\v1\PBN.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: 使用迅雷下载 - c:\program files\thunder network\thunder\program\geturl.htm
IE: 使用迅雷下载全部链接 - c:\program files\thunder network\thunder\program\getallurl.htm
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\thunder network\thunder\Thunder.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{B20190D9-E3E8-48EE-9F7D-8BF1CF754961} : DHCPNameServer = 97.64.168.12 97.64.183.165
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ms\application data\mozilla\firefox\profiles\m4j09occ.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\qvodplayer\npQvodInsert.dll
FF - plugin: c:\program files\qvodplayer\npShareModule.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_182.dll
.
============= SERVICES / DRIVERS ===============
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-8-27 1464856]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2008-8-26 13840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-3-30 171416]
S2 WLANBelkinService;Belkin WLAN service;c:\program files\belkin\f9l1101\v1\wlansrv.exe [2012-10-5 86016]
S3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2009-11-6 642432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-3-30 3921880]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-3-30 1042272]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE
ShellExec: regsvr32.exe: RegDLL=regsvr32 %1
ShellExec: regsvr32.exe: UnRegDLL=regsvr32 /u %1
.
=============== Created Last 30 ================
.
2014-04-09 21:51:44    --------    d-----w-    c:\documents and settings\ms\application data\Design Science
2014-04-09 21:51:10    --------    d-----w-    c:\program files\MathType
2014-04-09 05:58:32    --------    d-s---w-    C:\ComboFix
2014-04-06 03:28:09    --------    d-----w-    c:\documents and settings\ms\local settings\application data\Google
2014-04-05 16:12:25    --------    d-----w-    c:\program files\Belkin
2014-04-05 16:12:07    --------    d-----w-    c:\windows\{FF6654AC-6C49-4BA9-B6CC-868D13DE0321}
2014-04-03 20:20:14    --------    d-----w-    c:\program files\jj5.2
2014-04-02 15:18:47    --------    d-----w-    c:\documents and settings\ms\local settings\application data\jjtmp
2014-04-02 15:18:39    --------    d-----w-    c:\program files\jj
2014-04-01 16:35:00    --------    d-sha-r-    C:\cmdcons
2014-04-01 16:33:51    98816    ----a-w-    c:\windows\sed.exe
2014-04-01 16:33:51    256000    ----a-w-    c:\windows\PEV.exe
2014-04-01 16:33:51    208896    ----a-w-    c:\windows\MBR.exe
2014-04-01 16:07:21    107736    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-01 16:06:43    50648    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-04-01 16:06:43    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-01 16:06:43    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-04-01 16:06:43    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2014-03-31 15:37:09    272128    ------w-    c:\windows\system32\dllcache\bthport.sys
2014-03-31 15:37:01    953856    ------w-    c:\windows\system32\dllcache\mfc40u.dll
2014-03-31 15:36:36    456320    ------w-    c:\windows\system32\dllcache\mrxsmb.sys
2014-03-31 15:36:22    617472    ------w-    c:\windows\system32\dllcache\comctl32.dll
2014-03-31 15:36:06    471552    ------w-    c:\windows\system32\dllcache\aclayers.dll
2014-03-31 15:35:55    25088    ------w-    c:\windows\system32\dllcache\hidparse.sys
2014-03-31 15:35:54    14976    ------w-    c:\windows\system32\dllcache\usbscan.sys
2014-03-31 15:35:35    744448    ------w-    c:\windows\system32\dllcache\helpsvc.exe
2014-03-31 15:35:00    81920    ------w-    c:\windows\system32\dllcache\fontsub.dll
2014-03-31 15:35:00    119808    ------w-    c:\windows\system32\dllcache\t2embed.dll
2014-03-31 15:33:25    536576    ------w-    c:\windows\system32\dllcache\msado15.dll
2014-03-31 15:33:24    203136    ------w-    c:\windows\system32\dllcache\rmcast.sys
2014-03-31 15:33:14    331776    ------w-    c:\windows\system32\dllcache\msadce.dll
2014-03-31 15:32:17    105472    ------w-    c:\windows\system32\dllcache\mup.sys
2014-03-31 15:31:22    3558912    ------w-    c:\windows\system32\dllcache\moviemk.exe
2014-03-31 15:31:20    139784    ------w-    c:\windows\system32\dllcache\rdpwd.sys
2014-03-31 15:31:12    5376    ------w-    c:\windows\system32\dllcache\usbd.sys
2014-03-31 15:31:12    32384    ------w-    c:\windows\system32\dllcache\usbccgp.sys
2014-03-31 15:31:12    30336    ------w-    c:\windows\system32\dllcache\usbehci.sys
2014-03-31 15:31:12    144128    ------w-    c:\windows\system32\dllcache\usbport.sys
2014-03-31 15:30:34    718336    ------w-    c:\windows\system32\dllcache\ntdll.dll
2014-03-31 15:30:33    2193536    ------w-    c:\windows\system32\dllcache\ntoskrnl.exe
2014-03-31 15:30:33    2149888    ------w-    c:\windows\system32\dllcache\ntkrnlmp.exe
2014-03-31 15:30:33    2070144    ------w-    c:\windows\system32\dllcache\ntkrnlpa.exe
2014-03-31 15:30:33    2028544    ------w-    c:\windows\system32\dllcache\ntkrpamp.exe
2014-03-31 15:30:26    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
2014-03-31 15:30:23    218112    ------w-    c:\windows\system32\dllcache\wordpad.exe
2014-03-31 15:29:54    --------    d-----w-    c:\documents and settings\ms\local settings\application data\Thunderbird
2014-03-31 15:29:45    10496    ------w-    c:\windows\system32\dllcache\ndistapi.sys
2014-03-31 15:29:21    3072    ------w-    c:\windows\system32\iacenc.dll
2014-03-31 15:29:21    3072    ------w-    c:\windows\system32\dllcache\iacenc.dll
2014-03-31 15:29:18    40960    ------w-    c:\windows\system32\dllcache\ndproxy.sys
2014-03-31 15:28:11    45568    ------w-    c:\windows\system32\dllcache\wab.exe
2014-03-31 08:34:01    --------    d-----w-    c:\documents and settings\ms\local settings\application data\IsolatedStorage
2014-03-31 07:07:59    --------    d-sh--w-    c:\documents and settings\ms\PrivacIE
2014-03-31 06:44:59    --------    d-sh--w-    c:\documents and settings\ms\IETldCache
2014-03-31 06:40:11    --------    d-----w-    c:\documents and settings\ms\local settings\application data\Skype
2014-03-31 06:39:38    --------    d-----r-    c:\program files\Skype
2014-03-31 06:37:41    --------    d-----w-    c:\windows\ie8updates
2014-03-31 06:35:09    --------    d--h--w-    c:\windows\ie8
2014-03-31 06:33:17    522240    ------w-    c:\windows\system32\dllcache\jsdbgui.dll
2014-03-31 06:33:08    6144    ------w-    c:\windows\system32\dllcache\iecompat.dll
2014-03-31 06:33:05    630272    ------w-    c:\windows\system32\dllcache\msfeeds.dll
2014-03-31 06:33:05    55296    ------w-    c:\windows\system32\dllcache\msfeedsbs.dll
2014-03-31 06:33:05    12800    ------w-    c:\windows\system32\dllcache\xpshims.dll
2014-03-31 06:33:04    743424    ------w-    c:\windows\system32\dllcache\iedvtool.dll
2014-03-31 06:33:04    247808    ------w-    c:\windows\system32\dllcache\ieproxy.dll
2014-03-31 06:33:03    2006016    ------w-    c:\windows\system32\dllcache\iertutil.dll
2014-03-31 06:33:01    11113472    ------w-    c:\windows\system32\dllcache\ieframe.dll
2014-03-31 06:29:29    --------    d-----w-    c:\program files\MSECache
2014-03-31 06:28:07    --------    d-----w-    C:\TDDOWNLOAD
2014-03-31 06:23:51    --------    d-----w-    c:\documents and settings\ms\application data\Wise Disk Cleaner
2014-03-31 06:23:48    --------    d-----w-    c:\program files\Wise
2014-03-31 06:13:08    294912    ------w-    c:\program files\windows media player\dlimport.exe
2014-03-31 06:13:05    294912    ------w-    c:\windows\system32\dllcache\dlimport.exe
2014-03-31 06:07:34    19569    ----a-w-    c:\windows\002929_.tmp
2014-03-31 05:51:00    --------    d-----w-    c:\program files\MSXML 6.0
2014-03-31 05:50:56    --------    d-----w-    c:\program files\MSXML 4.0
2014-03-31 04:22:14    378152    ----a-w-    c:\windows\system32\ml32i3.dll
2014-03-31 04:22:14    185640    ----a-w-    c:\windows\system32\mlmodule32.dll
2014-03-31 04:14:26    --------    d-----w-    c:\program files\WinISO
2014-03-31 03:32:15    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 03:32:15    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-30 19:15:14    --------    d-----w-    c:\documents and settings\ms\application data\baiduAddr
2014-03-30 19:13:47    --------    d-----w-    c:\documents and settings\ms\local settings\application data\Pyjj
2014-03-30 19:10:28    --------    d--h--w-    c:\documents and settings\all users\Device
2014-03-30 19:10:16    --------    d-----w-    c:\documents and settings\all users\QvodPlayer
2014-03-30 19:10:15    --------    d-----w-    c:\program files\QvodPlayer
2014-03-30 19:07:05    --------    d-----w-    c:\program files\Vim
2014-03-30 18:39:39    --------    d-----w-    c:\documents and settings\ms\application data\Actual Tools
2014-03-30 18:39:18    --------    d-----w-    c:\program files\ActualWindowMinimizer
2014-03-30 18:36:01    164120    ----a-w-    c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
2014-03-30 18:35:55    --------    d-----w-    c:\program files\Tracker Software
2014-03-30 18:28:30    --------    d-----w-    c:\windows\pss
2014-03-30 18:26:59    18968    ----a-w-    c:\windows\system32\sdnclean.exe
2014-03-30 18:26:52    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2014-03-30 18:18:21    --------    d-----w-    c:\windows\system32\appmgmt
.
==================== Find3M  ====================
.
2014-02-25 00:46:36    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-25 00:45:58    43520    ------w-    c:\windows\system32\licmgr10.dll
2014-02-25 00:45:58    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2014-02-25 00:45:42    18944    ------w-    c:\windows\system32\corpol.dll
2014-02-24 23:54:22    385024    ------w-    c:\windows\system32\html.iec
2014-02-07 01:01:38    1879040    ----a-w-    c:\windows\system32\win32k.sys
2014-02-05 07:55:04    562688    ----a-w-    c:\windows\system32\qedit.dll
.
============= FINISH: 23:03:02.68 ===============



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:56 PM

Posted 18 April 2014 - 08:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your DDS log is not showing any virus protection program.
 

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free versions of commercial antiviruses. Be sure to only install one.
AVG.
If you install AVG it will install Chrome unless you deny it.
avast!.
AVAST will install the Google Chrome if not already installed. If you do not want to keep it just remove it using the Add/Remove Programs list.
AntiVir



Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

#5 bsmile

bsmile
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 18 April 2014 - 11:24 AM

From  AdwCleaner.exe:

 

# AdwCleaner v3.023 - Report created 18/04/2014 at 11:05:26
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : MS - X6X8-15CE047435
# Running from : C:\Documents and Settings\MS\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\MS\Application Data\Mozilla\Firefox\Profiles\m4j09occ.default\prefs.js ]


-\\ Google Chrome v34.0.1847.116

[ File : C:\Documents and Settings\MS\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [958 octets] - [18/04/2014 11:00:56]
AdwCleaner[R1].txt - [879 octets] - [18/04/2014 11:05:26]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [938 octets] ##########
 

 

From Farbar Recovery Scan Tool:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-04-2014 01
Ran by MS (administrator) on X6X8-15CE047435 on 18-04-2014 11:12:01
Running from D:\temp
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Lenovo) C:\WINDOWS\system32\ibmpmsvc.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Lenovo Group Limited) C:\WINDOWS\system32\tp4serv.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Lenovo Group Ltd.) C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
(Lenovo Group Limited) C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Google Inc.) C:\Program Files\Google\Gmail Notifier\gnotify.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Lenovo Group Limited) C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Actual Tools) C:\Program Files\ActualWindowMinimizer\ActualWindowMinimizerCenter.exe
() C:\Program Files\Belkin\F9L1101\V1\PBN.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Lenovo Group Limited) C:\WINDOWS\system32\IPSSVC.EXE
(Atheros) C:\WINDOWS\system32\acs.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\conime.exe
(Lenovo.) C:\WINDOWS\System32\TPHDEXLG.exe
(Intel Corporation) C:\Program Files\Intel\AMT\UNS.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Simon Tatham) D:\software\putty.exe
(Simon Tatham) D:\software\putty.exe
(Simon Tatham) D:\software\putty.exe
(Simon Tatham) D:\software\putty.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
(Tracker Software Products Ltd.) C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
(MacKichan Software) C:\swp50\swp-pro.exe
(Simon Tatham) D:\software\putty.exe
(Simon Tatham) D:\software\putty.exe
(Simon Tatham) D:\software\putty.exe
(Simon Tatham) D:\software\putty.exe
(Simon Tatham) D:\software\putty.exe
(Design Science, Inc.) C:\Program Files\MathType\MathType.exe
() C:\cygwin\usr\X11R6\bin\XWin.exe
() C:\cygwin\bin\xterm.exe
() C:\cygwin\bin\bash.exe
() C:\Documents and Settings\MS\Desktop\adwcleaner.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [TrackPointSrv] => C:\WINDOWS\system32\tp4serv.exe [94208 2005-07-13] (Lenovo Group Limited)
HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [243248 2007-04-27] (Lenovo Group Ltd.)
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [59680 2008-03-26] (Lenovo Group Limited)
HKLM\...\Run: [LPManager] => C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [144728 2008-01-11] (Lenovo Group Limited)
HKLM\...\Run: [PWRMGRTR] => C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL [294912 2008-01-11] (Lenovo Group Limited)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1036288 2008-04-24] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [831488 2007-08-08] (Analog Devices, Inc.)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [66928 2008-02-13] (Lenovo Group Limited)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [181536 2007-11-22] (Lenovo.)
HKLM\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] => C:\Program Files\Google\Gmail Notifier\gnotify.exe [479232 2005-07-16] (Google Inc.)
HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [408088 2007-09-07] (Intel Corporation)
HKLM\...\Run: [AwaySch] => C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [91688 2006-11-07] (Lenovo Group Limited)
HKLM\...\Run: [BLOG] => C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL [208896 2008-01-11] ()
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [LPMailChecker] => C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE [124248 2008-01-11] (Lenovo Group Limited)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [MSConfig] => C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [169984 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [QvodTerminal] => C:\Program Files\QvodPlayer\QvodTerminal.exe [1265280 2013-06-20] (Shenzhen QVOD Technology Co.,Ltd)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Winlogon\Notify\tpfnf2: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
Winlogon\Notify\tphotkey: C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
HKU\S-1-5-21-3157420313-386968922-1484442023-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20924544 2014-03-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3157420313-386968922-1484442023-1003\...\Run: [Actual Window Minimizer] => C:\Program Files\ActualWindowMinimizer\ActualWindowMinimizerCenter.exe [942080 2008-10-18] (Actual Tools)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin USB Wireless Adaptor Utility.lnk
ShortcutTarget: Belkin USB Wireless Adaptor Utility.lnk -> C:\Program Files\Belkin\F9L1101\V1\PBN.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - DefaultScope {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_oem_dg&ch=33
SearchScopes: HKCU - {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_oem_dg&ch=33
BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files\QvodPlayer\QvodExtend\5.0.91.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 147.155.199.4 147.155.92.5 147.155.91.12

FireFox:
========
FF ProfilePath: C:\Documents and Settings\MS\Application Data\Mozilla\Firefox\Profiles\m4j09occ.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @qvod.com/QvodInsert - C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @qvod.com/QvodShare - C:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKCU: @qvod.com/QvodInsert - C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDapCtrlFirefox.dll (ShenZhen Thunder Networking Technologies Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Extension: Zotero - C:\Documents and Settings\MS\Application Data\Mozilla\Firefox\Profiles\m4j09occ.default\Extensions\zotero@chnm.gmu.edu.xpi [2014-04-17]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\MS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Gmail) - C:\Documents and Settings\MS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
CHR Extension: (Google Drive) - C:\Documents and Settings\MS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (Google Search) - C:\Documents and Settings\MS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (Google Wallet) - C:\Documents and Settings\MS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (YouTube) - C:\Documents and Settings\MS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Unblock Youku) - C:\Documents and Settings\MS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-04-05]

========================== Services (Whitelisted) =================

R2 acs; C:\WINDOWS\system32\acs.exe [364629 2007-03-21] (Atheros)
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [182808 2007-09-07] (Intel Corporation)
R2 IPSSVC; C:\WINDOWS\system32\IPSSVC.EXE [108080 2007-01-30] (Lenovo Group Limited)
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-06-01] (Intel Corporation )
S4 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [1464856 2007-09-07] (Intel Corporation)
S2 WLANBelkinService; C:\Program Files\Belkin\F9L1101\V1\wlansrv.exe [86016 2012-10-05] ()

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\Drivers\abp480n5.sys [23552 2001-08-16] (Microsoft Corporation)
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21393 2008-08-27] (Cisco Systems, Inc.)
S3 AmdK8; C:\WINDOWS\System32\DRIVERS\amdk8.sys [41984 2005-05-21] (Advanced Micro Devices)
R3 atmeltpm; C:\WINDOWS\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
S3 BCMH43XX; C:\WINDOWS\System32\DRIVERS\bcmwlhigh5.sys [642432 2009-11-06] (Broadcom Corporation)
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211456 2007-11-01] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2007-11-01] (Conexant Systems, Inc.)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)
S3 iAimFP5; C:\WINDOWS\System32\DRIVERS\wADV07nt.sys [11807 2004-08-03] (Intel® Corporation)
S3 iAimFP6; C:\WINDOWS\System32\DRIVERS\wADV08nt.sys [11295 2004-08-03] (Intel® Corporation)
S3 iAimFP7; C:\WINDOWS\System32\DRIVERS\wADV09nt.sys [11871 2004-08-03] (Intel® Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)
S3 iAimTV5; C:\WINDOWS\System32\DRIVERS\wATV10nt.sys [25471 2004-08-03] (Intel® Corporation)
S3 iAimTV6; C:\WINDOWS\System32\DRIVERS\wATV06nt.sys [22271 2004-08-03] (Intel® Corporation)
S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2208512 2007-06-21] (Intel Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R2 PROCDD; C:\WINDOWS\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [685816 2008-08-27] ()
R3 Tp4Track; C:\WINDOWS\System32\DRIVERS\tp4track.sys [13840 2005-07-13] (Lenovo Group Limited)
R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17845 2007-11-15] (Lenovo Group Limited)
R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [4442 2008-01-11] ()
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [4608 2008-03-26] ()
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [57344 2007-07-03] (Atheros Communications, Inc.)
U3 avxrtd1j; C:\WINDOWS\system32\Drivers\avxrtd1j.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\MS\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 mbr; \??\C:\DOCUME~1\MS\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-18 11:11 - 2014-04-18 11:11 - 00000000 ____D () C:\FRST
2014-04-18 11:00 - 2014-04-18 11:00 - 01426178 _____ () C:\Documents and Settings\MS\Desktop\adwcleaner.exe
2014-04-18 11:00 - 2014-04-18 11:00 - 00000000 ____D () C:\AdwCleaner
2014-04-17 01:12 - 2014-04-17 01:12 - 00000643 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Zotero Standalone.lnk
2014-04-17 01:12 - 2014-04-17 01:12 - 00000637 _____ () C:\Documents and Settings\All Users\Desktop\Zotero Standalone.lnk
2014-04-17 01:12 - 2014-04-17 01:12 - 00000000 ____D () C:\Program Files\Zotero Standalone
2014-04-17 01:12 - 2014-04-17 01:12 - 00000000 ____D () C:\Documents and Settings\MS\Local Settings\Application Data\Zotero
2014-04-17 01:12 - 2014-04-17 01:12 - 00000000 ____D () C:\Documents and Settings\MS\Application Data\Zotero
2014-04-16 23:11 - 2014-04-16 23:11 - 00000000 __SHD () C:\Recycled
2014-04-15 13:01 - 2014-04-15 13:01 - 00114640 _____ () C:\Documents and Settings\MS\Application Data\GDIPFONTCACHEV1.DAT
2014-04-09 16:51 - 2014-04-09 16:51 - 00000000 ____D () C:\Program Files\MathType
2014-04-09 16:51 - 2014-04-09 16:51 - 00000000 ____D () C:\Documents and Settings\MS\Application Data\Design Science
2014-04-09 16:51 - 2014-04-09 16:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MathType 6
2014-04-09 14:50 - 2014-04-03 15:39 - 00452591 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140409-145050.backup
2014-04-09 11:58 - 2014-04-16 23:03 - 00018836 _____ () C:\Documents and Settings\MS\Desktop\dds.txt
2014-04-09 01:07 - 2014-04-18 10:59 - 00020864 _____ () C:\WINDOWS\system32\TPAPSLOG.LOG
2014-04-09 00:58 - 2014-04-09 00:58 - 00000000 ___SD () C:\ComboFix
2014-04-06 21:10 - 2014-04-17 09:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-06 21:10 - 2014-04-09 01:05 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-06 21:10 - 2014-04-06 21:10 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-04-05 22:28 - 2014-04-18 10:38 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-05 22:28 - 2014-04-17 22:38 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-05 22:28 - 2014-04-11 09:42 - 00001717 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-05 22:28 - 2014-04-05 22:28 - 00000000 ____D () C:\Documents and Settings\MS\Local Settings\Application Data\Google
2014-04-05 22:28 - 2014-04-05 22:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-04-05 11:13 - 2014-04-09 00:59 - 00012556 _____ () C:\WINDOWS\system32\_WLANBelkinServiceRun_.txt
2014-04-05 11:13 - 2014-04-05 11:22 - 00000286 _____ () C:\WINDOWS\system32\_WLANBelkinService.txt
2014-04-05 11:12 - 2014-04-05 11:12 - 00000000 ____D () C:\WINDOWS\{FF6654AC-6C49-4BA9-B6CC-868D13DE0321}
2014-04-05 11:12 - 2014-04-05 11:12 - 00000000 ____D () C:\Program Files\Belkin
2014-04-03 22:57 - 2014-04-03 22:57 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache
2014-04-03 22:57 - 2014-04-03 22:57 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
2014-04-03 15:39 - 2014-04-01 11:32 - 00452591 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140403-153922.backup
2014-04-03 15:22 - 2014-04-03 15:22 - 00000375 _____ () C:\Documents and Settings\MS\Desktop\putty.exe.lnk
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\Program Files\jj5.2
2014-04-02 11:08 - 2014-04-02 11:08 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-02 10:18 - 2014-04-02 10:18 - 00000000 ____D () C:\Program Files\jj
2014-04-02 10:18 - 2014-04-02 10:18 - 00000000 ____D () C:\Documents and Settings\MS\Local Settings\Application Data\jjtmp
2014-04-01 11:35 - 2014-04-01 11:35 - 00000000 _RSHD () C:\cmdcons
2014-04-01 11:35 - 2014-04-01 02:59 - 00000237 _____ () C:\Boot.bak
2014-04-01 11:35 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-04-01 11:33 - 2014-04-01 11:33 - 00000000 ____D () C:\WINDOWS\erdnt
2014-04-01 11:33 - 2014-04-01 11:33 - 00000000 ____D () C:\Qoobox
2014-04-01 11:33 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-04-01 11:33 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-04-01 11:33 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-04-01 11:33 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-04-01 11:33 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-04-01 11:33 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-04-01 11:33 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-04-01 11:33 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-04-01 11:33 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-04-01 11:32 - 2014-03-30 13:49 - 00452591 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140401-113252.backup
2014-04-01 11:07 - 2014-04-12 17:39 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 11:06 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-01 11:06 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-01 11:06 - 2014-04-01 11:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-01 11:06 - 2014-04-01 11:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-01 11:06 - 2014-04-01 11:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-01 10:56 - 2014-04-18 10:53 - 00000600 _____ () C:\Documents and Settings\MS\Local Settings\Application Data\PUTTY.RND
2014-03-31 22:06 - 2014-04-16 22:51 - 01498134 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3157420313-386968922-1484442023-1003-0.dat
2014-03-31 22:05 - 2014-04-16 22:51 - 00266066 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-03-31 22:04 - 2014-03-31 22:04 - 00053513 _____ () C:\WINDOWS\KB2387149.log
2014-03-31 22:04 - 2014-03-31 22:04 - 00053033 _____ () C:\WINDOWS\KB951376-v2.log
2014-03-31 22:04 - 2014-03-31 22:04 - 00052132 _____ () C:\WINDOWS\KB946648.log
2014-03-31 22:04 - 2014-03-31 22:04 - 00048942 _____ () C:\WINDOWS\KB2659262.log
2014-03-31 22:04 - 2014-03-31 22:04 - 00047864 _____ () C:\WINDOWS\KB2564958.log
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB960859$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB959426$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB952954$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB951376-v2$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB946648$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2868626$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2712808$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2659262$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2564958$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2479943$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2387149$
2014-03-31 22:03 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2916036$
2014-03-31 22:03 - 2014-03-31 22:03 - 00049793 _____ () C:\WINDOWS\KB2536276-v2.log
2014-03-31 22:03 - 2014-03-31 22:03 - 00046865 _____ () C:\WINDOWS\KB2296011.log
2014-03-31 22:03 - 2014-03-31 22:03 - 00046099 _____ () C:\WINDOWS\KB2834886.log
2014-03-31 22:03 - 2014-03-31 22:03 - 00045774 _____ () C:\WINDOWS\KB2900986.log
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2900986$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2834886$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2758857$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2691442$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2631813$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2585542$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2544893-v2$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2536276-v2$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2478971$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2296011$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2115168$
2014-03-31 22:02 - 2014-03-31 22:03 - 00046734 _____ () C:\WINDOWS\KB975558.log
2014-03-31 22:02 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB975558_WM8$
2014-03-31 22:02 - 2014-03-31 22:02 - 00050850 _____ () C:\WINDOWS\KB955759.log
2014-03-31 22:02 - 2014-03-31 22:02 - 00047685 _____ () C:\WINDOWS\KB2229593.log
2014-03-31 22:02 - 2014-03-31 22:02 - 00045038 _____ () C:\WINDOWS\KB2378111.log
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB974318$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB969059$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB955759$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB951978$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2847311$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2802968$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2655992$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2443105$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2378111_WM9$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2229593$
2014-03-31 22:01 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB950974$
2014-03-31 22:01 - 2014-03-31 22:01 - 00046166 _____ () C:\WINDOWS\KB2485663.log
2014-03-31 22:01 - 2014-03-31 22:01 - 00045943 _____ () C:\WINDOWS\KB2686509.log
2014-03-31 22:01 - 2014-03-31 22:01 - 00044663 _____ () C:\WINDOWS\KB2862335.log
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB982132$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB978338$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB975713$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB971657$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB954155_WM9$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2898715$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2862335$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2686509$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2598479$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2485663$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2481109$
2014-03-31 22:00 - 2014-03-31 22:01 - 00041419 _____ () C:\WINDOWS\KB954155.log
2014-03-31 22:00 - 2014-03-31 22:00 - 00053013 _____ () C:\WINDOWS\KB956572.log
2014-03-31 22:00 - 2014-03-31 22:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB974112$
2014-03-31 22:00 - 2014-03-31 22:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB972270$
2014-03-31 22:00 - 2014-03-31 22:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB956572$
2014-03-31 22:00 - 2014-03-31 22:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2780091$
2014-03-31 22:00 - 2014-03-31 22:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2507938$
2014-03-31 21:53 - 2014-03-31 22:04 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-31 21:00 - 2014-03-31 22:00 - 00040149 _____ () C:\WINDOWS\KB2904266.log
2014-03-31 21:00 - 2014-03-31 22:00 - 00006616 _____ () C:\WINDOWS\system32\TZLog.log
2014-03-31 21:00 - 2014-03-31 21:00 - 00042177 _____ () C:\WINDOWS\KB956844.log
2014-03-31 21:00 - 2014-03-31 21:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB956844$
2014-03-31 21:00 - 2014-03-31 21:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2904266$
2014-03-31 21:00 - 2014-03-31 21:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2876217$
2014-03-31 21:00 - 2014-03-31 21:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2347290$
2014-03-31 20:59 - 2014-03-31 21:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2483185$
2014-03-31 20:59 - 2014-03-31 20:59 - 00040792 _____ () C:\WINDOWS\KB973869.log
2014-03-31 20:59 - 2014-03-31 20:59 - 00039923 _____ () C:\WINDOWS\KB2592799.log
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB979687$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB975560$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB975025$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB974571$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB973869$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB952004$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2864063$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2862152$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2719985$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2592799$
2014-03-31 20:58 - 2014-03-31 20:58 - 00039176 _____ () C:\WINDOWS\KB2535512.log
2014-03-31 20:58 - 2014-03-31 20:58 - 00038889 _____ () C:\WINDOWS\KB2807986.log
2014-03-31 20:58 - 2014-03-31 20:58 - 00038188 _____ () C:\WINDOWS\KB950762.log
2014-03-31 20:58 - 2014-03-31 20:58 - 00037633 _____ () C:\WINDOWS\KB952287.log
2014-03-31 20:58 - 2014-03-31 20:58 - 00036847 _____ () C:\WINDOWS\KB2570947.log
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB977816$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB973507$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB952287$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB950762$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2876331$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2868038$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2859537$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2850869$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2807986$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2770660$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2570947$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2535512$
2014-03-31 20:57 - 2014-03-31 22:07 - 00001913 _____ () C:\WINDOWS\spupdsvc.log
2014-03-31 20:57 - 2014-03-31 22:02 - 00000562 _____ () C:\WINDOWS\wmsetup.log
2014-03-31 20:57 - 2014-03-31 20:58 - 00037388 _____ () C:\WINDOWS\KB2868038.log
2014-03-31 20:57 - 2014-03-31 20:58 - 00031132 _____ () C:\WINDOWS\KB978695.log
2014-03-31 20:57 - 2014-03-31 20:57 - 00040252 _____ () C:\WINDOWS\KB973904.log
2014-03-31 20:57 - 2014-03-31 20:57 - 00035826 _____ () C:\WINDOWS\KB2603381.log
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB974392$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB973904$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB973540_WM9$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2893294$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2820917$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2757638$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2653956$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2603381$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2508429$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2419632$
2014-03-31 20:56 - 2014-03-31 20:56 - 00029443 _____ () C:\WINDOWS\KB2698365.log
2014-03-31 20:56 - 2014-03-31 20:56 - 00023060 _____ () C:\WINDOWS\KB952069.log
2014-03-31 20:56 - 2014-03-31 20:56 - 00019051 _____ () C:\WINDOWS\KB2803821-v2.log
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB977914$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB971029$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB952069_WM9$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2892075$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2749655$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2698365$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2619339$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2506212$
2014-03-31 20:55 - 2014-03-31 20:55 - 00026215 _____ () C:\WINDOWS\KB2723135-v2.log
2014-03-31 20:55 - 2014-03-31 20:55 - 00025523 _____ () C:\WINDOWS\KB981997.log
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB981997$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB979482$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB979309$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB978706$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB978542$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB973815$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB960803$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2862330$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2813345$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2727528$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-03-31 20:54 - 2014-03-31 20:54 - 00308416 _____ () C:\WINDOWS\msxml4-KB973688-enu.LOG
2014-03-31 20:54 - 2014-03-31 20:54 - 00302348 _____ () C:\WINDOWS\msxml4-KB954430-enu.LOG
2014-03-31 20:54 - 2014-03-31 20:54 - 00026818 _____ () C:\WINDOWS\KB2393802.log
2014-03-31 20:54 - 2014-03-31 20:54 - 00024590 _____ () C:\WINDOWS\KB2510531-IE8.log
2014-03-31 20:54 - 2014-03-31 20:54 - 00022216 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-03-31 20:54 - 2014-03-31 20:54 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB982665$
2014-03-31 20:54 - 2014-03-31 20:54 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB923561$
2014-03-31 20:54 - 2014-03-31 20:54 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2676562$
2014-03-31 20:54 - 2014-03-31 20:54 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2509553$
2014-03-31 20:54 - 2014-03-31 20:54 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2478960$
2014-03-31 20:54 - 2014-03-31 20:54 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2393802$
2014-03-31 20:53 - 2014-03-31 22:04 - 00854350 _____ () C:\WINDOWS\iis6.log
2014-03-31 20:53 - 2014-03-31 22:04 - 00791409 _____ () C:\WINDOWS\FaxSetup.log
2014-03-31 20:53 - 2014-03-31 22:04 - 00378368 _____ () C:\WINDOWS\ocgen.log
2014-03-31 20:53 - 2014-03-31 22:04 - 00361137 _____ () C:\WINDOWS\tsoc.log
2014-03-31 20:53 - 2014-03-31 22:04 - 00263178 _____ () C:\WINDOWS\comsetup.log
2014-03-31 20:53 - 2014-03-31 22:04 - 00241456 _____ () C:\WINDOWS\msmqinst.log
2014-03-31 20:53 - 2014-03-31 22:04 - 00159333 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-31 20:53 - 2014-03-31 22:04 - 00138624 _____ () C:\WINDOWS\netfxocm.log
2014-03-31 20:53 - 2014-03-31 22:04 - 00054400 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-31 20:53 - 2014-03-31 22:04 - 00043776 _____ () C:\WINDOWS\ocmsn.log
2014-03-31 20:53 - 2014-03-31 22:04 - 00039808 _____ () C:\WINDOWS\tabletoc.log
2014-03-31 20:53 - 2014-03-31 22:04 - 00039552 _____ () C:\WINDOWS\msgsocm.log
2014-03-31 20:53 - 2014-03-31 22:04 - 00029024 _____ () C:\WINDOWS\updspapi.log
2014-03-31 20:53 - 2014-03-31 20:54 - 00023990 _____ () C:\WINDOWS\KB923561.log
2014-03-31 20:53 - 2014-03-31 20:53 - 00020908 _____ () C:\WINDOWS\KB2566454.log
2014-03-31 20:53 - 2014-03-31 20:53 - 00020553 _____ () C:\WINDOWS\KB2661637.log
2014-03-31 20:53 - 2014-03-31 20:53 - 00018247 _____ () C:\WINDOWS\KB2914368.log
2014-03-31 20:53 - 2014-03-31 20:53 - 00018032 _____ () C:\WINDOWS\KB2423089.log
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB975467$
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB968389$
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2914368$
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2661637$
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2620712$
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2584146$
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2566454$
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2423089$
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-03-31 17:03 - 2014-03-31 17:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2014-03-31 17:03 - 2007-02-13 20:23 - 00103424 _____ (Hewlett-Packard Corporation) C:\WINDOWS\system32\hpzpnp.dll
2014-03-31 17:03 - 2006-11-16 19:16 - 00038912 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\HPBPRO.DLL
2014-03-31 17:03 - 2006-11-16 19:16 - 00024576 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\HPBMIAPI.DLL
2014-03-31 17:03 - 2006-11-16 19:16 - 00007680 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\HPBPROPS.DLL
2014-03-31 17:03 - 2006-11-16 19:16 - 00007680 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\HPBOIDPS.DLL
2014-03-31 17:03 - 2006-11-16 19:15 - 00025600 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\HPBOID.DLL
2014-03-31 17:03 - 2006-11-02 19:32 - 00018747 _____ () C:\WINDOWS\system32\hpceac06.hpi
2014-03-31 17:03 - 2006-09-01 15:18 - 00020480 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPZISN12.DLL
2014-03-31 17:03 - 2006-09-01 14:29 - 00030208 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPZIPT12.DLL
2014-03-31 17:03 - 2006-08-31 19:34 - 00033792 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPZIPR12.DLL
2014-03-31 17:03 - 2006-08-31 19:19 - 00049152 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPZIDR12.DLL
2014-03-31 17:03 - 2006-06-06 14:20 - 00241721 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPBMINI.DLL
2014-03-31 17:03 - 2006-05-11 18:15 - 00052736 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPZIPM12.DLL
2014-03-31 17:03 - 2006-05-11 18:15 - 00043520 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPZINW12.DLL
2014-03-31 17:03 - 2005-06-20 14:33 - 00163840 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPJCMN2U.DLL
2014-03-31 17:03 - 2005-06-20 14:33 - 00094208 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPJIPX1U.DLL
2014-03-31 17:03 - 2005-06-20 14:33 - 00049152 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPBNRAC2.DLL
2014-03-31 10:37 - 2014-03-31 22:04 - 00067856 _____ () C:\WINDOWS\KB952954.log
2014-03-31 10:37 - 2014-03-31 22:04 - 00066907 _____ () C:\WINDOWS\KB959426.log
2014-03-31 10:37 - 2014-03-31 22:04 - 00066069 _____ () C:\WINDOWS\KB2868626.log
2014-03-31 10:37 - 2010-09-18 00:53 - 00953856 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mfc40u.dll
2014-03-31 10:37 - 2008-06-13 05:05 - 00272128 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bthport.sys
2014-03-31 10:36 - 2014-03-31 22:04 - 00067635 _____ () C:\WINDOWS\KB960859.log
2014-03-31 10:36 - 2014-03-31 22:04 - 00067491 _____ () C:\WINDOWS\KB2712808.log
2014-03-31 10:36 - 2014-03-31 22:04 - 00067273 _____ () C:\WINDOWS\KB2479943.log
2014-03-31 10:36 - 2014-03-31 22:04 - 00062883 _____ () C:\WINDOWS\KB2916036.log
2014-03-31 10:36 - 2014-03-31 22:03 - 00065445 _____ () C:\WINDOWS\KB2585542.log
2014-03-31 10:36 - 2014-03-31 22:03 - 00065301 _____ () C:\WINDOWS\KB2478971.log
2014-03-31 10:36 - 2014-03-31 22:03 - 00064749 _____ () C:\WINDOWS\KB2691442.log
2014-03-31 10:36 - 2014-03-31 22:03 - 00064563 _____ () C:\WINDOWS\KB2758857.log
2014-03-31 10:36 - 2014-03-31 22:03 - 00064390 _____ () C:\WINDOWS\KB2631813.log
2014-03-31 10:36 - 2014-03-31 22:03 - 00064283 _____ () C:\WINDOWS\KB2115168.log
2014-03-31 10:36 - 2014-03-31 22:03 - 00064100 _____ () C:\WINDOWS\KB2544893-v2.log
2014-03-31 10:36 - 2014-03-31 22:02 - 00062610 _____ () C:\WINDOWS\KB2802968.log
2014-03-31 10:36 - 2014-03-31 22:02 - 00060419 _____ () C:\WINDOWS\KB2847311.log
2014-03-31 10:36 - 2011-07-15 07:29 - 00456320 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mrxsmb.sys
2014-03-31 10:36 - 2010-08-23 10:12 - 00617472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\comctl32.dll
2014-03-31 10:36 - 2009-11-21 09:51 - 00471552 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aclayers.dll
2014-03-31 10:35 - 2014-03-31 22:02 - 00065704 _____ () C:\WINDOWS\KB951978.log
2014-03-31 10:35 - 2014-03-31 22:02 - 00063364 _____ () C:\WINDOWS\KB974318.log
2014-03-31 10:35 - 2014-03-31 22:02 - 00063351 _____ () C:\WINDOWS\KB2655992.log
2014-03-31 10:35 - 2014-03-31 22:02 - 00061923 _____ () C:\WINDOWS\KB950974.log
2014-03-31 10:35 - 2014-03-31 22:02 - 00061704 _____ () C:\WINDOWS\KB2443105.log
2014-03-31 10:35 - 2014-03-31 22:02 - 00061495 _____ () C:\WINDOWS\KB969059.log
2014-03-31 10:35 - 2014-03-31 22:01 - 00063278 _____ () C:\WINDOWS\KB2481109.log
2014-03-31 10:35 - 2014-03-31 22:01 - 00061795 _____ () C:\WINDOWS\KB2598479.log
2014-03-31 10:35 - 2014-03-31 22:01 - 00060975 _____ () C:\WINDOWS\KB975713.log
2014-03-31 10:35 - 2014-03-31 22:01 - 00060574 _____ () C:\WINDOWS\KB978338.log
2014-03-31 10:35 - 2014-03-31 22:01 - 00060342 _____ () C:\WINDOWS\KB2898715.log
2014-03-31 10:35 - 2014-03-31 22:01 - 00059954 _____ () C:\WINDOWS\KB971657.log
2014-03-31 10:35 - 2014-03-31 22:01 - 00059865 _____ () C:\WINDOWS\KB2507938.log
2014-03-31 10:35 - 2014-03-31 22:01 - 00059814 _____ () C:\WINDOWS\KB982132.log
2014-03-31 10:35 - 2014-03-31 22:01 - 00057793 _____ () C:\WINDOWS\KB2929961.log
2014-03-31 10:35 - 2014-03-31 22:00 - 00061592 _____ () C:\WINDOWS\KB2780091.log
2014-03-31 10:35 - 2013-07-02 20:12 - 00025088 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2014-03-31 10:35 - 2013-07-02 19:59 - 00014976 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2014-03-31 10:35 - 2010-08-27 02:02 - 00119808 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\t2embed.dll
2014-03-31 10:35 - 2010-06-14 08:31 - 00744448 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\helpsvc.exe
2014-03-31 10:35 - 2009-10-15 10:28 - 00081920 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fontsub.dll
2014-03-31 10:34 - 2014-03-31 22:00 - 00059624 _____ () C:\WINDOWS\KB974112.log
2014-03-31 10:34 - 2014-03-31 21:00 - 00057560 _____ () C:\WINDOWS\KB2483185.log
2014-03-31 10:34 - 2014-03-31 21:00 - 00054446 _____ () C:\WINDOWS\KB2876217.log
2014-03-31 10:34 - 2014-03-31 20:59 - 00058007 _____ () C:\WINDOWS\KB952004.log
2014-03-31 10:34 - 2014-03-31 20:59 - 00057649 _____ () C:\WINDOWS\KB979687.log
2014-03-31 10:34 - 2014-03-31 20:59 - 00055082 _____ () C:\WINDOWS\KB2719985.log
2014-03-31 10:34 - 2014-03-31 20:59 - 00054163 _____ () C:\WINDOWS\KB975025.log
2014-03-31 10:34 - 2014-03-31 20:59 - 00053635 _____ () C:\WINDOWS\KB2930275.log
2014-03-31 10:34 - 2014-03-31 20:59 - 00052842 _____ () C:\WINDOWS\KB2864063.log
2014-03-31 10:34 - 2014-03-31 20:58 - 00051815 _____ () C:\WINDOWS\KB2859537.log
2014-03-31 10:34 - 2014-03-31 20:58 - 00049093 _____ () C:\WINDOWS\KB2876331.log
2014-03-31 10:34 - 2013-07-16 18:58 - 00123008 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2014-03-31 10:34 - 2013-07-16 18:58 - 00060160 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2014-03-31 10:34 - 2013-07-16 18:58 - 00046848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2014-03-31 10:34 - 2013-02-11 18:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2014-03-31 10:34 - 2013-02-11 18:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023.sys
2014-03-31 10:34 - 2009-07-27 16:27 - 00128512 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dhtmled.ocx
2014-03-31 10:34 - 2009-06-21 15:44 - 00153088 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\triedit.dll
2014-03-31 10:34 - 2009-03-06 08:22 - 00284160 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pdh.dll
2014-03-31 10:34 - 2009-02-09 06:10 - 00617472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\advapi32.dll
2014-03-31 10:34 - 2009-02-09 06:10 - 00473600 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fastprox.dll
2014-03-31 10:34 - 2009-02-09 06:10 - 00453120 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiprvsd.dll
2014-03-31 10:34 - 2009-02-09 06:10 - 00401408 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rpcss.dll
2014-03-31 10:34 - 2009-02-06 05:11 - 00110592 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\services.exe
2014-03-31 10:34 - 2009-02-06 04:10 - 00227840 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiprvse.exe
2014-03-31 10:33 - 2014-03-31 20:59 - 00053622 _____ () C:\WINDOWS\KB974571.log
2014-03-31 10:33 - 2014-03-31 20:59 - 00051253 _____ () C:\WINDOWS\KB2862152.log
2014-03-31 10:33 - 2014-03-31 20:58 - 00049523 _____ () C:\WINDOWS\KB2850869.log
2014-03-31 10:33 - 2014-03-31 20:57 - 00050384 _____ () C:\WINDOWS\KB2820917.log
2014-03-31 10:33 - 2014-03-31 20:57 - 00049804 _____ () C:\WINDOWS\KB2757638.log
2014-03-31 10:33 - 2014-03-31 20:57 - 00047233 _____ () C:\WINDOWS\KB2893294.log
2014-03-31 10:33 - 2014-03-31 20:57 - 00044112 _____ () C:\WINDOWS\KB2508429.log
2014-03-31 10:33 - 2014-03-31 20:57 - 00042347 _____ () C:\WINDOWS\KB2749655.log
2014-03-31 10:33 - 2014-03-31 20:56 - 00042285 _____ () C:\WINDOWS\KB971029.log
2014-03-31 10:33 - 2014-03-31 20:56 - 00041414 _____ () C:\WINDOWS\KB2506212.log
2014-03-31 10:33 - 2014-03-31 20:56 - 00040865 _____ () C:\WINDOWS\KB2705219-v2.log
2014-03-31 10:33 - 2014-03-31 20:56 - 00037167 _____ () C:\WINDOWS\KB2892075.log
2014-03-31 10:33 - 2012-05-28 12:16 - 00536576 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msado15.dll
2014-03-31 10:33 - 2008-05-08 08:02 - 00203136 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rmcast.sys
2014-03-31 10:33 - 2008-05-01 08:33 - 00331776 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msadce.dll
2014-03-31 10:32 - 2014-03-31 20:59 - 00052014 _____ () C:\WINDOWS\KB973507.log
2014-03-31 10:32 - 2014-03-31 20:58 - 00052005 _____ () C:\WINDOWS\KB977816.log
2014-03-31 10:32 - 2014-03-31 20:57 - 00055403 _____ () C:\WINDOWS\KB2419632.log
2014-03-31 10:32 - 2014-03-31 20:57 - 00042905 _____ () C:\WINDOWS\KB2653956.log
2014-03-31 10:32 - 2014-03-31 20:57 - 00042059 _____ () C:\WINDOWS\KB974392.log
2014-03-31 10:32 - 2014-03-31 20:56 - 00043477 _____ () C:\WINDOWS\KB977914.log
2014-03-31 10:32 - 2014-03-31 20:56 - 00038733 _____ () C:\WINDOWS\KB2619339.log
2014-03-31 10:32 - 2014-03-31 20:56 - 00038436 _____ () C:\WINDOWS\KB978542.log
2014-03-31 10:32 - 2011-04-21 07:37 - 00105472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mup.sys
2014-03-31 10:31 - 2014-03-31 20:55 - 00042630 _____ () C:\WINDOWS\KB2509553.log
2014-03-31 10:31 - 2014-03-31 20:55 - 00039402 _____ () C:\WINDOWS\KB2813345.log
2014-03-31 10:31 - 2014-03-31 20:55 - 00038178 _____ () C:\WINDOWS\KB960803.log
2014-03-31 10:31 - 2014-03-31 20:55 - 00037855 _____ () C:\WINDOWS\KB2727528.log
2014-03-31 10:31 - 2014-03-31 20:55 - 00037794 _____ () C:\WINDOWS\KB978706.log
2014-03-31 10:31 - 2014-03-31 20:55 - 00037709 _____ () C:\WINDOWS\KB979482.log
2014-03-31 10:31 - 2014-03-31 20:55 - 00037567 _____ () C:\WINDOWS\KB973815.log
2014-03-31 10:31 - 2013-08-08 18:55 - 00144128 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2014-03-31 10:31 - 2013-08-08 18:55 - 00032384 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2014-03-31 10:31 - 2013-08-08 18:55 - 00005376 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2014-03-31 10:31 - 2012-07-04 08:05 - 00139784 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rdpwd.sys
2014-03-31 10:31 - 2010-06-18 07:36 - 03558912 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\moviemk.exe
2014-03-31 10:31 - 2009-03-18 05:02 - 00030336 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2014-03-31 10:30 - 2014-03-31 20:54 - 00042739 _____ () C:\WINDOWS\KB2676562.log
2014-03-31 10:30 - 2014-03-31 20:54 - 00033970 _____ () C:\WINDOWS\KB982665.log
2014-03-31 10:30 - 2014-03-31 20:54 - 00032982 _____ () C:\WINDOWS\KB2620712.log
2014-03-31 10:30 - 2013-11-05 19:03 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsp4res.dll
2014-03-31 10:30 - 2013-07-03 21:03 - 02149888 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2014-03-31 10:30 - 2013-07-03 20:59 - 02193536 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2014-03-31 10:30 - 2013-07-03 20:08 - 02070144 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2014-03-31 10:30 - 2013-07-03 20:08 - 02028544 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2014-03-31 10:30 - 2010-12-09 09:15 - 00718336 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntdll.dll
2014-03-31 10:30 - 2010-07-12 06:55 - 00218112 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wordpad.exe
2014-03-31 10:30 - 2009-11-21 09:51 - 01206508 ____N () C:\WINDOWS\system32\dllcache\sysmain.sdb
2014-03-31 10:29 - 2014-03-31 10:29 - 00000000 ____D () C:\Documents and Settings\MS\Local Settings\Application Data\Thunderbird
2014-03-31 10:29 - 2014-03-31 10:29 - 00000000 ____D () C:\Documents and Settings\MS\Application Data\Thunderbird
2014-03-31 10:29 - 2013-11-27 14:21 - 00040960 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndproxy.sys
2014-03-31 10:29 - 2012-01-11 13:06 - 00003072 ____N () C:\WINDOWS\system32\iacenc.dll
2014-03-31 10:29 - 2012-01-11 13:06 - 00003072 ____N () C:\WINDOWS\system32\dllcache\iacenc.dll
2014-03-31 10:29 - 2011-07-08 08:02 - 00010496 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndistapi.sys
2014-03-31 10:28 - 2014-03-31 20:55 - 00036961 _____ () C:\WINDOWS\KB979309.log
2014-03-31 10:28 - 2014-03-31 20:53 - 00037459 _____ () C:\WINDOWS\KB968389.log
2014-03-31 10:28 - 2014-03-31 20:53 - 00033383 _____ () C:\WINDOWS\KB975467.log
2014-03-31 10:28 - 2014-03-31 20:53 - 00032489 _____ () C:\WINDOWS\KB2584146.log
2014-03-31 10:28 - 2010-10-11 08:59 - 00045568 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wab.exe
2014-03-31 10:25 - 2014-03-31 10:25 - 00001578 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-03-31 10:24 - 2014-04-15 09:29 - 00032733 _____ () C:\WINDOWS\setupapi.log
2014-03-31 03:41 - 2014-03-31 03:41 - 00000000 ____D () C:\Documents and Settings\MS\Desktop\Travel Expense form with instructions
2014-03-31 03:41 - 2014-03-31 03:41 - 00000000 ____D () C:\Documents and Settings\MS\Desktop\PDF_XChange
2014-03-31 03:40 - 2014-03-31 03:40 - 00000000 ____D () C:\Documents and Settings\MS\Desktop\zhongyi
2014-03-31 03:40 - 2014-03-31 03:40 - 00000000 ____D () C:\Documents and Settings\MS\Desktop\RK_Quarantine
2014-03-31 03:40 - 2014-03-31 03:40 - 00000000 ____D () C:\Documents and Settings\MS\Desktop\GC-materials
2014-03-31 03:34 - 2014-03-31 03:34 - 00000000 ____D () C:\Documents and Settings\MS\Local Settings\Application Data\IsolatedStorage
2014-03-31 03:15 - 2014-03-31 03:34 - 00000440 _____ () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
2014-03-31 02:48 - 2014-03-31 02:48 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-31 02:48 - 2014-03-31 02:48 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-03-31 02:07 - 2014-03-31 02:08 - 00000000 __SHD () C:\Documents and Settings\MS\PrivacIE
2014-03-31 01:58 - 2014-04-13 16:39 - 00114640 _____ () C:\Documents and Settings\MS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-31 01:49 - 2014-04-16 22:52 - 00331480 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-31 01:44 - 2014-03-31 01:45 - 00000000 __SHD () C:\Documents and Settings\MS\IETldCache
2014-03-31 01:40 - 2014-03-31 01:40 - 00000000 ____D () C:\Documents and Settings\MS\Local Settings\Application Data\Skype
2014-03-31 01:39 - 2014-03-31 01:39 - 00000000 ___RD () C:\Program Files\Skype
2014-03-31 01:39 - 2014-03-31 01:39 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-31 01:39 - 2014-03-31 01:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-03-31 01:37 - 2014-03-31 01:37 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-31 01:36 - 2014-03-31 01:43 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-03-31 01:35 - 2014-03-31 01:35 - 00000000 ___HD () C:\WINDOWS\ie8
2014-03-31 01:33 - 2014-02-24 19:46 - 00012800 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-03-31 01:33 - 2014-02-24 19:45 - 11113472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-03-31 01:33 - 2014-02-24 19:45 - 02006016 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-03-31 01:33 - 2014-02-24 19:45 - 00743424 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-03-31 01:33 - 2014-02-24 19:45 - 00630272 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-03-31 01:33 - 2014-02-24 19:45 - 00522240 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-03-31 01:33 - 2014-02-24 19:45 - 00247808 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-03-31 01:33 - 2014-02-24 19:45 - 00055296 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-03-31 01:33 - 2011-08-16 18:45 - 00006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll
2014-03-31 01:29 - 2014-03-31 01:29 - 00000000 ____D () C:\Program Files\MSECache
2014-03-31 01:28 - 2014-03-31 01:28 - 00000020 _____ () C:\WINDOWS\system32\pub_store.dat
2014-03-31 01:28 - 2014-03-31 01:28 - 00000000 ____D () C:\TDDOWNLOAD
2014-03-31 01:28 - 2014-03-31 00:00 - 00000135 _____ () C:\WINDOWS\system32\cid_store.dat
2014-03-31 01:28 - 2014-03-30 23:59 - 00000026 _____ () C:\WINDOWS\system32\xlhcc.dat
2014-03-31 01:23 - 2014-03-31 01:23 - 00000000 ____D () C:\Program Files\Wise
2014-03-31 01:23 - 2014-03-31 01:23 - 00000000 ____D () C:\Documents and Settings\MS\Application Data\Wise Disk Cleaner
2014-03-31 01:23 - 2014-03-31 01:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Wise Disk Cleaner
2014-03-31 01:21 - 2014-03-02 14:03 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-31 01:20 - 2014-03-31 01:20 - 00000269 _____ () C:\WINDOWS\system32\spupdwxp.log
2014-03-31 01:14 - 2014-03-31 01:14 - 00000000 ____D () C:\WINDOWS\system32\scripting
2014-03-31 01:14 - 2014-03-31 01:14 - 00000000 ____D () C:\WINDOWS\system32\bits
2014-03-31 01:14 - 2014-03-31 01:14 - 00000000 ____D () C:\WINDOWS\l2schemas
2014-03-31 01:14 - 2013-11-12 19:13 - 00046080 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzchange.exe
2014-03-31 01:14 - 2013-07-16 18:58 - 00046848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irbus.sys
2014-03-31 01:14 - 2012-11-05 20:01 - 01371648 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msxml6.dll
2014-03-31 01:14 - 2009-01-07 18:21 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 04274816 ____N (NVIDIA Corporation) C:\WINDOWS\system32\nv4_disp.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 01737856 ____N (Matrox Graphics Inc.) C:\WINDOWS\system32\mtxparhd.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00712704 ____N (Microsoft Corporation) C:\WINDOWS\system32\windowscodecs.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00412160 ____N (Microsoft Corporation) C:\WINDOWS\system32\photometadatahandler.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00397056 ____N (S3 Graphics, Inc.) C:\WINDOWS\system32\s3gnb.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00346112 ____N (Microsoft Corporation) C:\WINDOWS\system32\windowscodecsext.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00291328 ____N (Microsoft Corporation) C:\WINDOWS\system32\qagentrt.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00290304 ____N (Microsoft Corporation) C:\WINDOWS\system32\rhttpaa.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00286792 ____N (Smart Link) C:\WINDOWS\system32\slextspk.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00276992 ____N (Microsoft Corporation) C:\WINDOWS\system32\wmphoto.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00193024 ____N (Microsoft Corporation) C:\WINDOWS\system32\napmontr.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00188508 ____N (Smart Link) C:\WINDOWS\system32\slgen.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00176640 ____N (Microsoft Corporation) C:\WINDOWS\system32\napstat.exe
2014-03-31 01:14 - 2008-04-14 05:42 - 00155136 ____N (Microsoft Corporation) C:\WINDOWS\system32\mssha.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00150528 ____N (Microsoft Corporation) C:\WINDOWS\system32\qagent.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00144384 ____N (Microsoft Corporation) C:\WINDOWS\system32\onex.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00076800 ____N (Microsoft Corporation) C:\WINDOWS\system32\qutil.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00073832 ____N (Smart Link) C:\WINDOWS\system32\slcoinst.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00073796 ____N (Smart Link) C:\WINDOWS\system32\slserv.exe
2014-03-31 01:14 - 2008-04-14 05:42 - 00069120 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00062464 ____N (Microsoft Corporation) C:\WINDOWS\system32\qcliprov.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00061952 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasqec.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00053248 ____N (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00050688 ____N (Microsoft Corporation) C:\WINDOWS\system32\tspkg.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00033792 ____N (Microsoft Corporation) C:\WINDOWS\system32\mmcperf.exe
2014-03-31 01:14 - 2008-04-14 05:42 - 00032866 ____N (Smart Link) C:\WINDOWS\system32\slrundll.exe
2014-03-31 01:14 - 2008-04-14 05:42 - 00032866 ____N (Smart Link) C:\WINDOWS\slrundll.exe
2014-03-31 01:14 - 2008-04-14 05:42 - 00032768 ____N (Microsoft Corporation) C:\WINDOWS\system32\setupn.exe
2014-03-31 01:14 - 2008-04-14 05:42 - 00030208 ____N (Microsoft Corporation) C:\WINDOWS\system32\napipsec.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00028672 ____N (Microsoft Corporation) C:\WINDOWS\system32\vidcap.ax
2014-03-31 01:14 - 2008-04-14 05:42 - 00028672 ____N (Microsoft Corporation) C:\WINDOWS\system32\verclsid.exe
2014-03-31 01:14 - 2008-04-14 05:42 - 00023040 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ativmvxx.ax
2014-03-31 01:14 - 2008-04-14 05:42 - 00010752 ____N (Microsoft Corporation) C:\WINDOWS\system32\smtpapi.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00009728 ____N (Microsoft Corporation) C:\WINDOWS\system32\rwnh.dll
2014-03-31 01:14 - 2008-04-14 05:42 - 00009728 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ativdaxx.ax
2014-03-31 01:14 - 2008-04-14 05:41 - 01888992 ____N (ATI Technologies Inc. ) C:\WINDOWS\system32\ati3duag.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00870784 ____N (ATI Technologies Inc. ) C:\WINDOWS\system32\ati3d1ag.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00650752 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3ui.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00516768 ____N (ATI Technologies Inc. ) C:\WINDOWS\system32\ativvaxx.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00397312 ____N (Microsoft Corporation) C:\WINDOWS\system32\mmcex.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00377984 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ati2dvaa.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00233472 ____N (Microsoft Corporation) C:\WINDOWS\system32\azroles.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00229376 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ati2cqag.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00201728 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ati2dvag.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00184832 ____N (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00184320 ____N (Microsoft Corporation) C:\WINDOWS\system32\microsoft.managementconsole.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00180224 ____N (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00136192 ____N (Microsoft Corporation) C:\WINDOWS\system32\aaclient.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00132096 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00126976 ____N (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00106496 ____N (Microsoft Corporation) C:\WINDOWS\system32\mmcfxcommon.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00094208 ____N (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00061440 ____N (Microsoft Corporation) C:\WINDOWS\system32\kmsvc.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00059392 ____N (Microsoft Corporation) C:\WINDOWS\system32\eapqec.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00057856 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3cfg.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00056320 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00048640 ____N (Microsoft Corporation) C:\WINDOWS\system32\dhcpqec.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00040960 ____N (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00039936 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3gpclnt.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00039936 ____N (Microsoft Corporation) C:\WINDOWS\system32\dimsroam.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00037376 ____N (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00033792 ____N (Microsoft Corporation) C:\WINDOWS\system32\eapsvc.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00032768 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ativtmxx.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00032285 ____N (Conexant Systems, Inc.) C:\WINDOWS\system32\hsfcisp2.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00030720 ____N (Microsoft Corporation) C:\WINDOWS\system32\eapolqec.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00026112 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00019456 ____N (Microsoft Corporation) C:\WINDOWS\system32\dimsntfy.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00012800 ____N (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00009216 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3dlg.dll
2014-03-31 01:14 - 2008-04-14 05:41 - 00007168 ____N (Microsoft Corporation) C:\WINDOWS\system32\bitsprx4.dll
2014-03-31 01:14 - 2008-04-14 05:40 - 00294912 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msaud32.acm
2014-03-31 01:14 - 2008-04-14 05:40 - 00102912 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dpcdll.dll
2014-03-31 01:14 - 2008-04-14 05:40 - 00086016 ____N (Sipro Lab Telecom Inc.) C:\WINDOWS\system32\dllcache\sl_anet.acm
2014-03-31 01:14 - 2008-04-14 05:39 - 00290816 ____N (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\system32\dllcache\l3codeca.acm
2014-03-31 01:14 - 2008-04-14 05:39 - 00006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdpash.dll
2014-03-31 01:14 - 2008-04-14 05:39 - 00006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdnepr.dll
2014-03-31 01:14 - 2008-04-14 05:39 - 00006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdiultn.dll
2014-03-31 01:14 - 2008-04-14 05:39 - 00006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdbhc.dll
2014-03-31 01:14 - 2008-04-14 00:13 - 00009728 ____N (Microsoft Corporation) C:\WINDOWS\system32\comsdupd.exe
2014-03-31 01:14 - 2008-04-13 23:45 - 00076800 ____N (Microsoft Corporation) C:\WINDOWS\system32\msshavmsg.dll
2014-03-31 01:14 - 2008-04-13 23:09 - 00689152 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsp3res.dll
2014-03-31 01:14 - 2008-04-13 22:58 - 00184959 ____N () C:\WINDOWS\system32\dllcache\compact.wmz
2014-03-31 01:14 - 2008-04-13 22:58 - 00066725 ____N () C:\WINDOWS\system32\dllcache\revert.wmz
2014-03-31 01:14 - 2008-04-13 22:57 - 00079872 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msxml6r.dll
2014-03-31 01:14 - 2007-06-26 11:30 - 00572557 ____N () C:\WINDOWS\system32\dllcache\rtuner.wmv
2014-03-31 01:14 - 2007-06-26 11:30 - 00457607 ____N () C:\WINDOWS\system32\dllcache\mdlib.wmv
2014-03-31 01:14 - 2007-06-26 11:30 - 00381425 ____N () C:\WINDOWS\system32\dllcache\copycd.wmv
2014-03-31 01:14 - 2007-06-26 11:30 - 00375519 ____N () C:\WINDOWS\system32\dllcache\nuskin.wmv
2014-03-31 01:14 - 2007-06-26 11:30 - 00354468 ____N () C:\WINDOWS\system32\dllcache\wmpaud1.wav
2014-03-31 01:14 - 2007-06-26 11:30 - 00343204 ____N () C:\WINDOWS\system32\dllcache\wmpaud7.wav
2014-03-31 01:14 - 2007-06-26 11:30 - 00343204 ____N () C:\WINDOWS\system32\dllcache\wmpaud6.wav
2014-03-31 01:14 - 2007-06-26 11:30 - 00300969 ____N () C:\WINDOWS\system32\dllcache\viz.wmv
2014-03-31 01:14 - 2007-06-26 11:30 - 00172196 ____N () C:\WINDOWS\system32\dllcache\wmpaud9.wav
2014-03-31 01:14 - 2007-06-26 11:30 - 00172196 ____N () C:\WINDOWS\system32\dllcache\wmpaud8.wav
2014-03-31 01:14 - 2007-06-26 11:30 - 00172196 ____N () C:\WINDOWS\system32\dllcache\wmpaud3.wav
2014-03-31 01:14 - 2007-06-26 11:30 - 00086196 ____N () C:\WINDOWS\system32\dllcache\wmpaud5.wav
2014-03-31 01:14 - 2007-06-26 11:30 - 00086180 ____N () C:\WINDOWS\system32\dllcache\wmpaud4.wav
2014-03-31 01:14 - 2007-06-26 11:30 - 00086180 ____N () C:\WINDOWS\system32\dllcache\wmpaud2.wav
2014-03-31 01:14 - 2007-06-26 11:30 - 00022060 ____N () C:\WINDOWS\system32\dllcache\npds.zip
2014-03-31 01:14 - 2007-06-26 11:30 - 00010457 ____N () C:\WINDOWS\system32\dllcache\wmptour.hta
2014-03-31 01:14 - 2007-06-26 11:30 - 00009585 ____N () C:\WINDOWS\system32\dllcache\controls.css
2014-03-31 01:14 - 2007-06-26 11:30 - 00008298 ____N () C:\WINDOWS\system32\dllcache\contents.htm
2014-03-31 01:14 - 2007-06-26 11:30 - 00006878 ____N () C:\WINDOWS\system32\dllcache\controls.js
2014-03-31 01:14 - 2007-06-26 11:30 - 00005971 ____N () C:\WINDOWS\system32\dllcache\events.js
2014-03-31 01:14 - 2007-06-26 11:30 - 00003187 ____N () C:\WINDOWS\system32\dllcache\tour.js
2014-03-31 01:14 - 2007-06-26 11:30 - 00001771 ____N () C:\WINDOWS\system32\dllcache\wmptour.css
2014-03-31 01:14 - 2007-06-26 11:30 - 00001148 ____N () C:\WINDOWS\system32\dllcache\snd.htm
2014-03-31 01:14 - 2007-06-26 11:30 - 00000420 ____N () C:\WINDOWS\system32\dllcache\wmploc.js
2014-03-31 01:14 - 2007-06-26 11:29 - 00097117 ____N () C:\WINDOWS\system32\dllcache\mplayer2.hlp
2014-03-31 01:14 - 2007-06-26 11:29 - 00001885 ____N () C:\WINDOWS\system32\dllcache\mplayer2.cnt
2014-03-31 01:14 - 2007-06-26 11:28 - 00613334 ____N () C:\WINDOWS\system32\dllcache\wmplayer.chm
2014-03-31 01:14 - 2007-06-26 11:28 - 00067374 ____N () C:\WINDOWS\system32\dllcache\wmplayer.adm
2014-03-31 01:14 - 2007-06-26 11:26 - 00077307 ____N () C:\WINDOWS\system32\dllcache\plyr_err.chm
2014-03-31 01:14 - 2007-06-26 11:26 - 00001477 ____N () C:\WINDOWS\system32\dllcache\plylst6.wpl
2014-03-31 01:14 - 2007-06-26 11:26 - 00001477 ____N () C:\WINDOWS\system32\dllcache\plylst5.wpl
2014-03-31 01:14 - 2007-06-26 11:26 - 00001474 ____N () C:\WINDOWS\system32\dllcache\plylst3.wpl
2014-03-31 01:14 - 2007-06-26 11:26 - 00001451 ____N () C:\WINDOWS\system32\dllcache\plylst12.wpl
2014-03-31 01:14 - 2007-06-26 11:26 - 00001448 ____N () C:\WINDOWS\system32\dllcache\plylst4.wpl
2014-03-31 01:14 - 2007-06-26 11:26 - 00001250 ____N () C:\WINDOWS\system32\dllcache\plylst1.wpl
2014-03-31 01:14 - 2007-06-26 11:26 - 00001049 ____N () C:\WINDOWS\system32\dllcache\plylst2.wpl
2014-03-31 01:14 - 2007-06-26 11:26 - 00001046 ____N () C:\WINDOWS\system32\dllcache\plylst7.wpl
2014-03-31 01:14 - 2007-06-26 11:26 - 00001036 ____N () C:\WINDOWS\system32\dllcache\plylst8.wpl
2014-03-31 01:14 - 2007-06-26 11:26 - 00000789 ____N () C:\WINDOWS\system32\dllcache\plylst11.wpl
2014-03-31 01:14 - 2007-06-26 11:26 - 00000787 ____N () C:\WINDOWS\system32\dllcache\plylst10.wpl
2014-03-31 01:14 - 2007-06-26 11:26 - 00000784 ____N () C:\WINDOWS\system32\dllcache\plylst9.wpl
2014-03-31 01:14 - 2007-06-26 11:26 - 00000783 ____N () C:\WINDOWS\system32\dllcache\plylst13.wpl
2014-03-31 01:14 - 2007-06-26 11:26 - 00000775 ____N () C:\WINDOWS\system32\dllcache\plylst14.wpl
2014-03-31 01:14 - 2007-06-26 11:26 - 00000733 ____N () C:\WINDOWS\system32\dllcache\plylst15.wpl
2014-03-31 01:14 - 2007-06-26 11:26 - 00000403 ____N () C:\WINDOWS\system32\dllcache\npdrmv2.zip
2014-03-31 01:14 - 2007-04-02 23:21 - 00023195 ____N () C:\WINDOWS\system32\dllcache\wmplay.chm
2014-03-31 01:13 - 2008-04-14 05:42 - 00294912 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dlimport.exe
2014-03-31 01:11 - 2013-07-16 18:58 - 00123008 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2014-03-31 01:11 - 2013-02-11 18:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023x.sys
2014-03-31 01:11 - 2008-06-13 05:05 - 00272128 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-03-31 01:11 - 2008-04-14 00:26 - 00030592 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismpx.sys
2014-03-31 01:11 - 2008-04-14 00:21 - 00101120 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2014-03-31 01:11 - 2008-04-14 00:16 - 00059136 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2014-03-31 01:11 - 2008-04-14 00:16 - 00037888 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2014-03-31 01:11 - 2008-04-14 00:16 - 00036480 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthprint.sys
2014-03-31 01:11 - 2008-04-14 00:16 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2014-03-31 01:11 - 2008-04-14 00:16 - 00018944 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthusb.sys
2014-03-31 01:11 - 2008-04-14 00:16 - 00017024 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2014-03-31 01:11 - 2008-04-14 00:15 - 00019200 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidir.sys
2014-03-31 01:11 - 2008-04-14 00:13 - 00014208 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wacompen.sys
2014-03-31 01:11 - 2008-04-14 00:13 - 00012672 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mutohpen.sys
2014-03-31 01:11 - 2008-04-14 00:06 - 00046464 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gagp30kx.sys
2014-03-31 01:11 - 2008-04-14 00:06 - 00044928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agpcpq.sys
2014-03-31 01:11 - 2008-04-14 00:06 - 00044672 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uagp35.sys
2014-03-31 01:11 - 2008-04-14 00:06 - 00043008 ____N (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdagp.sys
2014-03-31 01:11 - 2008-04-14 00:06 - 00042752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\alim1541.sys
2014-03-31 01:11 - 2008-04-14 00:06 - 00042368 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agp440.sys
2014-03-31 01:11 - 2008-04-14 00:06 - 00042240 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\viaagp.sys
2014-03-31 01:11 - 2008-04-14 00:06 - 00040960 ____N (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\Drivers\sisagp.sys
2014-03-31 01:11 - 2008-04-14 00:06 - 00005888 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\smbali.sys
2014-03-31 01:11 - 2008-04-13 23:53 - 01309184 ____N (Smart Link) C:\WINDOWS\system32\Drivers\mtlstrm.sys
2014-03-31 01:11 - 2008-04-13 23:53 - 01041536 ____N (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\hsfdpsp2.sys
2014-03-31 01:11 - 2008-04-13 23:53 - 00685056 ____N (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\hsfcxts2.sys
2014-03-31 01:11 - 2008-04-13 23:53 - 00404990 ____N (Smart Link) C:\WINDOWS\system32\Drivers\slntamr.sys
2014-03-31 01:11 - 2008-04-13 23:53 - 00220032 ____N (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\hsfbs2s2.sys
2014-03-31 01:11 - 2008-04-13 23:53 - 00180360 ____N (Smart Link) C:\WINDOWS\system32\Drivers\ntmtlfax.sys
2014-03-31 01:11 - 2008-04-13 23:53 - 00129535 ____N (Smart Link) C:\WINDOWS\system32\Drivers\slnt7554.sys
2014-03-31 01:11 - 2008-04-13 23:53 - 00126686 ____N (Smart Link) C:\WINDOWS\system32\Drivers\mtlmnt5.sys
2014-03-31 01:11 - 2008-04-13 23:53 - 00095424 ____N (Smart Link) C:\WINDOWS\system32\Drivers\slnthal.sys
2014-03-31 01:11 - 2008-04-13 23:53 - 00013776 ____N (Smart Link) C:\WINDOWS\system32\Drivers\recagent.sys
2014-03-31 01:11 - 2008-04-13 23:53 - 00013240 ____N (Smart Link) C:\WINDOWS\system32\Drivers\slwdmsup.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 01897408 ____N (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nv4_mini.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00701440 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati2mtag.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00452736 ____N (Matrox Graphics Inc.) C:\WINDOWS\system32\Drivers\mtxparhm.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00327040 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati2mtaa.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00166912 ____N (S3 Graphics, Inc.) C:\WINDOWS\system32\Drivers\s3gnbm.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00104960 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinrvxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00073216 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atintuxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00063663 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1rvxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00063488 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinxsxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00057856 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinbtxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00056623 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1btxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00052224 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinraxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00036463 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1tuxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00034735 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1xsxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00031744 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinxbxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00030671 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1raxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00029455 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1xbxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00028672 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinsnxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00026367 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1snxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00021343 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1ttxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00014336 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinpdxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00013824 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinttxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00013824 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinmdxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00012047 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1pdxx.sys
2014-03-31 01:11 - 2008-04-13 22:04 - 00011615 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1mdxx.sys
2014-03-31 01:11 - 2007-04-02 21:36 - 00129045 ____N () C:\WINDOWS\system32\Drivers\cxthsfs2.cty
2014-03-31 01:11 - 2006-12-29 20:21 - 00064352 ____N () C:\WINDOWS\system32\Drivers\ativmc20.cod
2014-03-31 01:11 - 2006-12-29 20:02 - 00067866 ____N () C:\WINDOWS\system32\Drivers\netwlan5.img
2014-03-31 01:07 - 2009-01-07 18:20 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2014-03-31 01:07 - 2006-12-29 00:31 - 00019569 _____ () C:\WINDOWS\002929_.tmp
2014-03-31 00:51 - 2014-03-31 00:51 - 00000000 ____D () C:\Program Files\MSXML 6.0
2014-03-31 00:50 - 2014-03-31 00:50 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-03-31 00:11 - 2014-03-31 00:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Mathematica 5.2
2014-03-30 23:22 - 2009-02-18 19:00 - 00378152 _____ (Wolfram Research, Inc.) C:\WINDOWS\system32\ml32i3.dll
2014-03-30 23:22 - 2009-02-18 19:00 - 00185640 _____ (Wolfram Research, Inc.) C:\WINDOWS\system32\mlmodule32.dll
2014-03-30 23:14 - 2014-03-30 23:14 - 00000000 ____D () C:\Program Files\WinISO
2014-03-30 23:14 - 2014-03-30 23:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinISO
2014-03-30 22:32 - 2014-04-16 22:55 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-30 22:32 - 2014-04-16 22:55 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-30 21:09 - 2014-03-30 21:09 - 00000440 _____ () C:\Documents and Settings\All Users\Desktop\Scientific WorkPlace 5.0.lnk
2014-03-30 21:09 - 2014-03-30 21:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Scientific WorkPlace 5.0
2014-03-30 16:25 - 2014-04-17 23:39 - 00012005 _____ () C:\Documents and Settings\MS\_viminfo
2014-03-30 16:25 - 2014-03-30 16:25 - 00000000 ____D () C:\Documents and Settings\MS\Application Data\Macromedia
2014-03-30 14:23 - 2014-03-30 14:23 - 00000634 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-30 14:23 - 2014-03-30 14:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-30 14:23 - 2014-03-30 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-03-30 14:15 - 2014-03-30 14:15 - 00000000 ____D () C:\Documents and Settings\MS\Application Data\baiduAddr
2014-03-30 14:13 - 2014-03-30 14:13 - 00000000 ____D () C:\Documents and Settings\MS\Local Settings\Application Data\Pyjj
2014-03-30 14:10 - 2014-04-13 16:39 - 00000954 _____ () C:\Documents and Settings\MS\Application Data\coreavc.ini
2014-03-30 14:10 - 2014-03-30 14:10 - 00000000 ___HD () C:\Documents and Settings\All Users\Device
2014-03-30 14:10 - 2014-03-30 14:10 - 00000000 ____D () C:\Program Files\QvodPlayer
2014-03-30 14:10 - 2014-03-30 14:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\快播软件
2014-03-30 14:10 - 2014-03-30 14:10 - 00000000 ____D () C:\Documents and Settings\All Users\QvodPlayer
2014-03-30 14:07 - 2014-03-30 14:07 - 00000000 ____D () C:\Program Files\Vim
2014-03-30 14:07 - 2014-03-30 14:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Vim 7.2
2014-03-30 13:49 - 2014-03-30 13:48 - 00452591 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140330-134900.backup
2014-03-30 13:48 - 2014-03-30 13:40 - 00452591 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140330-134838.backup
2014-03-30 13:40 - 2008-08-27 17:27 - 00262084 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140330-134003.backup
2014-03-30 13:39 - 2014-03-30 13:39 - 00000000 ____D () C:\Program Files\ActualWindowMinimizer
2014-03-30 13:39 - 2014-03-30 13:39 - 00000000 ____D () C:\Documents and Settings\MS\Application Data\Actual Tools
2014-03-30 13:36 - 2014-03-30 13:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PDF-XChange PDF Viewer
2014-03-30 13:35 - 2014-03-30 13:35 - 00000000 ____D () C:\Program Files\Tracker Software
2014-03-30 13:31 - 2014-03-30 13:31 - 00000000 __SHD () C:\Documents and Settings\LocalService\IETldCache
2014-03-30 13:29 - 2014-03-30 13:29 - 00000000 ____D () C:\Documents and Settings\MS\My Documents\ProcAlyzer Dumps
2014-03-30 13:28 - 2014-03-30 13:28 - 00000000 ____D () C:\WINDOWS\pss
2014-03-30 13:27 - 2014-04-16 22:51 - 00131072 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-03-30 13:27 - 2014-04-09 00:30 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-03-30 13:27 - 2014-04-05 11:22 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-03-30 13:27 - 2014-04-01 00:32 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-03-30 13:27 - 2014-03-30 13:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-03-30 13:26 - 2014-03-30 13:26 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-30 13:26 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-03-30 13:18 - 2014-03-30 13:18 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-03-30 04:44 - 2014-03-31 03:42 - 00000855 _____ () C:\Documents and Settings\MS\Desktop\Mathematica.lnk
2014-03-30 04:44 - 2014-03-23 12:43 - 00000409 _____ () C:\Documents and Settings\MS\Desktop\RogueKiller.exe.lnk
2014-03-30 04:44 - 2014-03-21 21:40 - 00000049 _____ () C:\Documents and Settings\MS\Desktop\slkjfdlkajsf.information
2014-03-30 04:44 - 2014-03-18 13:27 - 00080384 ___SH () C:\Documents and Settings\MS\Desktop\Thumbs.db
2014-03-30 04:44 - 2014-02-18 00:50 - 23060391 _____ (Igor Pavlov) C:\Documents and Settings\MS\Desktop\gimp-painter--2.6.11_100627-1_win32_starter.exe
2014-03-30 04:44 - 2013-12-28 16:26 - 00000541 _____ () C:\Documents and Settings\MS\Desktop\RegCleanr.exe.lnk
2014-03-30 04:44 - 2013-12-08 02:19 - 00488596 _____ () C:\Documents and Settings\MS\Desktop\sp_intf.tar.gz
2014-03-30 04:44 - 2013-05-23 08:47 - 00000021 _____ () C:\Documents and Settings\MS\Desktop\temp.txt
2014-03-30 04:44 - 2013-03-31 22:21 - 01331200 _____ () C:\Documents and Settings\MS\Desktop\Park_Projected_BCS_tJ_Hamiltonian_equivalence.ppt
2014-03-30 04:44 - 2013-03-28 14:32 - 00267264 _____ () C:\Documents and Settings\MS\Desktop\AL Travel Exp Voucher.xls
2014-03-30 04:44 - 2013-03-09 17:15 - 00005302 _____ () C:\Documents and Settings\MS\Desktop\doscar_analysis.f90
2014-03-30 04:44 - 2013-03-09 17:14 - 00005306 _____ () C:\Documents and Settings\MS\Desktop\doscar_analysis.f90~
2014-03-30 04:44 - 2013-03-08 17:40 - 00000220 _____ () C:\Documents and Settings\MS\Desktop\POSCAR
2014-03-30 04:44 - 2013-03-08 17:39 - 00000156 _____ () C:\Documents and Settings\MS\Desktop\POSCAR~
2014-03-30 04:44 - 2013-03-08 17:27 - 00000000 _____ () C:\Documents and Settings\MS\Desktop\INCAR_Si~
2014-03-30 04:44 - 2013-02-11 10:41 - 00108544 _____ () C:\Documents and Settings\MS\Desktop\Travel Worksheet_0.xls
2014-03-30 04:44 - 2013-02-04 14:06 - 00004660 _____ () C:\Documents and Settings\MS\Desktop\CeSn3.struct
2014-03-30 04:44 - 2012-12-22 19:27 - 00000025 _____ () C:\Documents and Settings\MS\Desktop\password.txt
2014-03-30 04:44 - 2012-10-25 22:53 - 00000888 _____ () C:\Documents and Settings\MS\Desktop\sss
2014-03-30 04:44 - 2012-03-31 19:14 - 00000420 _____ () C:\Documents and Settings\MS\Desktop\aaa.txt
2014-03-30 04:44 - 2012-03-22 11:18 - 00000311 _____ () C:\Documents and Settings\MS\Desktop\repeat_check.gu
2014-03-30 04:44 - 2012-03-10 14:09 - 01509938 _____ () C:\Documents and Settings\MS\Desktop\MATERIALS.rar
2014-03-30 04:44 - 2011-12-27 00:16 - 00001006 _____ () C:\Documents and Settings\MS\Desktop\last_pdf.txt
2014-03-30 04:44 - 2011-09-17 11:57 - 00014620 _____ () C:\Documents and Settings\MS\Desktop\GHF.V1-1.tex
2014-03-30 04:44 - 2011-08-29 01:09 - 00000023 _____ () C:\Documents and Settings\MS\Desktop\slkjfdlkajsf.information~
2014-03-30 04:44 - 2011-08-27 14:10 - 00063069 _____ () C:\Documents and Settings\MS\Desktop\problem_rotate_graph.rap
2014-03-30 04:44 - 2011-05-16 11:21 - 00000787 _____ () C:\Documents and Settings\MS\Desktop\Photoshop.lnk
2014-03-30 04:44 - 2010-09-03 18:23 - 00000972 _____ () C:\Documents and Settings\MS\Desktop\reply.txt
2014-03-30 04:44 - 2010-08-20 18:24 - 00000011 _____ () C:\Documents and Settings\MS\Desktop\access.txt
2014-03-30 04:44 - 2009-04-30 09:55 - 00025605 _____ () C:\Documents and Settings\MS\Desktop\Mark_class.tex
2014-03-30 04:44 - 2009-04-30 01:03 - 00013074 _____ () C:\Documents and Settings\MS\Desktop\check_diagonal.tex
2014-03-30 04:44 - 2009-02-26 12:52 - 00000014 _____ () C:\Documents and Settings\MS\Desktop\wireless.txt
2014-03-30 04:44 - 2008-08-27 03:09 - 00000916 _____ () C:\Documents and Settings\MS\Desktop\startxwin.lnk
2014-03-30 04:44 - 2008-08-27 02:42 - 00000588 _____ () C:\Documents and Settings\MS\Desktop\WinSCP.lnk

==================== One Month Modified Files and Folders =======

2014-04-18 11:11 - 2014-04-18 11:11 - 00000000 ____D () C:\FRST
2014-04-18 11:00 - 2014-04-18 11:00 - 01426178 _____ () C:\Documents and Settings\MS\Desktop\adwcleaner.exe
2014-04-18 11:00 - 2014-04-18 11:00 - 00000000 ____D () C:\AdwCleaner
2014-04-18 10:59 - 2014-04-09 01:07 - 00020864 _____ () C:\WINDOWS\system32\TPAPSLOG.LOG
2014-04-18 10:53 - 2014-04-01 10:56 - 00000600 _____ () C:\Documents and Settings\MS\Local Settings\Application Data\PUTTY.RND
2014-04-18 10:38 - 2014-04-05 22:28 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 23:39 - 2014-03-30 16:25 - 00012005 _____ () C:\Documents and Settings\MS\_viminfo
2014-04-17 22:38 - 2014-04-05 22:28 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 09:05 - 2014-04-06 21:10 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-17 01:12 - 2014-04-17 01:12 - 00000643 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Zotero Standalone.lnk
2014-04-17 01:12 - 2014-04-17 01:12 - 00000637 _____ () C:\Documents and Settings\All Users\Desktop\Zotero Standalone.lnk
2014-04-17 01:12 - 2014-04-17 01:12 - 00000000 ____D () C:\Program Files\Zotero Standalone
2014-04-17 01:12 - 2014-04-17 01:12 - 00000000 ____D () C:\Documents and Settings\MS\Local Settings\Application Data\Zotero
2014-04-17 01:12 - 2014-04-17 01:12 - 00000000 ____D () C:\Documents and Settings\MS\Application Data\Zotero
2014-04-16 23:53 - 2008-08-27 02:42 - 00000600 _____ () C:\Documents and Settings\MS\PUTTY.RND
2014-04-16 23:11 - 2014-04-16 23:11 - 00000000 __SHD () C:\Recycled
2014-04-16 23:03 - 2014-04-09 11:58 - 00018836 _____ () C:\Documents and Settings\MS\Desktop\dds.txt
2014-04-16 22:55 - 2014-03-30 22:32 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-16 22:55 - 2014-03-30 22:32 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-04-16 22:52 - 2014-03-31 01:49 - 00331480 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-16 22:52 - 2007-06-19 14:13 - 00000380 _____ () C:\WINDOWS\system32\IPSCtrl.INI
2014-04-16 22:52 - 2007-01-29 11:36 - 00025181 _____ () C:\WINDOWS\system32\PROCDB.INI
2014-04-16 22:52 - 2006-11-21 22:35 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-16 22:52 - 2004-08-04 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-16 22:51 - 2014-03-31 22:06 - 01498134 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3157420313-386968922-1484442023-1003-0.dat
2014-04-16 22:51 - 2014-03-31 22:05 - 00266066 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-04-16 22:51 - 2014-03-30 13:27 - 00131072 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-04-16 22:51 - 2006-11-21 23:05 - 02020877 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-16 22:51 - 2006-11-21 22:36 - 00000178 ___SH () C:\Documents and Settings\MS\ntuser.ini
2014-04-16 22:51 - 2006-11-21 22:35 - 00032560 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-15 20:23 - 2006-11-21 21:57 - 00466758 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-15 13:01 - 2014-04-15 13:01 - 00114640 _____ () C:\Documents and Settings\MS\Application Data\GDIPFONTCACHEV1.DAT
2014-04-15 09:29 - 2014-03-31 10:24 - 00032733 _____ () C:\WINDOWS\setupapi.log
2014-04-13 16:39 - 2014-03-31 01:58 - 00114640 _____ () C:\Documents and Settings\MS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-04-13 16:39 - 2014-03-30 14:10 - 00000954 _____ () C:\Documents and Settings\MS\Application Data\coreavc.ini
2014-04-12 17:39 - 2014-04-01 11:07 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-11 09:42 - 2014-04-05 22:28 - 00001717 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-09 16:51 - 2014-04-09 16:51 - 00000000 ____D () C:\Program Files\MathType
2014-04-09 16:51 - 2014-04-09 16:51 - 00000000 ____D () C:\Documents and Settings\MS\Application Data\Design Science
2014-04-09 16:51 - 2014-04-09 16:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MathType 6
2014-04-09 01:05 - 2014-04-06 21:10 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-09 00:59 - 2014-04-05 11:13 - 00012556 _____ () C:\WINDOWS\system32\_WLANBelkinServiceRun_.txt
2014-04-09 00:58 - 2014-04-09 00:58 - 00000000 ___SD () C:\ComboFix
2014-04-09 00:30 - 2014-03-30 13:27 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-08 14:02 - 2008-08-27 03:18 - 00006144 _____ () C:\Documents and Settings\MS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-06 21:10 - 2014-04-06 21:10 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-04-05 22:28 - 2014-04-05 22:28 - 00000000 ____D () C:\Documents and Settings\MS\Local Settings\Application Data\Google
2014-04-05 22:28 - 2014-04-05 22:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-04-05 11:40 - 2006-11-21 21:55 - 00000354 __RSH () C:\boot.ini
2014-04-05 11:40 - 2004-08-04 12:00 - 00000594 _____ () C:\WINDOWS\win.ini
2014-04-05 11:40 - 2004-08-04 12:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-04-05 11:22 - 2014-04-05 11:13 - 00000286 _____ () C:\WINDOWS\system32\_WLANBelkinService.txt
2014-04-05 11:22 - 2014-03-30 13:27 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-05 11:12 - 2014-04-05 11:12 - 00000000 ____D () C:\WINDOWS\{FF6654AC-6C49-4BA9-B6CC-868D13DE0321}
2014-04-05 11:12 - 2014-04-05 11:12 - 00000000 ____D () C:\Program Files\Belkin
2014-04-03 22:57 - 2014-04-03 22:57 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache
2014-04-03 22:57 - 2014-04-03 22:57 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
2014-04-03 22:57 - 2008-08-27 03:21 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job.bak
2014-04-03 15:39 - 2014-04-09 14:50 - 00452591 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140409-145050.backup
2014-04-03 15:22 - 2014-04-03 15:22 - 00000375 _____ () C:\Documents and Settings\MS\Desktop\putty.exe.lnk
2014-04-03 15:20 - 2014-04-03 15:20 - 00000000 ____D () C:\Program Files\jj5.2
2014-04-03 09:51 - 2014-04-01 11:06 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2014-04-01 11:06 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-02 11:08 - 2014-04-02 11:08 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-02 10:18 - 2014-04-02 10:18 - 00000000 ____D () C:\Program Files\jj
2014-04-02 10:18 - 2014-04-02 10:18 - 00000000 ____D () C:\Documents and Settings\MS\Local Settings\Application Data\jjtmp
2014-04-01 11:35 - 2014-04-01 11:35 - 00000000 _RSHD () C:\cmdcons
2014-04-01 11:33 - 2014-04-01 11:33 - 00000000 ____D () C:\WINDOWS\erdnt
2014-04-01 11:33 - 2014-04-01 11:33 - 00000000 ____D () C:\Qoobox
2014-04-01 11:32 - 2014-04-03 15:39 - 00452591 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140403-153922.backup
2014-04-01 11:06 - 2014-04-01 11:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-01 11:06 - 2014-04-01 11:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-01 11:06 - 2014-04-01 11:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-01 02:59 - 2014-04-01 11:35 - 00000237 _____ () C:\Boot.bak
2014-04-01 02:37 - 2008-08-27 01:53 - 00000294 _____ () C:\WINDOWS\Tasks\PMTask.job
2014-04-01 00:32 - 2014-03-30 13:27 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-03-31 22:07 - 2014-03-31 20:57 - 00001913 _____ () C:\WINDOWS\spupdsvc.log
2014-03-31 22:04 - 2014-03-31 22:04 - 00053513 _____ () C:\WINDOWS\KB2387149.log
2014-03-31 22:04 - 2014-03-31 22:04 - 00053033 _____ () C:\WINDOWS\KB951376-v2.log
2014-03-31 22:04 - 2014-03-31 22:04 - 00052132 _____ () C:\WINDOWS\KB946648.log
2014-03-31 22:04 - 2014-03-31 22:04 - 00048942 _____ () C:\WINDOWS\KB2659262.log
2014-03-31 22:04 - 2014-03-31 22:04 - 00047864 _____ () C:\WINDOWS\KB2564958.log
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB960859$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB959426$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB952954$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB951376-v2$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB946648$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2868626$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2712808$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2659262$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2564958$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2479943$
2014-03-31 22:04 - 2014-03-31 22:04 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2387149$
2014-03-31 22:04 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2916036$
2014-03-31 22:04 - 2014-03-31 21:53 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-31 22:04 - 2014-03-31 20:53 - 00854350 _____ () C:\WINDOWS\iis6.log
2014-03-31 22:04 - 2014-03-31 20:53 - 00791409 _____ () C:\WINDOWS\FaxSetup.log
2014-03-31 22:04 - 2014-03-31 20:53 - 00378368 _____ () C:\WINDOWS\ocgen.log
2014-03-31 22:04 - 2014-03-31 20:53 - 00361137 _____ () C:\WINDOWS\tsoc.log
2014-03-31 22:04 - 2014-03-31 20:53 - 00263178 _____ () C:\WINDOWS\comsetup.log
2014-03-31 22:04 - 2014-03-31 20:53 - 00241456 _____ () C:\WINDOWS\msmqinst.log
2014-03-31 22:04 - 2014-03-31 20:53 - 00159333 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-31 22:04 - 2014-03-31 20:53 - 00138624 _____ () C:\WINDOWS\netfxocm.log
2014-03-31 22:04 - 2014-03-31 20:53 - 00054400 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-31 22:04 - 2014-03-31 20:53 - 00043776 _____ () C:\WINDOWS\ocmsn.log
2014-03-31 22:04 - 2014-03-31 20:53 - 00039808 _____ () C:\WINDOWS\tabletoc.log
2014-03-31 22:04 - 2014-03-31 20:53 - 00039552 _____ () C:\WINDOWS\msgsocm.log
2014-03-31 22:04 - 2014-03-31 20:53 - 00029024 _____ () C:\WINDOWS\updspapi.log
2014-03-31 22:04 - 2014-03-31 10:37 - 00067856 _____ () C:\WINDOWS\KB952954.log
2014-03-31 22:04 - 2014-03-31 10:37 - 00066907 _____ () C:\WINDOWS\KB959426.log
2014-03-31 22:04 - 2014-03-31 10:37 - 00066069 _____ () C:\WINDOWS\KB2868626.log
2014-03-31 22:04 - 2014-03-31 10:36 - 00067635 _____ () C:\WINDOWS\KB960859.log
2014-03-31 22:04 - 2014-03-31 10:36 - 00067491 _____ () C:\WINDOWS\KB2712808.log
2014-03-31 22:04 - 2014-03-31 10:36 - 00067273 _____ () C:\WINDOWS\KB2479943.log
2014-03-31 22:04 - 2014-03-31 10:36 - 00062883 _____ () C:\WINDOWS\KB2916036.log
2014-03-31 22:04 - 2008-08-27 02:49 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-31 22:03 - 2014-03-31 22:03 - 00049793 _____ () C:\WINDOWS\KB2536276-v2.log
2014-03-31 22:03 - 2014-03-31 22:03 - 00046865 _____ () C:\WINDOWS\KB2296011.log
2014-03-31 22:03 - 2014-03-31 22:03 - 00046099 _____ () C:\WINDOWS\KB2834886.log
2014-03-31 22:03 - 2014-03-31 22:03 - 00045774 _____ () C:\WINDOWS\KB2900986.log
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2900986$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2834886$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2758857$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2691442$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2631813$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2585542$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2544893-v2$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2536276-v2$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2478971$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2296011$
2014-03-31 22:03 - 2014-03-31 22:03 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2115168$
2014-03-31 22:03 - 2014-03-31 22:02 - 00046734 _____ () C:\WINDOWS\KB975558.log
2014-03-31 22:03 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB975558_WM8$
2014-03-31 22:03 - 2014-03-31 10:36 - 00065445 _____ () C:\WINDOWS\KB2585542.log
2014-03-31 22:03 - 2014-03-31 10:36 - 00065301 _____ () C:\WINDOWS\KB2478971.log
2014-03-31 22:03 - 2014-03-31 10:36 - 00064749 _____ () C:\WINDOWS\KB2691442.log
2014-03-31 22:03 - 2014-03-31 10:36 - 00064563 _____ () C:\WINDOWS\KB2758857.log
2014-03-31 22:03 - 2014-03-31 10:36 - 00064390 _____ () C:\WINDOWS\KB2631813.log
2014-03-31 22:03 - 2014-03-31 10:36 - 00064283 _____ () C:\WINDOWS\KB2115168.log
2014-03-31 22:03 - 2014-03-31 10:36 - 00064100 _____ () C:\WINDOWS\KB2544893-v2.log
2014-03-31 22:02 - 2014-03-31 22:02 - 00050850 _____ () C:\WINDOWS\KB955759.log
2014-03-31 22:02 - 2014-03-31 22:02 - 00047685 _____ () C:\WINDOWS\KB2229593.log
2014-03-31 22:02 - 2014-03-31 22:02 - 00045038 _____ () C:\WINDOWS\KB2378111.log
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB974318$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB969059$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB955759$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB951978$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2847311$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2802968$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2655992$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2443105$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2378111_WM9$
2014-03-31 22:02 - 2014-03-31 22:02 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2229593$
2014-03-31 22:02 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB950974$
2014-03-31 22:02 - 2014-03-31 20:57 - 00000562 _____ () C:\WINDOWS\wmsetup.log
2014-03-31 22:02 - 2014-03-31 10:36 - 00062610 _____ () C:\WINDOWS\KB2802968.log
2014-03-31 22:02 - 2014-03-31 10:36 - 00060419 _____ () C:\WINDOWS\KB2847311.log
2014-03-31 22:02 - 2014-03-31 10:35 - 00065704 _____ () C:\WINDOWS\KB951978.log
2014-03-31 22:02 - 2014-03-31 10:35 - 00063364 _____ () C:\WINDOWS\KB974318.log
2014-03-31 22:02 - 2014-03-31 10:35 - 00063351 _____ () C:\WINDOWS\KB2655992.log
2014-03-31 22:02 - 2014-03-31 10:35 - 00061923 _____ () C:\WINDOWS\KB950974.log
2014-03-31 22:02 - 2014-03-31 10:35 - 00061704 _____ () C:\WINDOWS\KB2443105.log
2014-03-31 22:02 - 2014-03-31 10:35 - 00061495 _____ () C:\WINDOWS\KB969059.log
2014-03-31 22:01 - 2014-03-31 22:01 - 00046166 _____ () C:\WINDOWS\KB2485663.log
2014-03-31 22:01 - 2014-03-31 22:01 - 00045943 _____ () C:\WINDOWS\KB2686509.log
2014-03-31 22:01 - 2014-03-31 22:01 - 00044663 _____ () C:\WINDOWS\KB2862335.log
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB982132$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB978338$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB975713$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB971657$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB954155_WM9$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2898715$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2862335$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2686509$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2598479$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2485663$
2014-03-31 22:01 - 2014-03-31 22:01 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2481109$
2014-03-31 22:01 - 2014-03-31 22:00 - 00041419 _____ () C:\WINDOWS\KB954155.log
2014-03-31 22:01 - 2014-03-31 10:35 - 00063278 _____ () C:\WINDOWS\KB2481109.log
2014-03-31 22:01 - 2014-03-31 10:35 - 00061795 _____ () C:\WINDOWS\KB2598479.log
2014-03-31 22:01 - 2014-03-31 10:35 - 00060975 _____ () C:\WINDOWS\KB975713.log
2014-03-31 22:01 - 2014-03-31 10:35 - 00060574 _____ () C:\WINDOWS\KB978338.log
2014-03-31 22:01 - 2014-03-31 10:35 - 00060342 _____ () C:\WINDOWS\KB2898715.log
2014-03-31 22:01 - 2014-03-31 10:35 - 00059954 _____ () C:\WINDOWS\KB971657.log
2014-03-31 22:01 - 2014-03-31 10:35 - 00059865 _____ () C:\WINDOWS\KB2507938.log
2014-03-31 22:01 - 2014-03-31 10:35 - 00059814 _____ () C:\WINDOWS\KB982132.log
2014-03-31 22:01 - 2014-03-31 10:35 - 00057793 _____ () C:\WINDOWS\KB2929961.log
2014-03-31 22:00 - 2014-03-31 22:00 - 00053013 _____ () C:\WINDOWS\KB956572.log
2014-03-31 22:00 - 2014-03-31 22:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB974112$
2014-03-31 22:00 - 2014-03-31 22:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB972270$
2014-03-31 22:00 - 2014-03-31 22:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB956572$
2014-03-31 22:00 - 2014-03-31 22:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2780091$
2014-03-31 22:00 - 2014-03-31 22:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2507938$
2014-03-31 22:00 - 2014-03-31 21:00 - 00040149 _____ () C:\WINDOWS\KB2904266.log
2014-03-31 22:00 - 2014-03-31 21:00 - 00006616 _____ () C:\WINDOWS\system32\TZLog.log
2014-03-31 22:00 - 2014-03-31 10:35 - 00061592 _____ () C:\WINDOWS\KB2780091.log
2014-03-31 22:00 - 2014-03-31 10:34 - 00059624 _____ () C:\WINDOWS\KB974112.log
2014-03-31 21:00 - 2014-03-31 21:00 - 00042177 _____ () C:\WINDOWS\KB956844.log
2014-03-31 21:00 - 2014-03-31 21:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB956844$
2014-03-31 21:00 - 2014-03-31 21:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2904266$
2014-03-31 21:00 - 2014-03-31 21:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2876217$
2014-03-31 21:00 - 2014-03-31 21:00 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2347290$
2014-03-31 21:00 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2483185$
2014-03-31 21:00 - 2014-03-31 10:34 - 00057560 _____ () C:\WINDOWS\KB2483185.log
2014-03-31 21:00 - 2014-03-31 10:34 - 00054446 _____ () C:\WINDOWS\KB2876217.log
2014-03-31 20:59 - 2014-03-31 20:59 - 00040792 _____ () C:\WINDOWS\KB973869.log
2014-03-31 20:59 - 2014-03-31 20:59 - 00039923 _____ () C:\WINDOWS\KB2592799.log
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB979687$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB975560$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB975025$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB974571$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB973869$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB952004$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2864063$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2862152$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2719985$
2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2592799$
2014-03-31 20:59 - 2014-03-31 10:34 - 00058007 _____ () C:\WINDOWS\KB952004.log
2014-03-31 20:59 - 2014-03-31 10:34 - 00057649 _____ () C:\WINDOWS\KB979687.log
2014-03-31 20:59 - 2014-03-31 10:34 - 00055082 _____ () C:\WINDOWS\KB2719985.log
2014-03-31 20:59 - 2014-03-31 10:34 - 00054163 _____ () C:\WINDOWS\KB975025.log
2014-03-31 20:59 - 2014-03-31 10:34 - 00053635 _____ () C:\WINDOWS\KB2930275.log
2014-03-31 20:59 - 2014-03-31 10:34 - 00052842 _____ () C:\WINDOWS\KB2864063.log
2014-03-31 20:59 - 2014-03-31 10:33 - 00053622 _____ () C:\WINDOWS\KB974571.log
2014-03-31 20:59 - 2014-03-31 10:33 - 00051253 _____ () C:\WINDOWS\KB2862152.log
2014-03-31 20:59 - 2014-03-31 10:32 - 00052014 _____ () C:\WINDOWS\KB973507.log
2014-03-31 20:58 - 2014-03-31 20:58 - 00039176 _____ () C:\WINDOWS\KB2535512.log
2014-03-31 20:58 - 2014-03-31 20:58 - 00038889 _____ () C:\WINDOWS\KB2807986.log
2014-03-31 20:58 - 2014-03-31 20:58 - 00038188 _____ () C:\WINDOWS\KB950762.log
2014-03-31 20:58 - 2014-03-31 20:58 - 00037633 _____ () C:\WINDOWS\KB952287.log
2014-03-31 20:58 - 2014-03-31 20:58 - 00036847 _____ () C:\WINDOWS\KB2570947.log
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB977816$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB973507$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB952287$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB950762$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2876331$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2868038$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2859537$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2850869$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2807986$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2770660$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2570947$
2014-03-31 20:58 - 2014-03-31 20:58 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2535512$
2014-03-31 20:58 - 2014-03-31 20:57 - 00037388 _____ () C:\WINDOWS\KB2868038.log
2014-03-31 20:58 - 2014-03-31 20:57 - 00031132 _____ () C:\WINDOWS\KB978695.log
2014-03-31 20:58 - 2014-03-31 10:34 - 00051815 _____ () C:\WINDOWS\KB2859537.log
2014-03-31 20:58 - 2014-03-31 10:34 - 00049093 _____ () C:\WINDOWS\KB2876331.log
2014-03-31 20:58 - 2014-03-31 10:33 - 00049523 _____ () C:\WINDOWS\KB2850869.log
2014-03-31 20:58 - 2014-03-31 10:32 - 00052005 _____ () C:\WINDOWS\KB977816.log
2014-03-31 20:57 - 2014-03-31 20:57 - 00040252 _____ () C:\WINDOWS\KB973904.log
2014-03-31 20:57 - 2014-03-31 20:57 - 00035826 _____ () C:\WINDOWS\KB2603381.log
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB974392$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB973904$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB973540_WM9$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2893294$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2820917$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2757638$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2653956$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2603381$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2508429$
2014-03-31 20:57 - 2014-03-31 20:57 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2419632$
2014-03-31 20:57 - 2014-03-31 10:33 - 00050384 _____ () C:\WINDOWS\KB2820917.log
2014-03-31 20:57 - 2014-03-31 10:33 - 00049804 _____ () C:\WINDOWS\KB2757638.log
2014-03-31 20:57 - 2014-03-31 10:33 - 00047233 _____ () C:\WINDOWS\KB2893294.log
2014-03-31 20:57 - 2014-03-31 10:33 - 00044112 _____ () C:\WINDOWS\KB2508429.log
2014-03-31 20:57 - 2014-03-31 10:33 - 00042347 _____ () C:\WINDOWS\KB2749655.log
2014-03-31 20:57 - 2014-03-31 10:32 - 00055403 _____ () C:\WINDOWS\KB2419632.log
2014-03-31 20:57 - 2014-03-31 10:32 - 00042905 _____ () C:\WINDOWS\KB2653956.log
2014-03-31 20:57 - 2014-03-31 10:32 - 00042059 _____ () C:\WINDOWS\KB974392.log
2014-03-31 20:56 - 2014-03-31 20:56 - 00029443 _____ () C:\WINDOWS\KB2698365.log
2014-03-31 20:56 - 2014-03-31 20:56 - 00023060 _____ () C:\WINDOWS\KB952069.log
2014-03-31 20:56 - 2014-03-31 20:56 - 00019051 _____ () C:\WINDOWS\KB2803821-v2.log
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB977914$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB971029$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB952069_WM9$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2892075$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2749655$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2698365$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2619339$
2014-03-31 20:56 - 2014-03-31 20:56 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2506212$
2014-03-31 20:56 - 2014-03-31 10:33 - 00042285 _____ () C:\WINDOWS\KB971029.log
2014-03-31 20:56 - 2014-03-31 10:33 - 00041414 _____ () C:\WINDOWS\KB2506212.log
2014-03-31 20:56 - 2014-03-31 10:33 - 00040865 _____ () C:\WINDOWS\KB2705219-v2.log
2014-03-31 20:56 - 2014-03-31 10:33 - 00037167 _____ () C:\WINDOWS\KB2892075.log
2014-03-31 20:56 - 2014-03-31 10:32 - 00043477 _____ () C:\WINDOWS\KB977914.log
2014-03-31 20:56 - 2014-03-31 10:32 - 00038733 _____ () C:\WINDOWS\KB2619339.log
2014-03-31 20:56 - 2014-03-31 10:32 - 00038436 _____ () C:\WINDOWS\KB978542.log
2014-03-31 20:55 - 2014-03-31 20:55 - 00026215 _____ () C:\WINDOWS\KB2723135-v2.log
2014-03-31 20:55 - 2014-03-31 20:55 - 00025523 _____ () C:\WINDOWS\KB981997.log
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB981997$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB979482$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB979309$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB978706$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB978542$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB973815$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB960803$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2862330$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2813345$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2727528$
2014-03-31 20:55 - 2014-03-31 20:55 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-03-31 20:55 - 2014-03-31 10:31 - 00042630 _____ () C:\WINDOWS\KB2509553.log
2014-03-31 20:55 - 2014-03-31 10:31 - 00039402 _____ () C:\WINDOWS\KB2813345.log
2014-03-31 20:55 - 2014-03-31 10:31 - 00038178 _____ () C:\WINDOWS\KB960803.log
2014-03-31 20:55 - 2014-03-31 10:31 - 00037855 _____ () C:\WINDOWS\KB2727528.log
2014-03-31 20:55 - 2014-03-31 10:31 - 00037794 _____ () C:\WINDOWS\KB978706.log
2014-03-31 20:55 - 2014-03-31 10:31 - 00037709 _____ () C:\WINDOWS\KB979482.log
2014-03-31 20:55 - 2014-03-31 10:31 - 00037567 _____ () C:\WINDOWS\KB973815.log
2014-03-31 20:55 - 2014-03-31 10:28 - 00036961 _____ () C:\WINDOWS\KB979309.log
2014-03-31 20:54 - 2014-03-31 20:54 - 00308416 _____ () C:\WINDOWS\msxml4-KB973688-enu.LOG
2014-03-31 20:54 - 2014-03-31 20:54 - 00302348 _____ () C:\WINDOWS\msxml4-KB954430-enu.LOG
2014-03-31 20:54 - 2014-03-31 20:54 - 00026818 _____ () C:\WINDOWS\KB2393802.log
2014-03-31 20:54 - 2014-03-31 20:54 - 00024590 _____ () C:\WINDOWS\KB2510531-IE8.log
2014-03-31 20:54 - 2014-03-31 20:54 - 00022216 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-03-31 20:54 - 2014-03-31 20:54 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB982665$
2014-03-31 20:54 - 2014-03-31 20:54 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB923561$
2014-03-31 20:54 - 2014-03-31 20:54 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2676562$
2014-03-31 20:54 - 2014-03-31 20:54 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2509553$
2014-03-31 20:54 - 2014-03-31 20:54 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2478960$
2014-03-31 20:54 - 2014-03-31 20:54 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2393802$
2014-03-31 20:54 - 2014-03-31 20:53 - 00023990 _____ () C:\WINDOWS\KB923561.log
2014-03-31 20:54 - 2014-03-31 10:30 - 00042739 _____ () C:\WINDOWS\KB2676562.log
2014-03-31 20:54 - 2014-03-31 10:30 - 00033970 _____ () C:\WINDOWS\KB982665.log
2014-03-31 20:54 - 2014-03-31 10:30 - 00032982 _____ () C:\WINDOWS\KB2620712.log
2014-03-31 20:53 - 2014-03-31 20:53 - 00020908 _____ () C:\WINDOWS\KB2566454.log
2014-03-31 20:53 - 2014-03-31 20:53 - 00020553 _____ () C:\WINDOWS\KB2661637.log
2014-03-31 20:53 - 2014-03-31 20:53 - 00018247 _____ () C:\WINDOWS\KB2914368.log
2014-03-31 20:53 - 2014-03-31 20:53 - 00018032 _____ () C:\WINDOWS\KB2423089.log
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB975467$
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB968389$
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2914368$
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2661637$
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2620712$
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2584146$
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2566454$
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 ___HD () C:\WINDOWS\$NtUninstallKB2423089$
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-31 20:53 - 2014-03-31 20:53 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-03-31 20:53 - 2014-03-31 10:28 - 00037459 _____ () C:\WINDOWS\KB968389.log
2014-03-31 20:53 - 2014-03-31 10:28 - 00033383 _____ () C:\WINDOWS\KB975467.log
2014-03-31 20:53 - 2014-03-31 10:28 - 00032489 _____ () C:\WINDOWS\KB2584146.log
2014-03-31 17:03 - 2014-03-31 17:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2014-03-31 10:29 - 2014-03-31 10:29 - 00000000 ____D () C:\Documents and Settings\MS\Local Settings\Application Data\Thunderbird
2014-03-31 10:29 - 2014-03-31 10:29 - 00000000 ____D () C:\Documents and Settings\MS\Application Data\Thunderbird
2014-03-31 10:25 - 2014-03-31 10:25 - 00001578 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-03-31 03:42 - 2014-03-30 04:44 - 00000855 _____ () C:\Documents and Settings\MS\Desktop\Mathematica.lnk
2014-03-31 03:41 - 2014-03-31 03:41 - 00000000 ____D () C:\Documents and Settings\MS\Desktop\Travel Expense form with instructions
2014-03-31 03:41 - 2014-03-31 03:41 - 00000000 ____D () C:\Documents and Settings\MS\Desktop\PDF_XChange
2014-03-31 03:40 - 2014-03-31 03:40 - 00000000 ____D () C:\Documents and Settings\MS\Desktop\zhongyi
2014-03-31 03:40 - 2014-03-31 03:40 - 00000000 ____D () C:\Documents and Settings\MS\Desktop\RK_Quarantine
2014-03-31 03:40 - 2014-03-31 03:40 - 00000000 ____D () C:\Documents and Settings\MS\Desktop\GC-materials
2014-03-31 03:34 - 2014-03-31 03:34 - 00000000 ____D () C:\Documents and Settings\MS\Local Settings\Application Data\IsolatedStorage
2014-03-31 03:34 - 2014-03-31 03:15 - 00000440 _____ () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
2014-03-31 02:48 - 2014-03-31 02:48 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-31 02:48 - 2014-03-31 02:48 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-03-31 02:08 - 2014-03-31 02:07 - 00000000 __SHD () C:\Documents and Settings\MS\PrivacIE
2014-03-31 01:45 - 2014-03-31 01:44 - 00000000 __SHD () C:\Documents and Settings\MS\IETldCache
2014-03-31 01:45 - 2006-11-21 22:36 - 00000707 _____ () C:\Documents and Settings\MS\Start Menu\Programs\Internet Explorer.lnk
2014-03-31 01:43 - 2014-03-31 01:36 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-03-31 01:40 - 2014-03-31 01:40 - 00000000 ____D () C:\Documents and Settings\MS\Local Settings\Application Data\Skype
2014-03-31 01:39 - 2014-03-31 01:39 - 00000000 ___RD () C:\Program Files\Skype
2014-03-31 01:39 - 2014-03-31 01:39 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-31 01:39 - 2014-03-31 01:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-03-31 01:37 - 2014-03-31 01:37 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-31 01:35 - 2014-03-31 01:35 - 00000000 ___HD () C:\WINDOWS\ie8
2014-03-31 01:29 - 2014-03-31 01:29 - 00000000 ____D () C:\Program Files\MSECache
2014-03-31 01:28 - 2014-03-31 01:28 - 00000020 _____ () C:\WINDOWS\system32\pub_store.dat
2014-03-31 01:28 - 2014-03-31 01:28 - 00000000 ____D () C:\TDDOWNLOAD
2014-03-31 01:23 - 2014-03-31 01:23 - 00000000 ____D () C:\Program Files\Wise
2014-03-31 01:23 - 2014-03-31 01:23 - 00000000 ____D () C:\Documents and Settings\MS\Application Data\Wise Disk Cleaner
2014-03-31 01:23 - 2014-03-31 01:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Wise Disk Cleaner
2014-03-31 01:21 - 2006-11-21 22:22 - 00316640 _____ () C:\WINDOWS\WMSysPr9.prx
2014-03-31 01:20 - 2014-03-31 01:20 - 00000269 _____ () C:\WINDOWS\system32\spupdwxp.log
2014-03-31 01:15 - 2006-11-21 22:23 - 00001467 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-03-31 01:14 - 2014-03-31 01:14 - 00000000 ____D () C:\WINDOWS\system32\scripting
2014-03-31 01:14 - 2014-03-31 01:14 - 00000000 ____D () C:\WINDOWS\system32\bits
2014-03-31 01:14 - 2014-03-31 01:14 - 00000000 ____D () C:\WINDOWS\l2schemas
2014-03-31 01:10 - 2006-08-26 07:00 - 00250048 __RSH () C:\ntldr
2014-03-31 00:54 - 2008-08-27 04:04 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-03-31 00:51 - 2014-03-31 00:51 - 00000000 ____D () C:\Program Files\MSXML 6.0
2014-03-31 00:50 - 2014-03-31 00:50 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-03-31 00:11 - 2014-03-31 00:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Mathematica 5.2
2014-03-31 00:00 - 2014-03-31 01:28 - 00000135 _____ () C:\WINDOWS\system32\cid_store.dat
2014-03-30 23:59 - 2014-03-31 01:28 - 00000026 _____ () C:\WINDOWS\system32\xlhcc.dat
2014-03-30 23:14 - 2014-03-30 23:14 - 00000000 ____D () C:\Program Files\WinISO
2014-03-30 23:14 - 2014-03-30 23:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinISO
2014-03-30 21:09 - 2014-03-30 21:09 - 00000440 _____ () C:\Documents and Settings\All Users\Desktop\Scientific WorkPlace 5.0.lnk
2014-03-30 21:09 - 2014-03-30 21:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Scientific WorkPlace 5.0
2014-03-30 16:25 - 2014-03-30 16:25 - 00000000 ____D () C:\Documents and Settings\MS\Application Data\Macromedia
2014-03-30 14:23 - 2014-03-30 14:23 - 00000634 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-30 14:23 - 2014-03-30 14:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-30 14:23 - 2014-03-30 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-03-30 14:23 - 2008-08-27 01:55 - 00000628 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-03-30 14:15 - 2014-03-30 14:15 - 00000000 ____D () C:\Documents and Settings\MS\Application Data\baiduAddr
2014-03-30 14:13 - 2014-03-30 14:13 - 00000000 ____D () C:\Documents and Settings\MS\Local Settings\Application Data\Pyjj
2014-03-30 14:10 - 2014-03-30 14:10 - 00000000 ___HD () C:\Documents and Settings\All Users\Device
2014-03-30 14:10 - 2014-03-30 14:10 - 00000000 ____D () C:\Program Files\QvodPlayer
2014-03-30 14:10 - 2014-03-30 14:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\快播软件
2014-03-30 14:10 - 2014-03-30 14:10 - 00000000 ____D () C:\Documents and Settings\All Users\QvodPlayer
2014-03-30 14:07 - 2014-03-30 14:07 - 00000000 ____D () C:\Program Files\Vim
2014-03-30 14:07 - 2014-03-30 14:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Vim 7.2
2014-03-30 13:49 - 2014-04-01 11:32 - 00452591 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140401-113252.backup
2014-03-30 13:48 - 2014-03-30 13:49 - 00452591 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140330-134900.backup
2014-03-30 13:40 - 2014-03-30 13:48 - 00452591 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140330-134838.backup
2014-03-30 13:39 - 2014-03-30 13:39 - 00000000 ____D () C:\Program Files\ActualWindowMinimizer
2014-03-30 13:39 - 2014-03-30 13:39 - 00000000 ____D () C:\Documents and Settings\MS\Application Data\Actual Tools
2014-03-30 13:36 - 2014-03-30 13:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PDF-XChange PDF Viewer
2014-03-30 13:35 - 2014-03-30 13:35 - 00000000 ____D () C:\Program Files\Tracker Software
2014-03-30 13:31 - 2014-03-30 13:31 - 00000000 __SHD () C:\Documents and Settings\LocalService\IETldCache
2014-03-30 13:29 - 2014-03-30 13:29 - 00000000 ____D () C:\Documents and Settings\MS\My Documents\ProcAlyzer Dumps
2014-03-30 13:28 - 2014-03-30 13:28 - 00000000 ____D () C:\WINDOWS\pss
2014-03-30 13:27 - 2014-03-30 13:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-03-30 13:26 - 2014-03-30 13:26 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-30 13:18 - 2014-03-30 13:18 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-03-23 12:43 - 2014-03-30 04:44 - 00000409 _____ () C:\Documents and Settings\MS\Desktop\RogueKiller.exe.lnk
2014-03-21 21:40 - 2014-03-30 04:44 - 00000049 _____ () C:\Documents and Settings\MS\Desktop\slkjfdlkajsf.information

Some content of TEMP:
====================
C:\Documents and Settings\MS\Local Settings\Temp\QvodSetup.exe
C:\Documents and Settings\MS\Local Settings\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:56 PM

Posted 18 April 2014 - 12:39 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)
BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files\QvodPlayer\QvodExtend\5.0.91.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @qvod.com/QvodInsert - C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @qvod.com/QvodShare - C:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin HKCU: @qvod.com/QvodInsert - C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDapCtrlFirefox.dll (ShenZhen Thunder Networking Technologies Ltd.)
U3 avxrtd1j; C:\WINDOWS\system32\Drivers\avxrtd1j.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\MS\LOCALS~1\Temp\catchme.sys [X]
U3 mbr; \??\C:\DOCUME~1\MS\LOCALS~1\Temp\mbr.sys [X]

End

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) please post it to your reply.

Restart the computer normally.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Let me know what problem persists.

#7 bsmile

bsmile
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 18 April 2014 - 06:48 PM

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-04-2014 01
Ran by MS at 2014-04-18 18:45:36 Run:1
Running from D:\temp
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)
BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files\QvodPlayer\QvodExtend\5.0.91.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @qvod.com/QvodInsert - C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @qvod.com/QvodShare - C:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin HKCU: @qvod.com/QvodInsert - C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDapCtrlFirefox.dll (ShenZhen Thunder Networking Technologies Ltd.)
U3 avxrtd1j; C:\WINDOWS\system32\Drivers\avxrtd1j.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\MS\LOCALS~1\Temp\catchme.sys [X]
U3 mbr; \??\C:\DOCUME~1\MS\LOCALS~1\Temp\mbr.sys [X]

End
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01443AEC-0FD1-40fd-9C87-E93D1494C233} => Key deleted successfully.
HKCR\CLSID\{01443AEC-0FD1-40fd-9C87-E93D1494C233} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D297} => Key deleted successfully.
HKCR\CLSID\{A8502600-B272-4F68-A67B-A0305D46D297} => Key deleted successfully.
HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert => Key deleted successfully.
C:\Program Files\QvodPlayer\npQvodInsert.dll => Moved successfully.
HKLM\Software\MozillaPlugins\@qvod.com/QvodShare => Key deleted successfully.
C:\Program Files\QvodPlayer\npShareModule.dll => Moved successfully.
HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert => Key deleted successfully.
C:\Program Files\QvodPlayer\npQvodInsert.dll not found.
avxrtd1j => Service deleted successfully.
catchme => Service deleted successfully.
mbr => Service deleted successfully.

==== End of Fixlog ====



#8 bsmile

bsmile
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 18 April 2014 - 07:06 PM

checkup.txt

 

 

 Results of screen317's Security Check version 0.99.82  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Please wait while WMIC is being installed.
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy
 Wise Disk Cleaner 8.04  
 Adobe Flash Player 9 Flash Player out of Date!
 Adobe Flash Player     13.0.0.182  
 Mozilla Firefox (28.0)
 Mozilla Thunderbird (24.4.0)
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#9 bsmile

bsmile
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 18 April 2014 - 07:13 PM

Thanks, nasdaq! I followed your instruction to do the checks and posted the files here (above). In the first step to run FRST, the entries are successfully applied. But when I try to restart the machine, it would not do that. I have to press the power key and then manually restart the computer. After it is back on again, then it can be successfully restarted.

 

I forgot to remove the startup list of QVodTerminal and it is automatically loaded. Should I repeat the steps you gave and disable the QVodTerminal startup and then do a new restart?

 

The machine actually performed normally before except for a halt when Combofix is used to check the system. So do you think I run Combofix on my machine to check whether the problem is gone, and to pick out possible more threats?

 

It seems the issues are caused by Thunder and QVOD. Does this mean I should not use these two softwares any more?

 

Thanks again,



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:56 PM

Posted 19 April 2014 - 07:57 AM

Remove this old version of Adobe Flash Player 9 using the Add/Remove Programs.

===

I forgot to remove the startup list of QVodTerminal and it is automatically loaded. Should I repeat the steps you gave and disable the QVodTerminal startup and then do a new restart

?

Yes please.

===


It seems the issues are caused by Thunder and QVOD. Does this mean I should not use these two softwares any more?


These should not be used. Read about it.

http://www.systemlookup.com/search.php?type=clsid&client=malwaresearch-chrome&search=01443AEC-0FD1-40fd-9C87-E93D1494C233

http://www.systemlookup.com/search.php?type=name&client=malwaresearch-chrome&search=qvod

===

Let me know of any issues with this computer.

#11 bsmile

bsmile
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 19 April 2014 - 03:37 PM

Hi nasdaq, thanks for your help. I have followed your advices and cleaned my computer. To test whether the issue I am reporting is resolved, I ran combofix on my machine. The machine still halts when combofix reaches a point to shut down the computer before restarting. The following are the information combofix reported:

 

System file is infected!! Attempting to restore

c:\windows\system32\userinit.exe

 

Delete the following files:

c:\windows\system32\drivers\npf.sys

c:\windows\system32\TPAPSLOG.LOG

c:\windows\system32\TPHDLOG0.LOG

 

Delete the following folders:

c:\documents and settings\MS\windows

 

and then it comes to halt. I ctrl+alt+delete to pop up task manager and look into processors and see two programs related to combofix (the first column is program name, the second column is file size)

 

CF3306.3XE    4588K

 

and

 

CF3306.3XE    3764K

 

I did upload userinit.exe, TPAPSLOG.LOG, TPHDLOG0.LOG and npfs.sys (npf.sys not found, maybe I recorded wrong) file to online virus scanner (https://www.virustotal.com/) after system reboot but found no mistake. So, any further suggestions on how to continue? Thanks again,



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:56 PM

Posted 20 April 2014 - 08:27 AM

You should be able to run this tool to completion.

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.

OTL_Main_Tutorial.gif
  • Select All Users.
  • Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs DO NOT ATTACH THEM.
===

#13 bsmile

bsmile
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 20 April 2014 - 11:15 AM

OTL.TXT

OTL logfile created on: 4/20/2014 10:41:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\software\security
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.96 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 65.38% Memory free
3.81 Gb Paging File | 3.31 Gb Available in Paging File | 87.06% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.04 Gb Total Space | 3.10 Gb Free Space | 16.30% Space Free | Partition Type: FAT32
Drive D: | 46.56 Gb Total Space | 9.59 Gb Free Space | 20.59% Space Free | Partition Type: FAT32
 
Computer Name: X6X8-15CE047435 | User Name: MS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/20 10:37:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\software\security\OTL.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/02/05 11:25:10 | 002,083,480 | ---- | M] (Design Science, Inc.) -- C:\Program Files\MathType\MathType.exe
PRC - [2012/10/05 11:11:20 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\F9L1101\V1\PBN.exe
PRC - [2008/10/18 23:07:20 | 000,942,080 | ---- | M] (Actual Tools) -- C:\Program Files\ActualWindowMinimizer\ActualWindowMinimizerCenter.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 05:42:16 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe
PRC - [2008/03/26 03:06:00 | 000,059,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2008/02/13 18:28:02 | 000,066,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2008/01/25 14:06:08 | 000,111,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2008/01/11 02:21:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2007/11/21 18:38:38 | 000,075,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/09/07 17:19:00 | 001,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2007/09/07 17:18:58 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/09/07 17:18:54 | 000,408,088 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe
PRC - [2007/09/07 17:18:52 | 000,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/01/30 12:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006/11/07 19:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2005/07/16 05:48:34 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/02/05 11:25:14 | 001,235,024 | ---- | M] () -- C:\Program Files\MathType\MathPage\32\MathPage.wll
MOD - [2012/10/05 11:11:20 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\F9L1101\V1\PBN.exe
MOD - [2008/09/19 18:09:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Belkin\F9L1101\V1\BelkinwcuiSCHDLL.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/01/11 01:30:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2008/01/11 01:30:00 | 000,045,056 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2007/12/29 08:04:02 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2007/12/29 08:03:34 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2007/06/01 10:44:36 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/02/13 20:23:18 | 000,117,248 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpi4wm.DLL
MOD - [2007/01/25 15:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll
MOD - [2005/07/13 02:55:00 | 000,122,880 | ---- | M] () -- C:\WINDOWS\system32\tp4uires.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/03/15 02:40:32 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/05 11:11:20 | 000,086,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Belkin\F9L1101\V1\wlansrv.exe -- (WLANBelkinService)
SRV - [2007/09/07 17:19:00 | 001,464,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS)
SRV - [2007/09/07 17:18:58 | 000,182,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv)
SRV - [2007/09/07 17:18:52 | 000,121,368 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)
SRV - [2007/01/30 12:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MS\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (aon02uz9)
DRV - [2009/11/06 16:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2008/08/27 02:45:00 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/26 03:06:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2008/01/11 01:30:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007/11/01 16:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 16:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 16:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/10/16 18:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2007/10/16 18:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/07/03 18:46:24 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/06/21 04:43:26 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/11/06 17:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2005/05/21 04:43:48 | 000,041,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\amdk8.sys -- (AmdK8)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/08/03 22:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 22:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 22:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 22:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 22:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 22:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3157420313-386968922-1484442023-1003\..\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
IE - HKU\S-1-5-21-3157420313-386968922-1484442023-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3157420313-386968922-1484442023-1003\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_oem_dg&ch=33
IE - HKU\S-1-5-21-3157420313-386968922-1484442023-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: zotero%40chnm.gmu.edu:4.0.19
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/08/27 01:55:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/08/27 01:55:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2008/08/27 01:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MS\Application Data\Mozilla\Extensions
[2008/08/27 01:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MS\Application Data\Mozilla\Firefox\Profiles\m4j09occ.default\extensions
[2014/04/17 01:13:56 | 005,438,381 | ---- | M] () (No name found) -- C:\Documents and Settings\MS\Application Data\Mozilla\Firefox\Profiles\m4j09occ.default\extensions\zotero@chnm.gmu.edu.xpi
[2014/03/30 14:23:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/30 14:23:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/05/26 22:33:22 | 000,032,768 | ---- | M] (ShenZhen Thunder Networking Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\npDapCtrlFirefox.dll
[2009/11/18 06:30:14 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\MS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\MS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\MS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\MS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\MS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Unblock Youku = C:\Documents and Settings\MS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.11.5_0\
CHR - Extension: Unblock Youku = C:\Documents and Settings\MS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.11.9_0\
CHR - Extension: Gmail = C:\Documents and Settings\MS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/04/19 14:40:22 | 000,452,591 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    1001-search.info
O1 - Hosts: 127.0.0.1    www.1001-search.info
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.123topsearch.com
O1 - Hosts: 127.0.0.1    123topsearch.com
O1 - Hosts: 127.0.0.1    www.132.com
O1 - Hosts: 127.0.0.1    132.com
O1 - Hosts: 127.0.0.1    136136.net
O1 - Hosts: 127.0.0.1    www.136136.net
O1 - Hosts: 15541 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3157420313-386968922-1484442023-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-3157420313-386968922-1484442023-1003..\Run: [Actual Window Minimizer] C:\Program Files\ActualWindowMinimizer\ActualWindowMinimizerCenter.exe (Actual Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin USB Wireless Adaptor Utility.lnk = C:\Program Files\Belkin\F9L1101\V1\PBN.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3157420313-386968922-1484442023-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3157420313-386968922-1484442023-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm ()
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getAllurl.htm ()
O9 - Extra Button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (Thunder Networking Technologies,LTD)
O9 - Extra 'Tools' menuitem : 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (Thunder Networking Technologies,LTD)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Program Files\Lenovo\HOTKEY\tphklock.dll) - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/21 22:22:58 | 000,000,000 | RHS- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/07/05 21:18:28 | 000,000,000 | -H-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/19 15:06:16 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/04/19 00:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/04/19 00:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2014/04/19 00:13:22 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2014/04/18 16:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\wxMacMolPlt
[2014/04/18 11:11:43 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/18 11:00:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/17 01:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Local Settings\Application Data\Zotero
[2014/04/17 01:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Zotero
[2014/04/17 01:12:35 | 000,000,000 | ---D | C] -- C:\Program Files\Zotero Standalone
[2014/04/09 16:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Design Science
[2014/04/09 16:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MathType 6
[2014/04/09 16:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\MathType
[2014/04/05 22:28:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2014/04/05 22:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Local Settings\Application Data\Google
[2014/04/05 11:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2014/04/05 11:12:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\{FF6654AC-6C49-4BA9-B6CC-868D13DE0321}
[2014/04/03 22:57:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2014/04/03 15:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\jj5.2
[2014/04/02 11:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2014/04/02 10:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Local Settings\Application Data\jjtmp
[2014/04/02 10:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\jj
[2014/04/01 11:35:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/04/01 11:33:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/04/01 11:33:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/04/01 11:33:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/04/01 11:33:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/04/01 11:33:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/04/01 11:33:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MS\My Documents\My Videos
[2014/04/01 11:33:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MS\Start Menu\Programs\Administrative Tools
[2014/04/01 11:33:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/04/01 11:07:21 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/01 11:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/01 11:06:43 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/01 11:06:43 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/01 11:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/01 11:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/03/31 17:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2014/03/31 17:03:14 | 000,241,721 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPBMINI.DLL
[2014/03/31 17:03:14 | 000,163,840 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPJCMN2U.DLL
[2014/03/31 17:03:14 | 000,103,424 | ---- | C] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\hpzpnp.dll
[2014/03/31 17:03:14 | 000,094,208 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPJIPX1U.DLL
[2014/03/31 17:03:14 | 000,049,152 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZIDR12.DLL
[2014/03/31 17:03:14 | 000,049,152 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPBNRAC2.DLL
[2014/03/31 17:03:14 | 000,038,912 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\HPBPRO.DLL
[2014/03/31 17:03:14 | 000,033,792 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZIPR12.DLL
[2014/03/31 17:03:14 | 000,030,208 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZIPT12.DLL
[2014/03/31 17:03:14 | 000,025,600 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\HPBOID.DLL
[2014/03/31 17:03:14 | 000,024,576 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\HPBMIAPI.DLL
[2014/03/31 17:03:14 | 000,020,480 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZISN12.DLL
[2014/03/31 17:03:14 | 000,007,680 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\HPBPROPS.DLL
[2014/03/31 17:03:14 | 000,007,680 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\HPBOIDPS.DLL
[2014/03/31 10:37:09 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2014/03/31 10:37:01 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2014/03/31 10:36:36 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2014/03/31 10:36:22 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2014/03/31 10:36:06 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2014/03/31 10:35:55 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2014/03/31 10:35:54 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2014/03/31 10:35:35 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2014/03/31 10:35:00 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2014/03/31 10:35:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2014/03/31 10:34:15 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2014/03/31 10:34:15 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2014/03/31 10:34:15 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2014/03/31 10:34:01 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2014/03/31 10:34:01 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2014/03/31 10:33:25 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2014/03/31 10:33:24 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2014/03/31 10:33:14 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2014/03/31 10:32:17 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2014/03/31 10:31:22 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2014/03/31 10:31:20 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2014/03/31 10:31:12 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2014/03/31 10:31:12 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2014/03/31 10:31:12 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2014/03/31 10:31:12 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2014/03/31 10:30:33 | 002,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2014/03/31 10:30:33 | 002,149,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2014/03/31 10:30:33 | 002,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2014/03/31 10:30:33 | 002,028,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2014/03/31 10:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Local Settings\Application Data\Thunderbird
[2014/03/31 10:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Thunderbird
[2014/03/31 10:29:45 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2014/03/31 10:29:18 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2014/03/31 10:28:11 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2014/03/31 03:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Desktop\PDF_XChange
[2014/03/31 03:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Desktop\temp
[2014/03/31 03:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Desktop\RK_Quarantine
[2014/03/31 03:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Local Settings\Application Data\IsolatedStorage
[2014/03/31 02:49:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\assembly
[2014/03/31 02:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2014/03/31 02:48:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2014/03/31 02:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\My Documents\Amazon Downloader Logs
[2014/03/31 02:07:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MS\PrivacIE
[2014/03/31 01:44:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MS\IETldCache
[2014/03/31 01:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Local Settings\Application Data\Skype
[2014/03/31 01:37:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2014/03/31 01:36:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2014/03/31 01:35:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/03/31 01:33:17 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/03/31 01:33:05 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/03/31 01:33:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/03/31 01:33:04 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/03/31 01:33:03 | 002,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/03/31 01:33:01 | 011,113,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/03/31 01:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2014/03/31 01:28:07 | 000,000,000 | ---D | C] -- C:\TDDOWNLOAD
[2014/03/31 01:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Wise Disk Cleaner
[2014/03/31 01:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Disk Cleaner
[2014/03/31 01:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\Wise
[2014/03/31 01:20:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/03/31 01:14:59 | 001,371,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2014/03/31 01:14:59 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2014/03/31 01:14:57 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2014/03/31 01:14:56 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2014/03/31 01:14:55 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2014/03/31 01:14:52 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2014/03/31 01:14:46 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2014/03/31 01:14:46 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2014/03/31 01:14:46 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2014/03/31 01:14:46 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2014/03/31 01:14:45 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2014/03/31 01:14:45 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2014/03/31 01:14:45 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2014/03/31 01:14:45 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2014/03/31 01:14:44 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2014/03/31 01:14:44 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2014/03/31 01:14:44 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2014/03/31 01:14:44 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2014/03/31 01:14:44 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2014/03/31 01:14:44 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2014/03/31 01:14:44 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2014/03/31 01:14:44 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2014/03/31 01:14:44 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2014/03/31 01:14:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2014/03/31 01:14:44 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2014/03/31 01:14:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2014/03/31 01:14:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2014/03/31 01:14:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2014/03/31 01:14:44 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2014/03/31 01:14:44 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2014/03/31 01:14:44 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2014/03/31 01:14:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2014/03/31 01:14:43 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2014/03/31 01:14:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2014/03/31 01:14:43 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2014/03/31 01:14:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2014/03/31 01:14:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2014/03/31 01:14:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2014/03/31 01:14:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2014/03/31 01:14:42 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2014/03/31 01:14:42 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2014/03/31 01:14:42 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2014/03/31 01:14:42 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2014/03/31 01:14:42 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2014/03/31 01:14:42 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2014/03/31 01:14:42 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2014/03/31 01:14:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2014/03/31 01:14:42 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2014/03/31 01:14:42 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2014/03/31 01:14:42 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2014/03/31 01:14:42 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2014/03/31 01:14:42 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2014/03/31 01:14:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2014/03/31 01:14:42 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2014/03/31 01:14:41 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2014/03/31 01:14:41 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2014/03/31 01:14:41 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2014/03/31 01:14:41 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2014/03/31 01:14:41 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2014/03/31 01:14:41 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2014/03/31 01:14:41 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2014/03/31 01:14:41 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2014/03/31 01:14:41 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2014/03/31 01:14:41 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2014/03/31 01:14:41 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2014/03/31 01:14:41 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2014/03/31 01:14:40 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2014/03/31 01:14:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2014/03/31 01:14:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2014/03/31 01:14:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2014/03/31 01:14:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2014/03/31 01:14:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2014/03/31 01:13:05 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2014/03/31 01:11:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2014/03/31 01:11:07 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2014/03/31 01:11:07 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2014/03/31 01:11:07 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2014/03/31 01:11:07 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2014/03/31 01:11:07 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2014/03/31 01:11:07 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2014/03/31 01:11:07 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2014/03/31 01:11:07 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2014/03/31 01:11:07 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2014/03/31 01:11:07 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2014/03/31 01:11:07 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2014/03/31 01:11:07 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2014/03/31 01:11:07 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2014/03/31 01:11:07 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2014/03/31 01:11:07 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2014/03/31 01:11:07 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2014/03/31 01:11:07 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2014/03/31 01:11:07 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2014/03/31 01:11:07 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2014/03/31 01:11:07 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2014/03/31 01:11:07 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2014/03/31 01:11:07 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2014/03/31 01:11:07 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2014/03/31 01:11:06 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2014/03/31 01:11:06 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2014/03/31 01:11:06 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2014/03/31 01:11:06 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2014/03/31 01:11:06 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2014/03/31 01:11:05 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2014/03/31 01:11:05 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2014/03/31 01:11:05 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2014/03/31 01:11:05 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2014/03/31 01:11:05 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2014/03/31 01:11:05 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2014/03/31 01:11:05 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2014/03/31 01:11:05 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2014/03/31 01:07:43 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2014/03/31 00:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2014/03/31 00:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2014/03/31 00:11:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mathematica 5.2
[2014/03/30 23:22:14 | 000,378,152 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\ml32i3.dll
[2014/03/30 23:22:14 | 000,185,640 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\mlmodule32.dll
[2014/03/30 23:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinISO
[2014/03/30 23:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinISO
[2014/03/30 22:32:15 | 000,692,400 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/03/30 22:32:15 | 000,070,832 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/03/30 21:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\My Documents\Downloads
[2014/03/30 21:09:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Scientific WorkPlace 5.0
[2014/03/30 16:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Macromedia
[2014/03/30 14:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/03/30 14:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014/03/30 14:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\baiduAddr
[2014/03/30 14:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Local Settings\Application Data\Pyjj
[2014/03/30 14:10:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Device
[2014/03/30 14:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\快播软件
[2014/03/30 14:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\QvodPlayer
[2014/03/30 14:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\QvodPlayer
[2014/03/30 14:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vim 7.2
[2014/03/30 14:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Vim
[2014/03/30 13:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Actual Tools
[2014/03/30 13:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\ActualWindowMinimizer
[2014/03/30 13:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDF-XChange PDF Viewer
[2014/03/30 13:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2014/03/30 13:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\My Documents\ProcAlyzer Dumps
[2014/03/30 13:28:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2014/03/30 13:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/03/30 13:26:59 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2014/03/30 13:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/03/30 13:18:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/20 10:38:42 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/19 22:38:02 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/19 15:32:22 | 000,012,762 | ---- | M] () -- C:\Documents and Settings\MS\_viminfo
[2014/04/19 15:22:02 | 000,405,346 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/19 15:22:02 | 000,054,690 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/04/19 15:17:54 | 000,025,181 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2014/04/19 15:17:48 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2014/04/19 15:17:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/19 15:17:44 | 2103,750,656 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/19 14:39:44 | 000,000,360 | RHS- | M] () -- C:\boot.ini
[2014/04/19 01:55:56 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\MS\Local Settings\Application Data\PUTTY.RND
[2014/04/19 00:13:24 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/04/18 18:54:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/18 16:37:48 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\MS\PUTTY.RND
[2014/04/17 01:12:40 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zotero Standalone.lnk
[2014/04/16 22:55:48 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/04/16 22:55:48 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/04/16 22:52:22 | 000,331,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/04/13 16:39:24 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\MS\Application Data\coreavc.ini
[2014/04/12 17:39:50 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/11 09:42:50 | 000,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/04/09 01:07:00 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\MS\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/09 00:30:22 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/04/08 14:02:22 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\MS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/05 11:22:56 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/04/05 11:12:34 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin USB Wireless Adaptor Utility.lnk
[2014/04/03 22:57:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job.bak
[2014/04/03 15:22:46 | 000,000,375 | ---- | M] () -- C:\Documents and Settings\MS\Desktop\putty.exe.lnk
[2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/01 02:59:08 | 000,000,237 | ---- | M] () -- C:\Boot.bak
[2014/04/01 02:37:06 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2014/04/01 00:32:30 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/03/31 22:04:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/03/31 10:25:40 | 000,001,590 | ---- | M] () -- C:\Documents and Settings\MS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/03/31 03:42:08 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\MS\Desktop\Mathematica.lnk
[2014/03/31 03:34:00 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2014/03/31 01:28:02 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\pub_store.dat
[2014/03/31 01:21:04 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2014/03/31 01:10:12 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2014/03/31 00:00:12 | 000,000,135 | ---- | M] () -- C:\WINDOWS\System32\cid_store.dat
[2014/03/30 23:59:40 | 000,000,026 | ---- | M] () -- C:\WINDOWS\System32\xlhcc.dat
[2014/03/30 21:09:42 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Scientific WorkPlace 5.0.lnk
[2014/03/30 14:23:16 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\MS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/03/30 14:23:16 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/03/30 13:27:04 | 000,001,746 | ---- | M] () -- C:\Documents and Settings\MS\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot-S&D Start Center.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/19 00:13:23 | 000,002,415 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/04/18 16:27:28 | 000,002,275 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\wxMacMolPlt.lnk
[2014/04/17 01:12:38 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Zotero Standalone.lnk
[2014/04/17 01:12:38 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Zotero Standalone.lnk
[2014/04/05 22:28:57 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\MS\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/05 22:28:56 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/04/05 22:28:13 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/05 22:28:13 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/05 11:12:32 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin USB Wireless Adaptor Utility.lnk
[2014/04/03 15:22:44 | 000,000,375 | ---- | C] () -- C:\Documents and Settings\MS\Desktop\putty.exe.lnk
[2014/04/01 11:35:02 | 000,000,237 | ---- | C] () -- C:\Boot.bak
[2014/04/01 11:35:01 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/04/01 11:33:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/04/01 11:33:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/04/01 11:33:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/04/01 11:33:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/04/01 11:33:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/04/01 10:56:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\MS\Local Settings\Application Data\PUTTY.RND
[2014/03/31 22:06:05 | 001,498,134 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3157420313-386968922-1484442023-1003-0.dat
[2014/03/31 22:05:59 | 000,266,066 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/03/31 17:03:14 | 000,018,747 | ---- | C] () -- C:\WINDOWS\System32\hpceac06.hpi
[2014/03/31 10:29:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/03/31 10:29:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2014/03/31 10:25:39 | 000,001,590 | ---- | C] () -- C:\Documents and Settings\MS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/03/31 10:25:39 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk
[2014/03/31 03:15:58 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2014/03/31 01:49:32 | 000,331,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/31 01:28:03 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\cid_store.dat
[2014/03/31 01:28:03 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\xlhcc.dat
[2014/03/31 01:28:01 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\pub_store.dat
[2014/03/31 01:14:58 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2014/03/31 01:14:58 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2014/03/31 01:14:58 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2014/03/31 01:14:58 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2014/03/31 01:14:58 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2014/03/31 01:14:58 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2014/03/31 01:14:58 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2014/03/31 01:14:58 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2014/03/31 01:14:57 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2014/03/31 01:14:57 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2014/03/31 01:14:57 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2014/03/31 01:14:57 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2014/03/31 01:14:57 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2014/03/31 01:14:57 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2014/03/31 01:14:57 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2014/03/31 01:14:57 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2014/03/31 01:14:57 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2014/03/31 01:14:57 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2014/03/31 01:14:57 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2014/03/31 01:14:57 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2014/03/31 01:14:57 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2014/03/31 01:14:57 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2014/03/31 01:14:57 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2014/03/31 01:14:57 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2014/03/31 01:14:57 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2014/03/31 01:14:57 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2014/03/31 01:14:57 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2014/03/31 01:14:57 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2014/03/31 01:14:57 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2014/03/31 01:14:57 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2014/03/31 01:14:57 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2014/03/31 01:14:57 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2014/03/31 01:14:57 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2014/03/31 01:14:57 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2014/03/31 01:14:57 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2014/03/31 01:14:57 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2014/03/31 01:14:57 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2014/03/31 01:14:57 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2014/03/31 01:14:57 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2014/03/31 01:14:57 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2014/03/31 01:14:57 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2014/03/31 01:14:57 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2014/03/31 01:14:57 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2014/03/31 01:14:56 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2014/03/31 01:14:56 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2014/03/31 01:14:56 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2014/03/31 01:14:56 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2014/03/31 01:14:56 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2014/03/31 01:14:56 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2014/03/31 01:14:56 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2014/03/31 01:14:56 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2014/03/31 01:14:56 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2014/03/31 01:14:56 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2014/03/31 01:14:56 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2014/03/31 01:14:56 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2014/03/31 01:14:56 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2014/03/31 01:14:56 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2014/03/31 01:14:56 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2014/03/31 01:14:56 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2014/03/31 01:14:56 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2014/03/31 01:14:56 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2014/03/31 01:14:56 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2014/03/31 01:14:56 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2014/03/31 01:14:56 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2014/03/31 01:14:56 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2014/03/31 01:14:56 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2014/03/31 01:14:56 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2014/03/31 01:14:55 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2014/03/31 01:14:55 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2014/03/31 01:14:55 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2014/03/31 01:14:55 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2014/03/31 01:14:55 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2014/03/31 01:14:55 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2014/03/31 01:14:55 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2014/03/31 01:14:55 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2014/03/31 01:14:55 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2014/03/31 01:14:55 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2014/03/31 01:14:55 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2014/03/31 01:14:55 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2014/03/31 01:14:55 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2014/03/31 01:11:07 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2014/03/31 01:11:06 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2014/03/31 01:11:06 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2014/03/31 00:49:16 | 2103,750,656 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/30 21:09:38 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Scientific WorkPlace 5.0.lnk
[2014/03/30 16:25:45 | 000,012,762 | ---- | C] () -- C:\Documents and Settings\MS\_viminfo
[2014/03/30 14:23:14 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/03/30 14:10:32 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\MS\Application Data\coreavc.ini
[2014/03/30 13:27:16 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/03/30 13:27:15 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/03/30 13:27:15 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/03/30 13:27:03 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\MS\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot-S&D Start Center.lnk
[2008/08/27 03:18:19 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\MS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/27 02:42:15 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\MS\PUTTY.RND
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008/08/27 01:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/08/27 03:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2008/08/27 01:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Lenovo
[2014/03/31 01:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Wise Disk Cleaner
[2014/03/30 13:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Actual Tools
[2014/03/30 14:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\baiduAddr
[2014/03/31 10:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Thunderbird
[2014/04/09 16:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Design Science
[2014/04/17 01:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Zotero
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2008/04/14 05:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 05:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 07:58:52 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 05:41:52 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 11:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 05:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 05:41:54 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 17:17:42 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 05:42:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 05:42:24 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 05:41:54 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 05:42:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 05:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 05:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 10:02:48 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 05:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 07:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 05:42:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 05:42:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 06:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 05:42:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 05:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/14 05:42:08 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 17:17:42 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 05:42:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 05:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 05:42:08 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 17:17:42 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 05:42:40 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 05:41:52 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 05:41:56 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 05:42:10 | 000,333,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 05:42:30 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 05:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 06:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 05:41:54 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 05:42:12 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 00:14:50 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2013/09/20 10:51:08 | 003,885,120 | ---- | M] (Safer-Networking Ltd.) MD5=CDEB46FE688F062D3033209B29755203 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
 
< MD5 for: SERVICES  >
[2004/08/04 12:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 05:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 06:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 05:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 05:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
 
< MD5 for: SERVICES.LNK  >
[2006/11/21 22:23:06 | 000,001,506 | ---- | M] () MD5=820AAE879D7C1D24CA9F7D34EBD0D9D2 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
[2008/08/27 03:01:26 | 000,000,505 | R--- | M] () MD5=D8F3C478C5ACF68EB0C28AFAD626B990 -- C:\cygwin\etc\services.lnk
 
< MD5 for: SERVICES.MSC  >
[2004/08/04 12:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
 
< MD5 for: SERVICES.SBS  >
[2011/03/01 00:00:00 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Includes\Services.sbs
[2011/03/01 01:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Updates\Extracts\Services.sbs
 
< MD5 for: SERVICES.SBS-20110301.CAB  >
[2014/03/30 13:31:14 | 000,041,248 | ---- | M] () MD5=149FF3413EED31253183D6E65E383138 -- C:\Program Files\Spybot - Search & Destroy 2\Updates\Downloads\Services.sbs-20110301.cab
 
< MD5 for: SERVICES.VIM  >
[2008/08/09 10:32:08 | 000,000,459 | ---- | M] () MD5=193ED9B27B25456FBE50E6111B8E6770 -- C:\Program Files\Vim\vim72\ftplugin\services.vim
[2008/08/09 10:32:48 | 000,001,865 | ---- | M] () MD5=A17575F0BA54E8FB1148DDFC2361D776 -- C:\Program Files\Vim\vim72\syntax\services.vim
 
< MD5 for: SVCHOST.EXE  >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WINSOCK.DLL  >
[2004/08/04 12:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2004/08/04 12:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< End of report >
 

 

Extras.TXT

OTL Extras logfile created on: 4/20/2014 10:41:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\software\security
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.96 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 65.38% Memory free
3.81 Gb Paging File | 3.31 Gb Available in Paging File | 87.06% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.04 Gb Total Space | 3.10 Gb Free Space | 16.30% Space Free | Partition Type: FAT32
Drive D: | 46.56 Gb Total Space | 9.59 Gb Free Space | 20.59% Space Free | Partition Type: FAT32
 
Computer Name: X6X8-15CE047435 | User Name: MS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-3157420313-386968922-1484442023-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\cygwin\usr\X11R6\bin\XWin.exe" = C:\cygwin\usr\X11R6\bin\XWin.exe:*:Enabled:XWin -- ()
"C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe" = C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:*:Enabled:Thunder -- (Thunder Networking Technologies,LTD)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Documents and Settings\MS\Local Settings\Temp\nsh7.tmp\QvodDownLite.exe" = C:\Documents and Settings\MS\Local Settings\Temp\nsh7.tmp\QvodDownLite.exe:*:Enabled:LibTerminal4.0
"C:\Program Files\QvodPlayer\QvodTerminal.exe" = C:\Program Files\QvodPlayer\QvodTerminal.exe:*:Enabled:QvodPlayer -- (Shenzhen QVOD Technology Co.,Ltd)
"C:\Program Files\QvodPlayer\QvodPlayer.exe" = C:\Program Files\QvodPlayer\QvodPlayer.exe:*:Enabled:快播 -- (Shenzhen QVOD Technology Co.,Ltd)
"C:\Program Files\Wolfram Research\Mathematica\5.2\Mathematica.exe" = C:\Program Files\Wolfram Research\Mathematica\5.2\Mathematica.exe:*:Enabled:Mathematica 5.2 -- (Wolfram Research, Inc.)
"C:\Program Files\Wolfram Research\Mathematica\5.2\MathKernel.exe" = C:\Program Files\Wolfram Research\Mathematica\5.2\MathKernel.exe:*:Enabled:Mathematica 5.2 Kernel -- (Wolfram Research, Inc.)
"C:\Program Files\Wolfram Research\Mathematica\5.2\math.exe" = C:\Program Files\Wolfram Research\Mathematica\5.2\math.exe:*:Enabled:math.exe -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0C5ACB7F-72BF-4524-9884-C1C1DFF18E3F}" = OriginPro70
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{5B77D34E-E264-4507-ABCE-6B02D1F8515E}" = Mathematica 5.2
"{5CCCC35B-FDD2-4396-80B3-403D0D573DB4}" = wxMacMolPlt
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6E016C56-820F-4B2D-A36F-34CCADF90C16}" = Belkin USB Wireless Adaptor
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{881EA2C2-265F-4BAC-92FD-9314BB94820F}" = Intel® PRO Network Connections 12.0.41.0
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DA6B13CF-A177-42DF-B416-A1EFDD8E7693}" = Scientific WorkPlace 5.0
"{E24A7D40-D12E-4A11-8DEC-7BB21BE4614D}" = Wolfram Notebook Indexer 1.1
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FB9607C0-17B8-42B8-BB99-A1C9F7038363}" = Wolfram Notebook Indexer 2.0
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"AwayTask" = 维护管理器
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"DSMT6" = MathType 6
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{5B77D34E-E264-4507-ABCE-6B02D1F8515E}" = Mathematica 5.2
"InstallShield_{6E016C56-820F-4B2D-A36F-34CCADF90C16}" = Belkin USB Wireless Adaptor
"jjime" = 卸载加加输入法5.2
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Media Player - Codec Pack" = Media Player Codec Pack 2.2.0
"MESOL" = Intel® Active Management Technology Device Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"Mozilla Thunderbird 24.4.0 (x86 en-US)" = Mozilla Thunderbird 24.4.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel® PROSet/Wireless Software
"QvodPlayer" = 快播 5.12.139
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"thunder_is1" = 迅雷5
"TrackPoint" = ThinkPad TrackPoint Driver
"Vim 7.2" = Vim 7.2 (self-installing)
"VisualFortran50" = Visual Fortran 5.0
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinISO_is1" = WinISO 5.3
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.0.7
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 8.04
"Zotero Standalone 4.0.19 (x86 en-US)" = Zotero Standalone 4.0.19 (x86 en-US)
"一键GHOST_v8.3_Build_060428" = 一键GHOST v8.3 Build 060428
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/18/2014 7:54:01 PM | Computer Name = X6X8-15CE047435 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
 
Error - 4/18/2014 7:56:20 PM | Computer Name = X6X8-15CE047435 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
 
Error - 4/19/2014 1:05:44 AM | Computer Name = X6X8-15CE047435 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 6.14.64.104, faulting module
 ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
 
Error - 4/19/2014 1:05:50 AM | Computer Name = X6X8-15CE047435 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 6.14.64.104, faulting module
 ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
 
Error - 4/19/2014 3:47:09 PM | Computer Name = X6X8-15CE047435 | Source = Application Error | ID = 1000
Description = Faulting application frst.exe, version 3.3.10.2, faulting module frst.exe,
 version 3.3.10.2, fault address 0x00020060.
 
Error - 4/19/2014 3:47:34 PM | Computer Name = X6X8-15CE047435 | Source = Application Error | ID = 1000
Description = Faulting application frst.exe, version 3.3.10.2, faulting module frst.exe,
 version 3.3.10.2, fault address 0x0001fcbe.
 
Error - 4/19/2014 3:47:39 PM | Computer Name = X6X8-15CE047435 | Source = Application Error | ID = 1001
Description = Fault bucket 43996360.
 
Error - 4/19/2014 3:48:34 PM | Computer Name = X6X8-15CE047435 | Source = Application Error | ID = 1000
Description = Faulting application frst.exe, version 3.3.10.2, faulting module frst.exe,
 version 3.3.10.2, fault address 0x0001fcbe.
 
Error - 4/19/2014 4:02:05 PM | Computer Name = X6X8-15CE047435 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
 
Error - 4/19/2014 4:17:48 PM | Computer Name = X6X8-15CE047435 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
 
[ System Events ]
Error - 3/31/2014 4:43:10 AM | Computer Name = X6X8-15CE047435 | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
 to the following error:   %%1053
 
Error - 3/31/2014 4:43:12 AM | Computer Name = X6X8-15CE047435 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.  
 
Error - 3/31/2014 4:43:12 AM | Computer Name = X6X8-15CE047435 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT.  Reference error
 message: The referenced assembly is not installed on your system.  .
 
Error - 3/31/2014 4:43:12 AM | Computer Name = X6X8-15CE047435 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Spybot - Search
 & Destroy 2\ssleay32.dll.  Reference error message: The operation completed successfully.
.
 
Error - 3/31/2014 4:43:12 AM | Computer Name = X6X8-15CE047435 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.  
 
Error - 3/31/2014 4:43:12 AM | Computer Name = X6X8-15CE047435 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT.  Reference error
 message: The referenced assembly is not installed on your system.  .
 
Error - 3/31/2014 4:43:12 AM | Computer Name = X6X8-15CE047435 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Spybot - Search
 & Destroy 2\libeay32.dll.  Reference error message: The operation completed successfully.
.
 
Error - 3/31/2014 4:43:12 AM | Computer Name = X6X8-15CE047435 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.  
 
Error - 3/31/2014 4:43:12 AM | Computer Name = X6X8-15CE047435 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT.  Reference error
 message: The referenced assembly is not installed on your system.  .
 
Error - 3/31/2014 4:43:12 AM | Computer Name = X6X8-15CE047435 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Spybot - Search
 & Destroy 2\libssl32.dll.  Reference error message: The operation completed successfully.
.
 
 
< End of report >
 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:56 PM

Posted 20 April 2014 - 12:39 PM


Run OTL - Double-click OTL.exe otlDesktopIcon.png to start it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MS\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (aon02uz9)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
CHR - plugin: Error reading preferences file
O4 - HKLM..\Run: []  File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Let me know if the problem persists.

#15 bsmile

bsmile
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 20 April 2014 - 05:31 PM

I followed your advice to do the fix with OTL, then it turns out to be a disaster! OTL did have removed several services. Then after the restart, the network connection folder was gone and all the network connections failed. I checked that the drivers for both my wired and wireless network are alright, but the network connection folder was missing. The relevant error messages are

 

When start-> control panel -> network connection -> (error message)

 

"The network connections folder was unable to retrieve the list of network adapters on your machine

please make sure that the network connectins service is enabled and running."

 

I looked online for this error message and found a fix in the following link

 

http://answers.microsoft.com/en-us/windows/forum/windows_xp-networking/how-do-i-fix-network-connections-foldernetwork/58601954-61f7-40c5-a226-e571b6ccd61d

 

and followed the steps to start the "network connections" service (which was not started), then it complains the following error message:

 

"Could not start the network connections service on local computer

Error 1053: The service did not respond to the start or control request in a timely fashion."

 

I looked online again and found the following link

http://support.microsoft.com/kb/839174

 

where I was directed to play with service pack for the Microsoft .NET Framework 1.1. As I really don't know whether I have messed up with this thing, I come back for your suggestion again.

 

I don't know what OTL has done and deleted. I would say the former status of my computer is actually quite normal except for the failure to restart by combofix. I doubt there exists very bad malware or virus on the machine. You might take it into consideration when you try another round of advices on fixing.

 

Thanks again for your help






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users