I find the WMPSCFGS.EXE virus/Trojan.agent in win XP home edition..
I follow the link
But after reboot, the virus/Trojan,agent WMPSCFGS.EXE is still found ..
How can I remove it ....
Please advice
Edited by Rorschach112, 23 February 2010 - 06:02 AM.
how to remove WMPSCFGS.EXE virus/Trojan agent [Closed]
Started by
chuikingman
, Feb 23 2010 05:48 AM
-
This topic is locked
#1
Posted 23 February 2010 - 05:48 AM
chuikingman
-
- Member
-
- 3 posts
New Member
I find the WMPSCFGS.EXE virus/Trojan.agent in win XP home edition..
I follow the link
But after reboot, the virus/Trojan,agent WMPSCFGS.EXE is still found ..
How can I remove it ....
Please advice
#2
Posted 23 February 2010 - 06:02 AM
Rorschach112
-
- Retired Staff
-
- 47,710 posts
Ralphie
#3
Posted 23 February 2010 - 07:52 AM
chuikingman
- Topic Starter
-
- Member
-
- 3 posts
New Member
Extras.Txt 43.27KB
211 downloadsI post the log in here .
The virus/trogan is still present after reboot the computer .
Please advice .
Attached Files
-
mbam_log_2010_02_23__20_52_09_.txt 1.72KB
266 downloads
-
OTL.Txt 119.3KB
223 downloads
-
Extras.Txt 43.27KB
423 downloads
-
gmer.log.txt 1.66KB
209 downloads
Edited by chuikingman, 23 February 2010 - 07:53 AM.
#4
Posted 23 February 2010 - 08:06 AM
Rorschach112
-
- Retired Staff
-
- 47,710 posts
Ralphie
can you post them not attach them please
#5
Posted 23 February 2010 - 07:47 PM
chuikingman
- Topic Starter
-
- Member
-
- 3 posts
New Member
can you post them not attach them please
GMER 1.0.15.15281 - http://www.gmer.net Rootkit quick scan 2010-02-23 21:02:06 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\CHUIKI~4.CHU\LOCALS~1\Temp\kwayrpoc.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft) AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset ) AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.) AttachedDevice \FileSystem\Fastfat \Fat symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft) AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset ) AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.) ---- EOF - GMER 1.0.15 ----
OTL Extras logfile created on: 2/23/2010 9:04:53 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = F:\download_from_web\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
31.00 Gb Paging File | 30.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 47.39 Gb Total Space | 4.40 Gb Free Space | 9.28% Space Free | Partition Type: NTFS
Drive D: | 18.55 Gb Total Space | 5.34 Gb Free Space | 28.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 19.92 Gb Free Space | 4.28% Space Free | Partition Type: NTFS
Drive G: | 10.74 Gb Total Space | 7.36 Gb Free Space | 68.57% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CHUI-0BECB5BAFA
Current User Name: Chui King Man
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- ()
"C:\Program Files\Tencent\QQ\Bin\QQ.exe" = C:\Program Files\Tencent\QQ\Bin\QQ.exe:*:Enabled:QQ2009 -- (Tencent)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:¢FFFFFGgTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"D:\Program Files\Java\jre6\bin\java.exe" = D:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\english\setup.exe" = C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\english\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup -- (Kaspersky Lab)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- ()
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"C:\WINDOWS\system32\mhd.exe" = C:\WINDOWS\system32\mhd.exe:*:Enabled:ENABLE -- File not found
"C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\rkgako.exe" = C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\rkgako.exe:*:Enabled:ENABLE -- ()
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = 騰訊QQ2009
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live 上載工具
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0150180}" = J2SE Runtime Environment 5.0 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{4E4F8EE0-43EC-4AB9-9A04-702F2AE7E229}" = Windows Live 登入小幫手
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}" = McAfee VirusScan Enterprise
"{5E6EC4DD-7B1F-4E10-82B9-EA1B90791033}" = Nero 8
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.0.5
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110404-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9465CD4C-1CE3-47EB-896C-C17C02BEA48C}" = Windows Live Call
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0404-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9816C292-7420-4E69-8FFB-B1F48A4A2773}" = Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA1
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA668889-AA01-AA01-AADC-65462C3DE344}" = FreeFixer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-1028-0000-7760-000000000004}" = Adobe Acrobat Pro 9 - ChineseT
"{AC76BA86-1028-0000-7760-000000000004}{AC76BA86-1028-0000-7760-000000000004}" = Adobe Acrobat Pro 9 - ChineseT
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AE156750-B9B5-4063-84F7-22FF638AF350}" = Windows Live Messenger
"{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE0C7DCD-49ED-4B4D-A81D-C97A523E6964}" = TaiXing HandWriting System V3.0
"{D048A3AD-31D3-44A5-9D12-C4ADD3253B00}" = ActivePerl 5.6.1 Build 638
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{DE7ED7D4-B603-4678-8CFD-09BD55C2A736}" = Windows Live 程式集
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities 9.35 Professinal Edition
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BackUp Maker_is1" = BackUp Maker v6.0
"BeyondCompare3_is1" = Beyond Compare Version 3.0.15
"CCleaner" = CCleaner (remove only)
"Dr.eye8.1_is1" = Dr.eye8.1
"ExamDiff_is1" = ExamDiff 1.8 (Build 1.8.0.4)
"Greatis Reanimator_is1" = RegRun Reanimator
"HijackThis" = HijackThis 2.0.2
"Huawei Modems" = Huawei modem
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"IMSpellchecker XP_is1" = IMSpellchecker XP v2.3
"IrfanView" = IrfanView (remove only)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"NOD32" = NOD32防病毒系统
"Novatel_V20107Installer" = Novatel driver package GenericDriverv2.01.07.
"PDFCreator Toolbar" = PDFCreator Toolbar
"Sierra Wireless AirCards" = Sierra Wireless AirCards
"SMSERIAL" = TP-LINK TM-IP5600 56K Modem
"SpeedConnect Internet Accelerator v.7.5_is1" = SpeedConnect Internet Accelerator v.7.5
"Spell Magic" = Spell Magic
"Startup Delayer" = Startup Delayer 2.0.4
"Switch" = Switch Sound File Converter
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VMware_Workstation" = VMware Workstation
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live 程式集
"WinMend File Copy_is1" = WinMend File Copy 1.3.1
"WinRAR archiver" = WinRAR archiver
"WinUtilities" = WinUtilities 8.00
"金山快译2009_is1" = 金山快译2009
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-1202660629-1770027372-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2/22/2010 9:10:23 AM | Computer Name = CHUI-0BECB5BAFA | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file D:\System Volume Information\_restore{C96D9F58-692E-4F88-AC3A-8C9A2BFBF5C2}\RP6\A0006218.EXE
is infected with the Generic Malware.bc Trojan. Undetermined clean error, quarantine
failed. Detected using Scan engine version 5300 DAT version 5627.(from CHUI-0BECB5BAFA
IP 192.168.2.100 user CHUI-0BECB5BAFA running VirusScan Enter 8.0 OAS)
Error - 2/22/2010 9:10:27 AM | Computer Name = CHUI-0BECB5BAFA | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\QUARANTINE\A0006218.EXE.Vir.7 is
infected with the Generic Malware.bc Trojan. Undetermined clean error, quarantined
successfully. Detected using Scan engine version 5300 DAT version 5627.(from CHUI-0BECB5BAFA
IP 192.168.2.100 user CHUI-0BECB5BAFA running VirusScan Enter 8.0 OAS)
Error - 2/22/2010 9:10:28 AM | Computer Name = CHUI-0BECB5BAFA | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\QUARANTINE\A0006218.EXE.Vir.4 is
infected with the Generic Malware.bc Trojan. Undetermined clean error, quarantined
successfully. Detected using Scan engine version 5300 DAT version 5627.(from CHUI-0BECB5BAFA
IP 192.168.2.100 user CHUI-0BECB5BAFA running VirusScan Enter 8.0 OAS)
Error - 2/22/2010 9:10:28 AM | Computer Name = CHUI-0BECB5BAFA | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\QUARANTINE\A0006218.EXE.Vir.6 is
infected with the Generic Malware.bc Trojan. Undetermined clean error, quarantined
successfully. Detected using Scan engine version 5300 DAT version 5627.(from CHUI-0BECB5BAFA
IP 192.168.2.100 user CHUI-0BECB5BAFA running VirusScan Enter 8.0 OAS)
Error - 2/22/2010 9:10:32 AM | Computer Name = CHUI-0BECB5BAFA | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\QUARANTINE\A0006218.EXE.Vir.1 is
infected with the Generic Malware.bc Trojan. Undetermined clean error, quarantined
successfully. Detected using Scan engine version 5300 DAT version 5627.(from CHUI-0BECB5BAFA
IP 192.168.2.100 user CHUI-0BECB5BAFA running VirusScan Enter 8.0 OAS)
Error - 2/22/2010 9:10:33 AM | Computer Name = CHUI-0BECB5BAFA | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\QUARANTINE\A0006218.EXE.Vir.3 is
infected with the Generic Malware.bc Trojan. Undetermined clean error, quarantined
successfully. Detected using Scan engine version 5300 DAT version 5627.(from CHUI-0BECB5BAFA
IP 192.168.2.100 user CHUI-0BECB5BAFA running VirusScan Enter 8.0 OAS)
Error - 2/22/2010 9:10:38 AM | Computer Name = CHUI-0BECB5BAFA | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\QUARANTINE\A0006218.EXE.Vir.8 is
infected with the Generic Malware.bc Trojan. Undetermined clean error, quarantined
successfully. Detected using Scan engine version 5300 DAT version 5627.(from CHUI-0BECB5BAFA
IP 192.168.2.100 user CHUI-0BECB5BAFA running VirusScan Enter 8.0 OAS)
Error - 2/23/2010 3:13:17 AM | Computer Name = CHUI-0BECB5BAFA | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;
Error - 2/23/2010 5:07:15 AM | Computer Name = CHUI-0BECB5BAFA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2/23/2010 7:41:07 AM | Computer Name = CHUI-0BECB5BAFA | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;
[ System Events ]
Error - 1/6/2010 5:41:44 AM | Computer Name = CHUI-0BECB5BAFA | Source = Service Control Manager | ID = 7034
Description = The Network Associates McShield service terminated unexpectedly.
It has done this 1 time(s).
Error - 1/6/2010 5:45:09 AM | Computer Name = CHUI-0BECB5BAFA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 1/6/2010 5:45:52 AM | Computer Name = CHUI-0BECB5BAFA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 1/6/2010 5:47:55 AM | Computer Name = CHUI-0BECB5BAFA | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{CF8AEBF7-083E-4F1F-8B25-1E4840372CFA}
because another computer on the network has the same name. The server could not
start.
Error - 1/6/2010 5:48:32 AM | Computer Name = CHUI-0BECB5BAFA | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126
Error - 1/6/2010 6:46:55 AM | Computer Name = CHUI-0BECB5BAFA | Source = Service Control Manager | ID = 7034
Description = The Network Associates McShield service terminated unexpectedly.
It has done this 1 time(s).
Error - 1/6/2010 7:20:20 AM | Computer Name = CHUI-0BECB5BAFA | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126
Error - 1/6/2010 7:51:13 AM | Computer Name = CHUI-0BECB5BAFA | Source = Service Control Manager | ID = 7034
Description = The Network Associates McShield service terminated unexpectedly.
It has done this 1 time(s).
Error - 1/6/2010 7:55:44 AM | Computer Name = CHUI-0BECB5BAFA | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126
Error - 1/6/2010 8:08:41 AM | Computer Name = CHUI-0BECB5BAFA | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126
< End of report >Malwarebytes' Anti-Malware 1.44 Database version: 3779 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/23/2010 8:52:09 PM mbam-log-2010-02-23 (20-52-09).txt Scan type: Quick Scan Objects scanned: 302967 Time elapsed: 10 minute(s), 46 second(s) Memory Processes Infected: 2 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: C:\program files\imspellcheckerxp\imspellchecker.exe (Trojan.Downloader) -> Unloaded process successfully. C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Local Settings\temp\ctv433.exe (Malware.Packer.Gen) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe_reader (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\program files\imspellcheckerxp\imspellchecker.exe (Trojan.Downloader) -> Delete on reboot. C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Local Settings\temp\ctv433.exe (Malware.Packer.Gen) -> Delete on reboot. C:\Program Files\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\Internet Explorer\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Local Settings\temp\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
OTL logfile created on: 2/23/2010 9:04:53 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = F:\download_from_web\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
31.00 Gb Paging File | 30.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 47.39 Gb Total Space | 4.40 Gb Free Space | 9.28% Space Free | Partition Type: NTFS
Drive D: | 18.55 Gb Total Space | 5.34 Gb Free Space | 28.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 19.92 Gb Free Space | 4.28% Space Free | Partition Type: NTFS
Drive G: | 10.74 Gb Total Space | 7.36 Gb Free Space | 68.57% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CHUI-0BECB5BAFA
Current User Name: Chui King Man
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/02/23 21:04:17 | 000,549,376 | ---- | M] (OldTimer Tools) -- F:\download_from_web\OTL\OTL.exe
PRC - [2010/02/23 20:38:08 | 000,040,960 | ---- | M] () -- C:\Program Files\r2 Studios\Startup Delayer\startup launcher gui.exe
PRC - [2010/02/16 10:30:34 | 000,565,760 | ---- | M] (CBS Software) -- C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe
PRC - [2010/02/15 15:14:36 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/11/22 16:45:34 | 000,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2009/11/22 16:45:34 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/07/26 16:44:40 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr .exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/01/05 23:20:16 | 001,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2008/11/03 02:46:06 | 000,485,120 | ---- | M] (InteractiveGT) -- c:\Program Files\IMSpellcheckerXP\imspellchecker .exe
PRC - [2008/04/14 20:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/02/10 17:32:00 | 002,122,240 | ---- | M] (Alcoda Software) -- C:\Program Files\Alcoda\Spell Magic\SpellMagic.exe
PRC - [2006/04/09 21:24:10 | 002,695,263 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
PRC - [2006/04/09 21:23:58 | 000,036,964 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
PRC - [2006/04/09 21:23:54 | 000,110,691 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
PRC - [2004/09/22 20:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe
PRC - [2004/09/22 20:00:00 | 000,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
PRC - [2004/08/06 03:50:00 | 000,237,623 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2004/08/06 03:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2004/08/04 04:56:32 | 001,445,912 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
========== Modules (SafeList) ==========
MOD - [2010/02/23 21:04:17 | 000,549,376 | ---- | M] (OldTimer Tools) -- F:\download_from_web\OTL\OTL.exe
MOD - [2009/06/20 17:08:16 | 000,344,064 | ---- | M] (InteractiveGT) -- c:\Program Files\IMSpellcheckerXP\implantate.dll
MOD - [2008/04/14 20:00:00 | 002,843,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msi.dll
MOD - [2001/02/07 02:17:02 | 000,364,607 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
========== Win32 Services (SafeList) ==========
SRV - [2010/01/06 19:46:07 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/22 16:45:34 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/04/14 05:42:36 | 000,073,796 | ---- | M] (Smart Link) [Auto | Stopped] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2008/01/19 20:01:08 | 004,388,192 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2007/12/20 17:13:46 | 001,553,896 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2007/09/20 15:35:38 | 000,382,248 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/09/20 09:51:46 | 000,853,288 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/04/09 21:23:58 | 000,036,964 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_Watchdog)
SRV - [2006/04/09 21:23:54 | 000,110,691 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)
SRV - [2004/09/22 20:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield)
SRV - [2004/09/22 20:00:00 | 000,028,672 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager)
SRV - [2004/08/06 03:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2004/08/04 04:56:32 | 001,445,912 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-1770027372-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hk.yahoo.com/
IE - HKU\S-1-5-21-1202660629-1770027372-1177238915-1003\S-1-5-21-1202660629-1770027372-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2010/02/23 20:53:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (½ðɽ¿ìÒë(&K)) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\Program Files\Kingsoft\FASTAIT 2009\addins\IEBand.dll (Copyright © Kingsoft Corporation Limited. All rights reserved.)
O3 - HKLM\..\Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1770027372-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1770027372-1177238915-1003\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-1202660629-1770027372-1177238915-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_Reader] c:\Program Files\Internet Explorer\wmpscfgs.exe ()
O4 - HKLM..\Run: [IMSpellchecker XP] c:\Program Files\IMSpellcheckerXP\imspellchecker .exe ()
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe ()
O4 - HKU\S-1-5-21-1202660629-1770027372-1177238915-1003..\Run: [msnmsgr] c:\program files\windows live\messenger\msnmsgr .exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1202660629-1770027372-1177238915-1003..\Run: [SpeedConnectStartUp] C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe (CBS Software)
O4 - HKU\S-1-5-21-1202660629-1770027372-1177238915-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Start Menu\Programs\Startup\SpeedConnect Internet Accelerator.lnk = C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe (CBS Software)
O4 - Startup: C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Start Menu\Programs\Startup\Spell Magic.lnk = C:\Program Files\Alcoda\Spell Magic\SpellMagic.exe (Alcoda Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-1770027372-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-1770027372-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-1770027372-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-21-1202660629-1770027372-1177238915-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: 轉換為 Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 附加至現有 PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 附加連結目標至現有 PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} http://txn02.hkjc.co...ect/eWinCtl.cab (DataStore Class)
O16 - DPF: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ckpNotify: DllName - ckpNotify.dll - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O24 - Desktop WallPaper: C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/24 21:11:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/05/30 10:10:39 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (57142813296427008)
========== Files/Folders - Created Within 14 Days ==========
[2010/02/23 20:19:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/23 20:19:16 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/23 17:43:13 | 000,034,760 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/02/23 17:41:26 | 000,035,040 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/02/23 17:41:23 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/02/23 17:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\RegRun2
[2010/02/23 17:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Local Settings\Application Data\FreeFixer
[2010/02/23 17:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\FreeFixer
[2010/02/23 15:01:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/23 14:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/02/23 09:07:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/23 08:52:16 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/02/21 19:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\kingsoft
[2010/02/21 19:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\kingsoft
[2010/02/21 19:55:34 | 000,200,704 | ---- | C] (Copyright © Kingsoft Corporation Limited. All rights reserved.) -- C:\WINDOWS\System32\kime.ime
[2010/02/21 17:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\ASCOMP Software
[2010/02/21 17:36:35 | 001,242,552 | ---- | C] (NuMedia Soft, Inc.) -- C:\WINDOWS\System32\NMSDVDXU.dll
[2010/02/21 17:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\Symantec
[2010/02/21 17:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Local Settings\Application Data\Symantec_Corporation
[2010/02/21 16:47:39 | 000,015,088 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\vproeventmonitor.sys
[2010/02/21 16:47:36 | 000,038,112 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\v2imount.sys
[2010/02/21 16:47:30 | 000,136,416 | ---- | C] (StorageCraft) -- C:\WINDOWS\System32\drivers\symsnap.sys
[2010/02/21 16:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
[2010/02/21 16:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Ghost
[2010/02/18 18:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\ieSpell
[2010/02/18 18:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\InteractiveGT
[2010/02/18 18:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InteractiveGT
[2010/02/18 18:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\IMSpellcheckerXP
[2010/02/16 10:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/15 15:24:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/15 15:24:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/15 15:24:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/15 15:24:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/15 11:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Beyond Compare 3
[2010/02/15 10:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\Scooter Software
[2010/02/15 09:18:32 | 000,000,000 | ---D | C] -- C:\ARFP
[2010/02/14 17:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\New Folder
[2010/02/14 17:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinMend
[2010/02/14 13:01:25 | 000,031,280 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmusb.sys
[2010/02/14 10:54:05 | 000,059,952 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vnetinst.dll
[2010/02/14 10:54:05 | 000,016,560 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetadapter.sys
[2010/02/14 10:54:00 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe
[2010/02/14 10:53:59 | 000,395,824 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe
[2010/02/14 10:53:58 | 000,026,288 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetuserif.sys
[2010/02/14 10:53:49 | 000,018,736 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnet.sys
[2010/02/14 10:53:42 | 000,760,368 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vnetlib.dll
[2010/02/14 10:53:25 | 000,023,216 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\VMkbd.sys
[2010/02/14 10:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2010/02/14 10:44:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\VMware
[2010/02/14 10:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2007/12/24 21:14:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/24 21:14:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/12/24 21:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/12/24 21:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/02/23 21:00:34 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/02/23 20:59:12 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/02/23 20:59:12 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/02/23 20:59:12 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/02/23 20:59:12 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/02/23 20:59:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/02/23 20:59:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/02/23 20:59:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/02/23 20:59:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/02/23 20:59:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/02/23 20:59:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/02/23 20:59:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/02/23 20:59:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/02/23 20:59:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/02/23 20:59:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/02/23 20:55:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/23 20:54:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/23 20:54:19 | 2079,903,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/23 20:53:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/23 20:53:07 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\NTUSER.DAT
[2010/02/23 20:53:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\ntuser.ini
[2010/02/23 20:52:56 | 009,130,602 | -H-- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Local Settings\Application Data\IconCache.db
[2010/02/23 20:19:30 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/23 17:57:23 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/02/23 17:43:13 | 000,034,760 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/02/23 17:41:26 | 000,035,040 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/02/23 17:39:12 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/23 17:39:12 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/02/23 17:39:12 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/02/23 17:38:46 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\Reanimator.lnk
[2010/02/23 17:03:17 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2010/02/23 14:42:04 | 000,191,488 | ---- | M] () -- C:\WINDOWS\System32\SSHNAS21.DLL.del
[2010/02/23 14:01:24 | 000,000,055 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/02/23 13:46:53 | 000,000,136 | ---- | M] () -- C:\WINDOWS\System32\_WDYSZYG.sys
[2010/02/23 13:41:20 | 000,000,231 | ---- | M] () -- C:\WINDOWS\imspellchecker .INI
[2010/02/23 09:04:29 | 000,000,294 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/22 18:58:18 | 000,118,575 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\debugfs_err.JPG
[2010/02/21 20:07:54 | 000,088,408 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/21 20:03:26 | 000,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/21 18:21:51 | 000,107,069 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\fsck_err3c.JPG
[2010/02/21 18:19:58 | 000,108,633 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\fsck_err3b.JPG
[2010/02/21 18:19:32 | 000,115,805 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\fsck_err3a.JPG
[2010/02/21 18:16:53 | 000,107,420 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\fsck_err3.JPG
[2010/02/21 17:49:35 | 000,000,577 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\IrfanView.lnk
[2010/02/21 17:43:34 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\MagicISO.lnk
[2010/02/21 17:36:36 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\BackUp Maker.lnk
[2010/02/21 11:23:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/19 18:28:43 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\Recruit-Application%20for%20CAI%20Employment[1].doc
[2010/02/19 18:22:43 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Start Menu\Programs\Startup\Spell Magic.lnk
[2010/02/18 18:51:22 | 000,001,786 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\IMSpellchecker XP.lnk
[2010/02/18 18:25:11 | 000,106,872 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\fsck_err2.JPG
[2010/02/18 18:24:31 | 000,105,030 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\fsck_err1.JPG
[2010/02/17 21:10:30 | 000,109,750 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\fsck_err.JPG
[2010/02/16 21:30:02 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Local Settings\Application Data\PUTTY.RND
[2010/02/16 18:06:01 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\resume32gem_sms.doc
[2010/02/16 10:57:44 | 000,001,764 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Professional.lnk
[2010/02/16 10:28:47 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\SpeedConnect Internet Accelerator.lnk
[2010/02/16 10:08:02 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\Startup Delayer.lnk
[2010/02/15 11:01:25 | 000,057,856 | -H-- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\rkgako.exe
[2010/02/15 11:00:29 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Beyond Compare 3.lnk
[2010/02/15 09:37:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/14 17:01:28 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\WinMend File Copy.lnk
[2010/02/14 10:53:18 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/02/14 10:53:08 | 000,461,208 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/14 10:53:08 | 000,396,322 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/14 10:53:08 | 000,060,478 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/14 10:53:05 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VMware Workstation.lnk
[2010/02/13 16:17:11 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\resume6k_acc_gem.doc
[2010/02/13 16:16:46 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\resume40gem_sms.doc
[2010/02/13 16:16:36 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\resume38gem_sms.doc
[2010/02/13 16:16:28 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\resume36gem_sms.doc
[2010/02/13 16:16:19 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\resume35gem_sms.doc
[2010/02/13 16:16:09 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\resume34gem_sms.doc
[2010/02/13 16:15:57 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\resume33gem_sms.doc
[2010/02/13 16:15:48 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\resume31gem_sms.doc
[2010/02/13 11:37:09 | 000,006,092 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\15035638_13-02-2010 11-37.htm
[2010/02/10 20:02:13 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\resume5.5k_acc_gem.doc
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/02/23 20:19:30 | 000,000,562 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/23 18:43:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/02/23 18:43:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/02/23 18:43:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/02/23 18:43:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/02/23 18:43:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/02/23 18:43:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/02/23 18:43:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/02/23 18:43:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/02/23 18:43:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/02/23 18:43:18 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/02/23 18:43:18 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/02/23 18:43:18 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/02/23 18:43:18 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/02/23 18:43:16 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/02/23 18:43:16 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/02/23 18:43:16 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/02/23 18:43:16 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/02/23 18:43:16 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/02/23 18:43:15 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/02/23 18:43:15 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/02/23 18:43:15 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/02/23 18:43:15 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/02/23 18:43:15 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/02/23 18:43:15 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/02/23 17:39:12 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/02/23 17:38:46 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\Reanimator.lnk
[2010/02/23 17:22:10 | 2079,903,744 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/23 14:42:04 | 000,191,488 | ---- | C] () -- C:\WINDOWS\System32\SSHNAS21.DLL.del
[2010/02/23 14:01:24 | 000,000,055 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/23 13:41:20 | 000,000,231 | ---- | C] () -- C:\WINDOWS\imspellchecker .INI
[2010/02/22 18:58:18 | 000,118,575 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\debugfs_err.JPG
[2010/02/21 19:55:34 | 001,637,294 | ---- | C] () -- C:\WINDOWS\System32\WILDCARD.DIC
[2010/02/21 19:55:34 | 000,201,921 | ---- | C] () -- C:\WINDOWS\System32\kime.chm
[2010/02/21 19:55:34 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\WILDCARD.IDX
[2010/02/21 18:21:51 | 000,107,069 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\fsck_err3c.JPG
[2010/02/21 18:19:58 | 000,108,633 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\fsck_err3b.JPG
[2010/02/21 18:19:32 | 000,115,805 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\fsck_err3a.JPG
[2010/02/21 18:16:53 | 000,107,420 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\fsck_err3.JPG
[2010/02/21 17:49:35 | 000,000,577 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\IrfanView.lnk
[2010/02/21 17:43:34 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\MagicISO.lnk
[2010/02/21 17:36:36 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\BackUp Maker.lnk
[2010/02/19 17:10:59 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\Recruit-Application%20for%20CAI%20Employment[1].doc
[2010/02/18 18:51:22 | 000,001,786 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\IMSpellchecker XP.lnk
[2010/02/18 18:49:24 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Start Menu\Programs\Startup\Spell Magic.lnk
[2010/02/18 18:25:11 | 000,106,872 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\fsck_err2.JPG
[2010/02/18 18:24:31 | 000,105,030 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\fsck_err1.JPG
[2010/02/17 21:10:30 | 000,109,750 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\fsck_err.JPG
[2010/02/16 10:57:44 | 000,001,764 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Professional.lnk
[2010/02/16 10:08:02 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\Startup Delayer.lnk
[2010/02/15 15:24:17 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/15 15:24:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/15 15:24:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/15 15:24:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/15 15:24:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/15 11:01:30 | 000,057,856 | -H-- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\rkgako.exe
[2010/02/15 11:00:29 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Beyond Compare 3.lnk
[2010/02/15 09:28:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/14 17:01:28 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\WinMend File Copy.lnk
[2010/02/14 10:53:18 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/02/14 10:53:05 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VMware Workstation.lnk
[2010/02/13 11:37:09 | 000,006,092 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Desktop\15035638_13-02-2010 11-37.htm
[2010/01/10 17:04:00 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Dreye20.ini
[2010/01/10 16:50:24 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\drwss.dll
[2010/01/10 16:50:23 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\DreyeDBW.dll
[2010/01/10 16:50:23 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\DreyeDBU.dll
[2010/01/10 16:50:23 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\Text32.dll
[2010/01/10 16:50:23 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\DictInfo.dll
[2010/01/10 16:50:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ITToolTip.dll
[2010/01/10 16:50:23 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\LevelApi.dll
[2010/01/10 16:50:22 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\DreyeSkinCtrls80U.dll
[2010/01/10 16:50:22 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\AddToNote.dll
[2010/01/10 16:50:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ClientProc.dll
[2010/01/10 16:50:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DreyeMT.dll
[2010/01/10 16:50:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\exeProc.dll
[2010/01/02 11:50:13 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\_WDYSZYG.sys
[2009/12/12 15:14:52 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/08 18:57:10 | 000,003,216 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/12/08 18:49:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2009/12/08 18:49:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2009/12/08 18:49:29 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2009/12/08 18:49:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2009/12/08 18:49:27 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2009/12/08 18:49:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2009/12/08 18:49:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2009/12/08 18:49:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2009/12/08 18:49:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2009/12/06 14:53:48 | 000,011,244 | ---- | C] () -- C:\WINDOWS\System32\drivers\Keyboard.sys
[2009/11/23 19:00:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/11/22 16:46:34 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2009/11/12 19:41:32 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/01 21:19:54 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/09/01 21:19:52 | 000,143,384 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/08/22 18:29:14 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Local Settings\Application Data\PUTTY.RND
[2009/06/03 20:43:46 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/05/30 11:29:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009/05/30 11:28:28 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/05/30 11:28:12 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2009/05/30 10:56:54 | 000,000,476 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/22 14:53:12 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2006/04/09 21:24:28 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2006/04/09 21:24:24 | 000,106,593 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2004/05/13 10:33:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2003/03/06 20:17:30 | 000,004,881 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2007/12/25 22:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cadsoft
[2009/12/11 20:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
[2009/11/07 20:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited
[2010/02/18 18:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InteractiveGT
[2010/02/21 19:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\kingsoft
[2009/12/13 10:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2009/05/30 10:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Network Associates
[2009/10/03 22:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
[2010/01/15 20:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\r2 Studios
[2009/09/09 23:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anyone.CHUI-0BECB5BAFA\Application Data\Birdstep Technology
[2010/02/21 11:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anyone.CHUI-0BECB5BAFA\Application Data\InteractiveGT
[2009/09/12 23:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anyone.CHUI-0BECB5BAFA\Application Data\Tencent
[2009/08/15 00:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anyone.CHUI-0BECB5BAFA\Application Data\Transcend
[2009/05/27 20:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.1691DFF79AE74E8\Application Data\MSNInstaller
[2009/05/27 19:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.1691DFF79AE74E8\Application Data\Transcend
[2010/02/21 17:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\ASCOMP Software
[2010/02/15 11:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\Azureus
[2009/11/07 20:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\Canneverbe_Limited
[2010/02/23 17:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\FreeFixer
[2010/02/18 18:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\InteractiveGT
[2010/01/10 17:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\Inventec
[2010/02/21 19:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\kingsoft
[2009/05/30 10:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\MSNInstaller
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\NCH Swift Sound
[2010/01/15 20:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\r2 Studios
[2010/02/15 10:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\Scooter Software
[2010/01/03 19:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\Spell Check Anywhere
[2009/08/23 13:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\Tencent
[2010/01/03 18:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\tinySpell
[2009/05/30 10:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\Transcend
[2009/12/11 20:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\Application Data\uTorrent
[2008/09/20 15:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui King Man.CHUI-3UTC9GROS0\Application Data\Transcend
[2008/11/01 21:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui king man.CHUI-D951A0B89A\Application Data\MSNInstaller
[2008/12/06 18:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chui king man.CHUI-D951A0B89A\Application Data\Transcend
[2008/10/19 18:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chuikingman\Application Data\Transcend
[2009/05/28 11:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chuikingman.NA-5RZ44E392N4J\Application Data\Transcend
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/02/23 20:59:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/02/23 20:59:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/02/23 20:59:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/02/23 20:59:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/02/23 20:59:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/02/23 20:59:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/02/23 20:59:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/02/23 20:59:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/02/23 20:59:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/02/23 20:59:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/02/23 20:59:12 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/02/23 20:59:12 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/02/23 21:00:34 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/02/23 20:59:12 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/02/23 20:59:12 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/02/23 20:59:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2009/12/11 20:28:48 | 266,174,464 | ---- | M] ( ) -- C:\Acrobat Pro 9.EXE
[2008/10/01 08:09:48 | 000,000,000 | RHS- | M] () -- C:\aikaicfqk.exe
[2008/10/18 18:14:35 | 000,000,000 | RHS- | M] () -- C:\bidybpnga.exe
[2008/10/01 08:12:23 | 000,000,000 | RHS- | M] () -- C:\cjsmmznxz.exe
[2008/10/01 08:08:58 | 000,109,568 | RHS- | M] () -- C:\cthvbvkuh.exe
[2008/10/01 08:09:05 | 000,000,000 | RHS- | M] () -- C:\cyatltrxp.exe
[2008/10/01 08:12:41 | 000,109,568 | RHS- | M] () -- C:\dcypjwqzf.exe
[2008/10/01 08:11:21 | 000,000,000 | RHS- | M] () -- C:\eqcmhqghk.exe
[2008/10/18 19:45:18 | 000,000,000 | RHS- | M] () -- C:\fdshgaqef.exe
[2008/10/01 08:14:13 | 000,000,000 | RHS- | M] () -- C:\fomltbxgi.exe
[2008/09/30 20:53:49 | 000,000,000 | RHS- | M] () -- C:\hqrxbbfus.exe
[2008/10/01 08:13:06 | 000,000,000 | RHS- | M] () -- C:\igbicoaka.exe
[2008/10/01 08:16:47 | 000,000,000 | RHS- | M] () -- C:\jwwfcdxep.exe
[2008/10/01 08:14:50 | 000,000,000 | RHS- | M] () -- C:\lcixpowxo.exe
[2008/09/30 20:54:13 | 000,000,000 | RHS- | M] () -- C:\lfijcrpmb.exe
[2008/10/01 08:12:53 | 000,000,000 | RHS- | M] () -- C:\lfkkusnxd.exe
[2008/10/01 08:13:24 | 000,000,000 | RHS- | M] () -- C:\meeempvau.exe
[2008/09/30 20:53:55 | 000,000,000 | RHS- | M] () -- C:\mwcymqxph.exe
[2008/09/30 20:54:07 | 000,000,000 | RHS- | M] () -- C:\orgqjcyql.exe
[2008/10/18 19:11:19 | 000,000,000 | RHS- | M] () -- C:\ovsbyweru.exe
[2008/10/01 08:15:15 | 000,000,000 | RHS- | M] () -- C:\pgmqqngiq.exe
[2008/10/01 08:12:04 | 000,000,000 | RHS- | M] () -- C:\pliqcftgn.exe
[2008/10/01 08:10:44 | 000,000,000 | RHS- | M] () -- C:\qhmvazjwr.exe
[2008/10/18 18:14:23 | 000,000,000 | RHS- | M] () -- C:\qnsfqxikn.exe
[2008/10/18 18:13:33 | 000,000,000 | RHS- | M] () -- C:\qyjqtqdsp.exe
[2008/09/30 20:54:50 | 000,000,000 | RHS- | M] () -- C:\sknvydocg.exe
[2008/09/30 20:35:46 | 000,000,000 | RHS- | M] () -- C:\uvegytmwd.exe
[2008/10/18 20:52:31 | 000,000,000 | RHS- | M] () -- C:\wmgtiiley.exe
[2008/10/01 08:15:33 | 000,000,000 | RHS- | M] () -- C:\zqrufcblx.exe
< MD5 for: AGP440.SYS >
[2008/04/14 20:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008/04/14 20:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 20:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 20:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2004/04/13 19:28:48 | 000,032,874 | ---- | M] () MD5=16D34E1EC42956262AA217352EC90597 -- C:\Perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2008/04/14 20:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 20:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 20:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/14 20:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 20:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 20:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SYMMPI.SYS >
[2008/01/19 19:35:16 | 000,039,760 | ---- | M] (LSI Logic) MD5=16F7EAF6C18A57AED6088EA2CBAF5AE9 -- C:\Program Files\Norton Ghost\Agent\VirtualDrivers\lsilogic.scsi\2000\symmpi.sys
[2008/01/19 19:35:16 | 000,089,088 | ---- | M] (LSI Logic) MD5=228432AC5786FAFF3232096235553904 -- C:\Program Files\Norton Ghost\Agent\VirtualDrivers\lsilogic.scsi\2003\i386\symmpi.sys
[2008/01/19 19:35:16 | 000,086,528 | ---- | M] (LSI Logic) MD5=24A0901CAFCEE7343EE62565BCFB7C9A -- C:\Program Files\Norton Ghost\Agent\VirtualDrivers\lsilogic.scsi\XP\i386\symmpi.sys
[2008/01/19 19:35:16 | 000,095,744 | ---- | M] (LSI Logic) MD5=AFBCB782CD62405A2F7E64279067E40E -- C:\Program Files\Norton Ghost\Agent\VirtualDrivers\lsilogic.scsi\2003\amd64\symmpi.sys
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 20:00:00 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/05/30 17:55:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/05/30 17:55:57 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/05/30 17:55:57 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
========== Files - Unicode (All) ==========
[2010/02/21 19:55:14 | 000,000,609 | ---- | M] ()(C:\Documents and Settings\All Users.WINDOWS\Desktop\金山快?2009 ??版.lnk) -- C:\Documents and Settings\All Users.WINDOWS\Desktop\金山快译2009 专业版.lnk
[2010/02/21 19:55:14 | 000,000,609 | ---- | C] ()(C:\Documents and Settings\All Users.WINDOWS\Desktop\金山快?2009 ??版.lnk) -- C:\Documents and Settings\All Users.WINDOWS\Desktop\金山快译2009 专业版.lnk
[2009/05/14 16:22:50 | 001,706,037 | ---- | C] ()(C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\3B203机?盒070724.pdf) -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\3B203机顶盒070724.pdf
[2009/05/14 16:22:46 | 003,296,658 | ---- | C] ()(C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\2B201 RollingStream系?原理R234_071011.pdf) -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\2B201 RollingStream系统原理R234_071011.pdf
[2009/04/16 22:01:00 | 001,706,037 | ---- | M] ()(C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\3B203机?盒070724.pdf) -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\3B203机顶盒070724.pdf
[2009/04/16 21:59:32 | 003,296,658 | ---- | M] ()(C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\2B201 RollingStream系?原理R234_071011.pdf) -- C:\Documents and Settings\Chui King Man.CHUI-0BECB5BAFA\My Documents\2B201 RollingStream系统原理R234_071011.pdf
[2009/02/15 15:39:15 | 000,000,000 | ---D | M](C:\Program Files\正宗???入法) -- C:\Program Files\正宗笔画输入法
[2009/02/15 15:39:15 | 000,000,000 | ---D | M](C:\Program Files\正宗???入法) -- C:\Program Files\正宗笔画输入法
[2009/02/07 17:53:52 | 000,000,000 | ---D | M](C:\Program Files\Oy×U±E?-EaEe·‥) -- C:\Program Files\Õý×ڱʻÊäÈë·¨
[2009/02/07 17:53:52 | 000,000,000 | ---D | M](C:\Program Files\Oy×U±E?-EaEe·‥) -- C:\Program Files\Õý×ڱʻÊäÈë·¨
(C:\Program Files\正宗???入法) -- C:\Program Files\正宗笔画输入法
(C:\Program Files\Oy×U±E?-EaEe·‥) -- C:\Program Files\Õý×ڱʻÊäÈë·¨
< End of report >
Edited by Rorschach112, 24 February 2010 - 06:01 AM.
#6
Posted 25 February 2010 - 06:51 PM
Rorschach112
-
- Retired Staff
-
- 47,710 posts
Ralphie
where else have you posted for help ?
Edited by Rorschach112, 25 February 2010 - 06:53 PM.
#7
Posted 03 March 2010 - 11:35 AM
Rorschach112
-
- Retired Staff
-
- 47,710 posts
Ralphie
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
