Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Try to run OTC problem


  • Please log in to reply

#1
Zackliu

Zackliu

    New Member

  • Member
  • Pip
  • 2 posts
Hi all,

As a newbie, I'm following the guidelines on the top.
However, OTC does not run on my computer, say 'psapi.dll not found'.
what should i do then?

Zack
  • 0

Advertisements


#2
Zackliu

Zackliu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
After run Malwarebytes Anti-virus, the OTC can be initiated finally. here is the report. Is my computer clean now?

OTL logfile created on: 2011-1-6 10:53:06 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\zhenhui\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000804 | Country: People's Republic of China | Language: CHS | Date Format: yyyy-M-d

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 5000 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.25 Gb Total Space | 2.52 Gb Free Space | 4.19% Space Free | Partition Type: NTFS
Drive E: | 48.43 Gb Total Space | 4.12 Gb Free Space | 8.52% Space Free | Partition Type: NTFS
Drive F: | 124.21 Gb Total Space | 14.34 Gb Free Space | 11.54% Space Free | Partition Type: NTFS
Drive K: | 5.00 Gb Total Space | 4.94 Gb Free Space | 98.80% Space Free | Partition Type: NTFS
Drive L: | 1.84 Gb Total Space | 1.47 Gb Free Space | 79.89% Space Free | Partition Type: FAT
Drive M: | 30.00 Gb Total Space | 23.70 Gb Free Space | 79.02% Space Free | Partition Type: FAT
Drive N: | 20.00 Gb Total Space | 17.14 Gb Free Space | 85.70% Space Free | Partition Type: FAT
Drive Z: | 1366.48 Gb Total Space | 380.46 Gb Free Space | 27.84% Space Free | Partition Type: NTFS

Computer Name: IIMT-ZHENHUI | User Name: zhenhui | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-01-06 10:11:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zhenhui\My Documents\Downloads\OTL.exe
PRC - [2011-01-05 10:11:43 | 000,372,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
PRC - [2011-01-05 10:10:37 | 000,783,016 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
PRC - [2011-01-05 10:10:37 | 000,492,200 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
PRC - [2011-01-05 10:10:01 | 000,063,992 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
PRC - [2010-12-20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010-12-17 09:30:23 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010-12-17 09:30:21 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-12-14 16:28:32 | 002,122,576 | ---- | M] (Softland) -- C:\Program Files\Softland\FBackup 4\fbaSched.exe
PRC - [2010-10-16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-06-07 16:16:56 | 003,887,480 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\temp\SysinternalsSuite\procexp.exe
PRC - [2010-03-26 10:09:30 | 000,166,576 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FNRB32.exe
PRC - [2010-03-26 10:09:30 | 000,129,712 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FIH32.exe
PRC - [2010-03-26 10:09:22 | 000,301,744 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FSM32.EXE
PRC - [2010-03-26 10:09:22 | 000,187,056 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FSMA32.EXE
PRC - [2010-03-26 10:09:20 | 000,088,752 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FSHDLL32.EXE
PRC - [2010-03-26 10:06:54 | 000,219,824 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
PRC - [2010-03-22 17:08:46 | 005,156,940 | ---- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\AClient\ACLIENT.EXE
PRC - [2010-03-10 21:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009-12-21 12:50:31 | 000,184,320 | ---- | M] () -- C:\Program Files\Altiris\AClient\AClntUsr.EXE
PRC - [2009-02-27 12:14:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008-09-16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008-04-14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 13:00:00 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2008-04-14 13:00:00 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe
PRC - [2008-01-14 19:42:02 | 000,694,040 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMon.exe
PRC - [2008-01-14 12:24:46 | 000,283,136 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe
PRC - [2005-08-04 20:55:54 | 000,504,832 | ---- | M] (Kingsoft Co, Ltd.) -- F:\Tools\PowerWord 2006\xdict.exe
PRC - [2004-08-22 17:05:02 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe
PRC - [2002-04-21 18:36:34 | 000,053,248 | ---- | M] (Flyingstar Software Studio) -- F:\Tools\桌面文字透明工具\TransDesktop.exe


========== Modules (SafeList) ==========

MOD - [2011-01-06 10:11:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zhenhui\My Documents\Downloads\OTL.exe
MOD - [2010-08-23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009-12-23 14:28:16 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009-12-23 14:28:15 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2009-12-23 14:28:13 | 001,093,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
MOD - [2009-12-23 14:28:12 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
MOD - [2008-04-14 13:00:00 | 000,433,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\riched20.dll
MOD - [2008-04-14 13:00:00 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2008-04-14 13:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008-01-14 12:24:48 | 000,057,856 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\RTSUltraMonHook.dll
MOD - [2007-05-21 15:47:44 | 001,521,240 | ---- | M] (Thomson ResearchSoft) -- C:\Program Files\Common Files\Thomson ResearchSoft\Cwyw\EndNote Cwyw.dll
MOD - [2002-04-16 22:01:54 | 000,032,768 | ---- | M] () -- F:\Tools\桌面文字透明工具\TransDLL.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\TrueGrid\LM\tglm.exe -- (TrueGrid License Manager)
SRV - [2011-01-05 10:10:01 | 000,063,992 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010-10-16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-07-22 16:16:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-03-26 10:09:30 | 000,166,576 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\Common\FNRB32.EXE -- (F-Secure Network Request Broker)
SRV - [2010-03-26 10:09:22 | 000,187,056 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2010-03-26 10:06:54 | 000,219,824 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2010-03-22 17:08:46 | 005,156,940 | ---- | M] (Altiris, Inc.) [Auto | Running] -- C:\Program Files\Altiris\AClient\AClient.exe -- (AClient)
SRV - [2010-01-22 09:17:47 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008-09-16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008-02-10 08:31:02 | 001,326,232 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2007-11-07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\temp\SysinternalsSuite\PORTMSYS.SYS -- (PORTMON)
DRV - [2011-01-05 16:43:06 | 000,002,401 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AlKernel.sys -- (AlKernel)
DRV - [2011-01-05 15:40:29 | 000,113,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2011-01-05 10:13:57 | 000,042,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2010-12-20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010-07-23 09:54:52 | 000,012,544 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbic2k.sys -- (Reader_Device)
DRV - [2010-07-23 09:54:52 | 000,009,728 | ---- | M] (OEM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IC2KENUM.SYS -- (ft2kEnum)
DRV - [2010-07-23 09:54:42 | 000,012,800 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Chip_smc.sys -- (GDBaseSmc)
DRV - [2010-03-26 10:07:04 | 000,039,856 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2010-03-26 10:07:04 | 000,025,264 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2010-01-14 14:32:39 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2008-11-26 23:37:42 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008-08-14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008-06-05 10:58:18 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2008-04-14 13:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-04-14 13:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2008-04-13 23:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008-04-13 23:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008-04-13 22:04:32 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-02-06 17:39:32 | 000,242,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006-12-06 12:12:56 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2006-10-12 09:52:04 | 004,387,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-09-24 13:23:14 | 000,003,584 | ---- | M] (Realtime Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UltraMonMirror.sys -- (UltraMonMirror)
DRV - [2006-09-24 13:22:52 | 000,011,776 | ---- | M] (Realtime Soft) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2006-04-25 17:26:08 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2004-08-22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004-08-22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2001-08-17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001-08-17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001-08-17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001-08-17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001-08-17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001-08-17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001-08-17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001-08-17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001-08-17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001-08-17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001-08-17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001-08-17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001-08-17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001-08-17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001-08-17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://innsida.ntnu.no/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://innsida.ntnu.no/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/403"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.18
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.3
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.9
FF - prefs.js..keyword.URL: "http://www.searchqu....ystemid=403&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-01-02 14:55:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-01-05 10:18:05 | 000,000,000 | ---D | M]

[2010-12-21 12:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Extensions
[2011-01-05 10:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions
[2010-04-30 12:34:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-01-02 14:36:52 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010-11-11 09:07:01 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2011-01-02 14:36:54 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
[2009-12-29 14:27:06 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010-12-08 17:17:41 | 000,000,000 | ---D | M] (omploader) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions\[email protected]
[2010-12-23 09:49:47 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions\[email protected]
[2010-10-11 08:30:27 | 000,000,000 | ---D | M] (SinaFox) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions\[email protected]
[2010-10-28 09:41:06 | 000,005,529 | ---- | M] () -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\searchplugins\SearchquWebSearch.xml
[2011-01-05 10:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-04-23 08:44:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-05 07:06:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-11-26 13:43:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-04-23 08:44:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-09-15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-03-14 15:30:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010-03-14 15:30:49 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010-03-14 15:30:49 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010-10-28 09:41:06 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
[2010-03-14 15:30:49 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008-04-14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BOC ProcessProtect Class) - {776B71E2-B4CC-4C94-BC7C-09103AA690B6} - C:\WINDOWS\system32\ProcessProtection.dll (www.ISRA.org.cn)
O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\zhenhui\Application Data\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (ClueIEAddin) - {c14aa221-bae1-45f6-b0b3-90c23f2daa7d} - C:\Clue\adxloader.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TransDesktop] F:\Tools\桌面文字透明工具\TransDesktop.exe (Flyingstar Software Studio)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [FBackup Scheduler] C:\Program Files\Softland\FBackup 4\fbaSched.exe (Softland)
O4 - HKCU..\Run: [VoipBuster] C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe File not found
O4 - HKCU..\Run: [VoipDiscount] C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe (VoipDiscount)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [removeSearchqudatamngr] File not found
O4 - HKLM..\RunOnce: [removeSearchqutoolbar] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to procexp.lnk = C:\temp\SysinternalsSuite\procexp.exe (Sysinternals - www.sysinternals.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to Tcpview.lnk = C:\temp\SysinternalsSuite\Tcpview.exe (Sysinternals - www.sysinternals.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk = C:\WINDOWS\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 1200
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\zhenhui\Application Data\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\zhenhui\Application Data\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\zhenhui\Application Data\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\zhenhui\Application Data\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\Bin\AddEmotion.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: bankofchina.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: boc.cn ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: boc.cn ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: com.cn ([mybank.icbc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: com.cn ([vip.icbc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: com.cn ([www.icbc] http in Trusted sites)
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} https://download.ali...401/aliedit.cab (EditCtrl Class)
O16 - DPF: {5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} http://securitycheck...Security_cn.cab (ICBC Security Ctrl)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1236937579218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} https://mybank.icbc....afeControls.cab (AxSubmitControl Class)
O16 - DPF: {A72B8CD1-7B63-4B08-8B40-F4B81DD0A7E7} https://masstransit-...s/webclient.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.241.0.200 129.241.0.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ivt.ntnu.no
O18 - Protocol\Handler\KuGoo {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (酷狗)
O18 - Protocol\Handler\KuGoo3 {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (酷狗)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O24 - Desktop Components:0 () - E:\Entertain\Pic\Haichen\Desktop\1.jpeg
O24 - Desktop Components:1 () - E:\Entertain\Pic\Haichen\Desktop\2.jpeg
O24 - Desktop Components:2 () - E:\Entertain\Pic\Haichen\Desktop\5.jpeg
O24 - Desktop Components:3 () - E:\Entertain\Pic\Haichen\Desktop\4.jpeg
O24 - Desktop Components:4 () - E:\Entertain\Pic\Haichen\Desktop\3.jpeg
O24 - Desktop Components:5 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - msnsspc.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-10-25 14:31:08 | 000,000,023 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-01-06 10:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Application Data\Malwarebytes
[2011-01-06 10:17:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-01-06 10:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-01-06 10:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-01-06 10:17:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-01-06 10:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-01-05 10:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\F-Secure Client Security
[2011-01-05 10:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
[2011-01-04 11:54:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Softland
[2011-01-04 11:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FBackup 4
[2011-01-04 11:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2011-01-04 11:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Application Data\Softland
[2011-01-04 10:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VoipDiscount
[2011-01-04 10:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\VoipDiscount.com
[2011-01-04 10:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Application Data\VoipBuster
[2011-01-03 21:57:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Standalone System Sweeper
[2011-01-03 10:00:52 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011-01-03 10:00:49 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011-01-03 10:00:24 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011-01-03 10:00:20 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011-01-03 10:00:01 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011-01-03 09:59:58 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011-01-03 09:59:50 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011-01-03 09:59:33 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011-01-03 09:59:17 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011-01-03 09:59:15 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011-01-03 09:59:12 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011-01-03 09:59:03 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011-01-03 09:58:59 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011-01-03 09:58:56 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011-01-03 09:58:53 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011-01-03 09:58:40 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011-01-03 09:58:28 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011-01-03 09:58:25 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011-01-03 09:58:22 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011-01-03 09:58:16 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011-01-03 09:58:00 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011-01-03 09:57:49 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011-01-03 09:57:46 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011-01-03 09:57:26 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011-01-03 09:57:23 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011-01-03 09:57:21 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011-01-03 09:57:18 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011-01-03 09:57:15 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011-01-03 09:57:12 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011-01-03 09:56:43 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011-01-03 09:56:39 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011-01-03 09:56:36 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011-01-03 09:56:35 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011-01-03 09:56:31 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011-01-03 09:56:28 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011-01-03 09:56:16 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011-01-03 09:56:13 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011-01-03 09:55:47 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011-01-03 09:55:45 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011-01-03 09:55:42 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011-01-03 09:55:39 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011-01-03 09:55:33 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011-01-03 09:54:42 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011-01-03 09:54:38 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011-01-03 09:54:35 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011-01-03 09:54:32 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011-01-03 09:54:30 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011-01-03 09:53:57 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011-01-03 09:53:55 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011-01-03 09:53:53 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011-01-03 09:53:47 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011-01-03 09:53:25 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011-01-03 09:53:22 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011-01-03 09:53:20 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011-01-03 09:53:18 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011-01-03 09:52:57 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011-01-03 09:52:52 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011-01-03 09:52:50 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011-01-03 09:52:38 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011-01-03 09:52:35 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011-01-03 09:52:33 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011-01-03 09:52:31 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011-01-03 09:52:28 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011-01-03 09:52:26 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011-01-03 09:52:24 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011-01-03 09:52:21 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011-01-03 09:52:19 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011-01-03 09:52:13 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011-01-03 09:52:11 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011-01-03 09:52:08 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011-01-03 09:52:07 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011-01-03 09:51:55 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011-01-03 09:51:50 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011-01-03 09:51:46 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011-01-03 09:51:42 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011-01-03 09:51:18 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011-01-03 09:51:16 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011-01-03 09:51:01 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011-01-03 09:50:59 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011-01-03 09:50:57 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011-01-03 09:50:48 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011-01-03 09:50:07 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011-01-03 09:49:57 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011-01-03 09:49:53 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011-01-03 09:49:51 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011-01-03 09:49:19 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011-01-03 09:49:17 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011-01-03 09:49:15 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011-01-03 09:49:12 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011-01-03 09:48:53 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011-01-03 09:48:41 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011-01-03 09:48:39 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011-01-03 09:48:31 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011-01-03 09:48:23 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011-01-03 09:48:21 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011-01-03 09:48:13 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011-01-03 09:48:11 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011-01-03 09:48:09 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011-01-03 09:48:06 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011-01-03 09:48:04 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011-01-03 09:48:02 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011-01-03 09:47:55 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011-01-03 09:47:53 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011-01-03 09:47:51 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011-01-03 09:47:49 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011-01-03 09:47:47 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011-01-03 09:46:32 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011-01-03 09:46:15 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011-01-03 09:46:13 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011-01-03 09:46:12 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011-01-03 09:46:10 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011-01-03 09:46:10 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011-01-03 09:46:08 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011-01-03 09:45:59 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011-01-03 09:45:57 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011-01-03 09:45:55 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011-01-03 09:45:52 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011-01-03 09:45:49 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011-01-03 09:45:47 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011-01-03 09:44:55 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011-01-03 09:44:18 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011-01-03 09:42:58 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011-01-03 09:42:51 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011-01-03 09:42:26 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011-01-03 09:42:25 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011-01-03 09:42:23 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011-01-03 09:42:11 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011-01-03 09:41:51 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011-01-03 09:41:50 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011-01-03 09:41:44 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011-01-03 09:41:42 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011-01-03 09:41:40 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011-01-03 09:41:39 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011-01-03 09:41:24 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011-01-03 09:41:20 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011-01-03 09:41:19 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011-01-03 09:40:00 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011-01-03 09:39:54 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011-01-03 09:39:45 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011-01-03 09:39:43 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011-01-03 09:39:42 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011-01-03 09:39:39 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011-01-03 09:39:38 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011-01-03 09:39:37 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011-01-03 09:39:36 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011-01-03 09:39:34 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011-01-03 09:39:15 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011-01-03 09:39:14 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011-01-03 09:39:11 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011-01-03 09:38:49 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011-01-03 09:38:48 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011-01-03 09:38:48 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011-01-03 09:38:47 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011-01-03 09:38:46 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011-01-03 09:38:45 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011-01-03 09:38:44 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011-01-03 09:38:43 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011-01-03 09:38:37 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011-01-03 09:38:22 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011-01-03 09:38:14 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011-01-03 09:38:05 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011-01-03 09:38:05 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011-01-03 09:38:05 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011-01-03 09:38:04 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011-01-03 09:38:04 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011-01-03 09:38:01 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011-01-03 09:38:01 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011-01-03 09:38:00 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011-01-03 09:38:00 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011-01-03 09:37:58 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011-01-03 09:37:57 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011-01-03 09:37:21 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011-01-03 09:37:20 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011-01-03 09:37:20 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011-01-03 09:37:19 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011-01-03 09:37:19 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011-01-03 09:37:18 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011-01-03 09:37:18 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011-01-03 09:37:17 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011-01-03 09:37:15 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011-01-03 09:37:15 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011-01-03 09:37:15 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011-01-03 09:37:14 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011-01-03 09:37:13 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011-01-03 09:37:13 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011-01-03 09:37:12 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011-01-03 09:37:12 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011-01-03 09:37:12 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011-01-03 09:37:11 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011-01-03 09:37:08 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011-01-03 09:37:05 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011-01-03 09:37:04 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011-01-03 09:37:04 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011-01-03 09:37:03 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011-01-03 09:37:03 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011-01-03 09:37:02 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011-01-03 09:37:02 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011-01-03 09:36:28 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011-01-03 09:36:23 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011-01-03 09:36:08 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011-01-03 09:36:07 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011-01-03 09:36:06 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011-01-03 09:36:05 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011-01-03 09:36:05 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011-01-03 09:36:03 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011-01-03 09:36:00 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011-01-03 09:36:00 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011-01-03 09:35:58 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011-01-03 09:35:57 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011-01-03 09:35:57 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011-01-02 15:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011-01-02 15:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-01-02 15:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-01-02 14:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011-01-02 14:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010-12-21 13:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tecplot 360 2010
[2010-12-21 13:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Tecplot
[2010-12-21 13:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Local Settings\Application Data\Downloaded Installations
[2010-12-21 12:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar
[2010-12-21 12:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\icons
[2010-12-19 21:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\My Documents\SweetScape
[2010-12-19 21:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Local Settings\Application Data\010 Editor
[2010-12-19 21:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\010 Editor v3
[2010-12-19 21:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\010 Editor v3
[2010-12-19 21:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Start Menu\Programs\Notepad++
[2010-12-19 21:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
[2010-12-19 21:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010-12-19 21:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Application Data\Notepad++
[2010-12-19 20:36:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010-12-15 16:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2010-12-15 16:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Local Settings\Application Data\Xenocode
[2010-12-15 16:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDFArea
[2010-12-15 16:28:31 | 002,254,768 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.CommandBars.v12.1.1.ocx
[2010-12-15 16:28:31 | 000,559,024 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.SkinFramework.v12.1.1.ocx
[2010-12-15 16:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\PDFArea
[2010-12-07 14:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Application Data\mIRC
[2010-12-07 13:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImageMagick 6.6.6 Q16
[2010-12-07 13:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\ImageMagick-6.6.6-Q16
[2009-12-22 12:25:50 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2009-12-22 12:25:50 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[64 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-01-06 10:50:59 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\byjyenaj.sys
[2011-01-06 10:49:20 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{42393342-0E75-483F-A8FD-783ED390B69B}.job
[2011-01-06 10:35:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\matlab.ini
[2011-01-06 10:34:14 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\yutwlhd.sys
[2011-01-06 10:17:14 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-01-06 01:39:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2011-01-05 18:00:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\fba_Phd-thesis Backup.job
[2011-01-05 17:45:54 | 029,065,357 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\integrated.opj
[2011-01-05 16:43:06 | 000,002,401 | ---- | M] () -- C:\WINDOWS\System32\drivers\AlKernel.sys
[2011-01-05 16:00:03 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\SogouImeMgr.job
[2011-01-05 10:13:57 | 000,042,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011-01-05 10:13:50 | 000,516,428 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-01-05 10:13:50 | 000,098,766 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-01-05 10:10:44 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk
[2011-01-05 10:10:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-01-05 10:09:51 | 000,003,050 | ---- | M] () -- C:\aclient.cfg
[2011-01-05 10:09:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-01-04 12:38:52 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to Tcpview.lnk
[2011-01-04 12:37:53 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to procexp.lnk
[2011-01-04 12:12:57 | 179,835,504 | ---- | M] () -- C:\Documents and Settings\zhenhui\My Documents\bakupreg.reg
[2011-01-04 12:07:44 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\TaskManager_Reset.reg
[2011-01-04 11:54:08 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FBackup 4.lnk
[2011-01-04 10:10:03 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\VoipDiscount.lnk
[2011-01-03 10:07:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-01-03 09:50:22 | 000,001,172 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat
[2011-01-02 17:27:10 | 002,291,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-01-02 16:31:42 | 000,047,859 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\img_35862.jpg
[2011-01-02 16:31:42 | 000,009,665 | ---- | M] () -- C:\Documents and Settings\zhenhui\.recently-used.xbel
[2011-01-02 16:30:37 | 000,466,726 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\img_3586.jpg
[2011-01-02 15:03:00 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011-01-02 14:54:38 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011-01-01 16:23:37 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MATLAB R2007a.lnk
[2010-12-30 22:56:24 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-12-30 21:43:04 | 000,000,397 | ---- | M] () -- C:\Documents and Settings\zhenhui\My Documents\tecplot.phy
[2010-12-29 11:41:25 | 000,059,454 | ---- | M] () -- C:\Documents and Settings\zhenhui\My Documents\Report-CentervsFrame.pdf
[2010-12-28 12:48:35 | 000,011,318 | ---- | M] () -- C:\Documents and Settings\zhenhui\gsview32.ini
[2010-12-26 17:23:42 | 001,380,723 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\Arockiasamy (1984) Semisubmersible response to transient ice forces.pdf
[2010-12-26 13:40:41 | 000,002,289 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\F-Secure SSH Client.lnk
[2010-12-26 12:34:40 | 000,518,809 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\sdarticle.pdf
[2010-12-24 10:01:50 | 000,086,118 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\merry.png
[2010-12-23 22:28:48 | 000,002,297 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\F-Secure SSH File Transfer.lnk
[2010-12-23 17:25:53 | 000,007,228 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\test
[2010-12-23 09:42:40 | 000,003,630 | RHS- | M] () -- C:\Documents and Settings\zhenhui\ntuser.pol
[2010-12-23 03:01:29 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-12-22 19:50:39 | 000,018,952 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010-12-21 13:06:24 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tecplot 360 2010.lnk
[2010-12-21 12:03:55 | 000,001,202 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\Popular ScreenSavers.lnk
[2010-12-21 12:03:55 | 000,001,178 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\Paltalk.lnk
[2010-12-20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-12-20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-12-20 17:25:21 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-12-20 17:25:19 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\zhenhui\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-12-19 18:12:43 | 000,000,218 | -HS- | M] () -- C:\boot.ini
[2010-12-15 17:52:35 | 000,023,452 | ---- | M] () -- C:\bar.emf
[2010-12-10 15:12:39 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\Template_Paper_POAC11.doc
[2010-12-08 19:14:34 | 000,000,041 | ---- | M] () -- C:\AClient.dat
[2010-12-08 17:28:02 | 000,286,720 | ---- | M] () -- C:\Documents and Settings\zhenhui\My Documents\Database2.accdb
[2010-12-07 13:15:15 | 000,001,683 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\ImageMagick Display.lnk
[2010-12-07 11:54:55 | 001,830,692 | ---- | M] () -- C:\Documents and Settings\zhenhui\My Documents\sdarticle2.pdf
[2010-12-07 11:54:16 | 000,327,212 | ---- | M] () -- C:\Documents and Settings\zhenhui\My Documents\sdarticle.pdf
[64 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-01-06 10:50:59 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\byjyenaj.sys
[2011-01-06 10:34:14 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\yutwlhd.sys
[2011-01-06 10:17:14 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-01-05 17:45:50 | 029,065,357 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\integrated.opj
[2011-01-05 10:13:51 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2011-01-05 10:07:10 | 000,042,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011-01-04 13:10:01 | 000,000,490 | ---- | C] () -- C:\WINDOWS\tasks\fba_Phd-thesis Backup.job
[2011-01-04 12:38:52 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to Tcpview.lnk
[2011-01-04 12:37:53 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to procexp.lnk
[2011-01-04 12:08:41 | 179,835,504 | ---- | C] () -- C:\Documents and Settings\zhenhui\My Documents\bakupreg.reg
[2011-01-04 12:07:43 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\TaskManager_Reset.reg
[2011-01-04 11:54:08 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FBackup 4.lnk
[2011-01-04 10:10:03 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\VoipDiscount.lnk
[2011-01-03 10:00:49 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011-01-03 10:00:46 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011-01-03 09:50:53 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011-01-03 09:50:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011-01-03 09:47:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011-01-03 09:42:56 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011-01-03 09:42:52 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011-01-03 09:42:49 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011-01-03 09:42:45 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011-01-03 09:42:42 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011-01-03 09:39:41 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011-01-03 09:39:40 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011-01-03 09:39:40 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011-01-03 09:36:53 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011-01-03 09:36:52 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011-01-03 09:36:51 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011-01-03 09:36:49 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011-01-03 09:36:48 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011-01-03 09:36:48 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011-01-03 09:36:48 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011-01-03 09:36:47 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011-01-03 09:36:46 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011-01-03 09:36:39 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011-01-02 16:31:42 | 000,009,665 | ---- | C] () -- C:\Documents and Settings\zhenhui\.recently-used.xbel
[2011-01-02 16:31:41 | 000,047,859 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\img_35862.jpg
[2011-01-02 16:30:37 | 000,466,726 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\img_3586.jpg
[2011-01-02 15:03:00 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011-01-02 14:54:38 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010-12-29 11:41:25 | 000,059,454 | ---- | C] () -- C:\Documents and Settings\zhenhui\My Documents\Report-CentervsFrame.pdf
[2010-12-26 17:23:39 | 001,380,723 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\Arockiasamy (1984) Semisubmersible response to transient ice forces.pdf
[2010-12-24 10:01:50 | 000,086,118 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\merry.png
[2010-12-23 17:25:25 | 000,007,228 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\test
[2010-12-21 13:06:24 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tecplot 360 2010.lnk
[2010-12-21 12:03:55 | 000,001,202 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\Popular ScreenSavers.lnk
[2010-12-21 12:03:55 | 000,001,178 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\Paltalk.lnk
[2010-12-10 15:12:39 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\Template_Paper_POAC11.doc
[2010-12-08 17:27:53 | 000,286,720 | ---- | C] () -- C:\Documents and Settings\zhenhui\My Documents\Database2.accdb
[2010-12-07 13:15:15 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\ImageMagick Display.lnk
[2010-12-07 11:54:49 | 001,830,692 | ---- | C] () -- C:\Documents and Settings\zhenhui\My Documents\sdarticle2.pdf
[2010-12-07 11:54:14 | 000,327,212 | ---- | C] () -- C:\Documents and Settings\zhenhui\My Documents\sdarticle.pdf
[2010-09-24 07:50:50 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\zhenhui\Application Data\Rim.Desktop.Exception.log
[2010-09-08 16:20:59 | 001,380,976 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010-08-18 09:41:52 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\zhenhui\Application Data\WDS30_Migrate_Shortcuts.ini
[2010-08-11 10:47:48 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\zhenhui\Application Data\Rim.Desktop.HttpServerSetup.log
[2010-07-23 09:54:52 | 000,019,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\eps2kt1.sys
[2010-07-23 09:54:52 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\ft2kco.dll
[2010-07-23 09:54:42 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\Chip_usb.sys
[2010-07-23 09:54:42 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ChipCo.dll
[2010-07-23 09:43:39 | 000,389,175 | ---- | C] () -- C:\WINDOWS\System32\RsaFun.dll
[2010-07-23 09:43:39 | 000,282,734 | ---- | C] () -- C:\WINDOWS\System32\NPCard.dll
[2010-07-23 09:43:39 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\jcutilHUAUK.dll
[2010-07-23 09:43:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\jcutilHUAUKLCD.dll
[2010-07-23 09:43:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jcutilTdrUKLCD.dll
[2010-07-23 09:43:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UnblkPIN.dll
[2010-07-23 09:43:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\jcinTHTFUK.dll
[2010-07-23 09:43:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\jcinpublic.dll
[2010-07-23 09:43:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\jcinHUAUK.dll
[2010-07-23 09:43:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jcutilgem101101.dll
[2010-07-23 09:43:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jcinGEM101.dll
[2010-07-23 09:43:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jcinGD84.dll
[2010-07-23 09:43:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jcinWATCHK.dll
[2010-07-23 09:43:38 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\jcinGEM102.dll
[2010-07-23 09:43:37 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jcidTHTFUK.dll
[2010-07-23 09:43:37 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jcidHUAUK.dll
[2010-07-23 09:43:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jcidGEM101.dll
[2010-07-23 09:43:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jcidGD84.dll
[2010-07-23 09:43:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jcidWATCHK.dll
[2010-07-23 09:43:37 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\jcidGEM102.dll
[2010-07-23 09:43:36 | 000,262,208 | ---- | C] () -- C:\WINDOWS\System32\GPKPCSC.dll
[2010-07-23 09:43:36 | 000,241,758 | ---- | C] () -- C:\WINDOWS\System32\GPKPIN.dll
[2010-07-23 09:43:36 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\GdApi.dll
[2010-07-23 09:43:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CEA_Crypt.dll
[2010-07-23 09:43:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hmukchk.dll
[2010-07-23 09:43:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ChangPIN.dll
[2010-07-23 09:43:36 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\GEMPIN01.dll
[2010-07-15 09:22:10 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2010-04-16 17:40:14 | 000,000,083 | ---- | C] () -- C:\WINDOWS\PDF Password Remover.INI
[2010-03-17 14:06:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-03-04 15:31:09 | 000,000,064 | ---- | C] () -- C:\WINDOWS\manager.INI
[2010-01-22 10:39:02 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\zhenhui\Application Data\gnuplot_history
[2010-01-20 14:09:04 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\zhenhui\Local Settings\Application Data\PUTTY.RND
[2010-01-15 12:45:02 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\pdg2.dll
[2010-01-14 11:45:23 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\zhenhui\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-31 10:31:47 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\zhenhui\Application Data\promtAcroTrans.log
[2009-12-29 14:23:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2009-12-22 15:01:40 | 000,000,027 | ---- | C] () -- C:\WINDOWS\AdvConfig.ini
[2009-12-22 11:13:55 | 000,048,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030a.dtd
[2009-12-21 23:10:39 | 000,000,284 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2009-12-21 15:11:08 | 000,000,654 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-06-30 13:31:39 | 000,002,401 | ---- | C] () -- C:\WINDOWS\System32\drivers\AlKernel.sys
[2009-05-08 11:06:56 | 000,584,192 | ---- | C] () -- C:\WINDOWS\System32\ssapi.dll
[2009-03-13 13:51:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009-03-13 04:50:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007-09-27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007-09-27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007-09-27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007-01-04 17:15:52 | 000,315,920 | ---- | C] () -- C:\WINDOWS\patchbld.dll
[2007-01-04 17:15:40 | 000,170,512 | ---- | C] () -- C:\WINDOWS\PATCHW32.DLL
[2004-08-22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll

========== LOP Check ==========

[2010-01-22 09:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010-07-15 12:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011-01-05 10:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009-12-21 15:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2010-08-04 15:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010-01-14 14:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paessler
[2010-01-28 09:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010-08-11 10:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011-01-04 11:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softland
[2010-03-10 18:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperStar
[2011-01-05 18:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-01-05 10:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2009-12-21 15:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010-04-09 16:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011-01-05 10:15:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2010-04-16 17:00:58 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\zhenhui\Application Data\.#
[2010-01-22 09:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Autodesk
[2011-01-03 09:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\BITS
[2010-08-12 16:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Blackberry Desktop
[2009-12-22 12:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Design Science
[2011-01-05 10:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\EndNote
[2010-12-27 00:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\F-Secure
[2009-12-22 10:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\F-Secure SSH
[2010-10-29 13:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\FileZilla
[2009-12-29 14:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\FlashGet
[2009-12-29 14:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\FlashGetBHO
[2011-01-02 16:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\gtk-2.0
[2010-01-13 14:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Helios
[2010-07-23 13:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\ICBC Security Ctrl
[2010-07-16 17:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\inkscape
[2009-12-22 15:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Kingsoft
[2009-12-28 09:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\LSTC
[2010-12-19 21:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Notepad++
[2009-12-31 10:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\PROject MT
[2010-09-24 07:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Research In Motion
[2011-01-06 09:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\SGPPLog
[2011-01-04 11:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Softland
[2011-01-06 10:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\SogouExplorer
[2011-01-06 10:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\SogouPY
[2009-12-22 11:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\SogouPY.users
[2010-01-20 14:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\StarNet
[2010-06-26 15:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\StreamTorrent
[2009-12-23 14:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Tencent
[2011-01-04 10:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\VoipBuster
[2011-01-05 11:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\VoipDiscount
[2010-03-29 14:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\VoipZoom
[2010-03-25 10:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\webex
[2009-12-21 21:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Windows Desktop Search
[2010-07-16 15:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Windows Live Writer
[2009-12-28 11:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Windows Search
[2009-12-22 11:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Xerox
[2011-01-05 18:00:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\Tasks\fba_Phd-thesis Backup.job
[2011-01-06 01:39:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job
[2011-01-05 16:00:03 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\SogouImeMgr.job
[2011-01-06 10:49:20 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{42393342-0E75-483F-A8FD-783ED390B69B}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010-06-30 14:46:39 | 000,041,773 | ---- | M] ()(C:\Documents and Settings\zhenhui\My Documents\L?nnsslipp.pdf) -- C:\Documents and Settings\zhenhui\My Documents\Lønnsslipp.pdf
[2010-06-30 14:46:39 | 000,041,773 | ---- | C] ()(C:\Documents and Settings\zhenhui\My Documents\L?nnsslipp.pdf) -- C:\Documents and Settings\zhenhui\My Documents\Lønnsslipp.pdf

========== Alternate Data Streams ==========

@Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A870F8B
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CFF5F08

< End of report >
  • 0

#3
Zackliu

Zackliu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
After run Malwarebytes Anti-virus, the OTC can be initiated finally. here is the report. Is my computer clean now?

OTL logfile created on: 2011-1-6 10:53:06 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\zhenhui\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000804 | Country: People's Republic of China | Language: CHS | Date Format: yyyy-M-d

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 5000 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.25 Gb Total Space | 2.52 Gb Free Space | 4.19% Space Free | Partition Type: NTFS
Drive E: | 48.43 Gb Total Space | 4.12 Gb Free Space | 8.52% Space Free | Partition Type: NTFS
Drive F: | 124.21 Gb Total Space | 14.34 Gb Free Space | 11.54% Space Free | Partition Type: NTFS
Drive K: | 5.00 Gb Total Space | 4.94 Gb Free Space | 98.80% Space Free | Partition Type: NTFS
Drive L: | 1.84 Gb Total Space | 1.47 Gb Free Space | 79.89% Space Free | Partition Type: FAT
Drive M: | 30.00 Gb Total Space | 23.70 Gb Free Space | 79.02% Space Free | Partition Type: FAT
Drive N: | 20.00 Gb Total Space | 17.14 Gb Free Space | 85.70% Space Free | Partition Type: FAT
Drive Z: | 1366.48 Gb Total Space | 380.46 Gb Free Space | 27.84% Space Free | Partition Type: NTFS

Computer Name: IIMT-ZHENHUI | User Name: zhenhui | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-01-06 10:11:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zhenhui\My Documents\Downloads\OTL.exe
PRC - [2011-01-05 10:11:43 | 000,372,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
PRC - [2011-01-05 10:10:37 | 000,783,016 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
PRC - [2011-01-05 10:10:37 | 000,492,200 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
PRC - [2011-01-05 10:10:01 | 000,063,992 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
PRC - [2010-12-20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010-12-17 09:30:23 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010-12-17 09:30:21 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-12-14 16:28:32 | 002,122,576 | ---- | M] (Softland) -- C:\Program Files\Softland\FBackup 4\fbaSched.exe
PRC - [2010-10-16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-06-07 16:16:56 | 003,887,480 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\temp\SysinternalsSuite\procexp.exe
PRC - [2010-03-26 10:09:30 | 000,166,576 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FNRB32.exe
PRC - [2010-03-26 10:09:30 | 000,129,712 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FIH32.exe
PRC - [2010-03-26 10:09:22 | 000,301,744 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FSM32.EXE
PRC - [2010-03-26 10:09:22 | 000,187,056 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FSMA32.EXE
PRC - [2010-03-26 10:09:20 | 000,088,752 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FSHDLL32.EXE
PRC - [2010-03-26 10:06:54 | 000,219,824 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
PRC - [2010-03-22 17:08:46 | 005,156,940 | ---- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\AClient\ACLIENT.EXE
PRC - [2010-03-10 21:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009-12-21 12:50:31 | 000,184,320 | ---- | M] () -- C:\Program Files\Altiris\AClient\AClntUsr.EXE
PRC - [2009-02-27 12:14:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008-09-16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008-04-14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 13:00:00 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2008-04-14 13:00:00 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe
PRC - [2008-01-14 19:42:02 | 000,694,040 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMon.exe
PRC - [2008-01-14 12:24:46 | 000,283,136 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe
PRC - [2005-08-04 20:55:54 | 000,504,832 | ---- | M] (Kingsoft Co, Ltd.) -- F:\Tools\PowerWord 2006\xdict.exe
PRC - [2004-08-22 17:05:02 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe
PRC - [2002-04-21 18:36:34 | 000,053,248 | ---- | M] (Flyingstar Software Studio) -- F:\Tools\桌面文字透明工具\TransDesktop.exe


========== Modules (SafeList) ==========

MOD - [2011-01-06 10:11:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zhenhui\My Documents\Downloads\OTL.exe
MOD - [2010-08-23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009-12-23 14:28:16 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009-12-23 14:28:15 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2009-12-23 14:28:13 | 001,093,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
MOD - [2009-12-23 14:28:12 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
MOD - [2008-04-14 13:00:00 | 000,433,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\riched20.dll
MOD - [2008-04-14 13:00:00 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2008-04-14 13:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008-01-14 12:24:48 | 000,057,856 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\RTSUltraMonHook.dll
MOD - [2007-05-21 15:47:44 | 001,521,240 | ---- | M] (Thomson ResearchSoft) -- C:\Program Files\Common Files\Thomson ResearchSoft\Cwyw\EndNote Cwyw.dll
MOD - [2002-04-16 22:01:54 | 000,032,768 | ---- | M] () -- F:\Tools\桌面文字透明工具\TransDLL.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\TrueGrid\LM\tglm.exe -- (TrueGrid License Manager)
SRV - [2011-01-05 10:10:01 | 000,063,992 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010-10-16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-07-22 16:16:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-03-26 10:09:30 | 000,166,576 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\Common\FNRB32.EXE -- (F-Secure Network Request Broker)
SRV - [2010-03-26 10:09:22 | 000,187,056 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2010-03-26 10:06:54 | 000,219,824 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2010-03-22 17:08:46 | 005,156,940 | ---- | M] (Altiris, Inc.) [Auto | Running] -- C:\Program Files\Altiris\AClient\AClient.exe -- (AClient)
SRV - [2010-01-22 09:17:47 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008-09-16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008-02-10 08:31:02 | 001,326,232 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2007-11-07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\temp\SysinternalsSuite\PORTMSYS.SYS -- (PORTMON)
DRV - [2011-01-05 16:43:06 | 000,002,401 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AlKernel.sys -- (AlKernel)
DRV - [2011-01-05 15:40:29 | 000,113,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2011-01-05 10:13:57 | 000,042,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2010-12-20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010-07-23 09:54:52 | 000,012,544 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbic2k.sys -- (Reader_Device)
DRV - [2010-07-23 09:54:52 | 000,009,728 | ---- | M] (OEM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IC2KENUM.SYS -- (ft2kEnum)
DRV - [2010-07-23 09:54:42 | 000,012,800 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Chip_smc.sys -- (GDBaseSmc)
DRV - [2010-03-26 10:07:04 | 000,039,856 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2010-03-26 10:07:04 | 000,025,264 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2010-01-14 14:32:39 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2008-11-26 23:37:42 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008-08-14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008-06-05 10:58:18 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2008-04-14 13:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-04-14 13:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2008-04-13 23:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008-04-13 23:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008-04-13 22:04:32 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-02-06 17:39:32 | 000,242,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006-12-06 12:12:56 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2006-10-12 09:52:04 | 004,387,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-09-24 13:23:14 | 000,003,584 | ---- | M] (Realtime Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UltraMonMirror.sys -- (UltraMonMirror)
DRV - [2006-09-24 13:22:52 | 000,011,776 | ---- | M] (Realtime Soft) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2006-04-25 17:26:08 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2004-08-22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004-08-22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2001-08-17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001-08-17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001-08-17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001-08-17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001-08-17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001-08-17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001-08-17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001-08-17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001-08-17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001-08-17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001-08-17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001-08-17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001-08-17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001-08-17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001-08-17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://innsida.ntnu.no/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://innsida.ntnu.no/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/403"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.18
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.3
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.9
FF - prefs.js..keyword.URL: "http://www.searchqu....ystemid=403&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-01-02 14:55:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-01-05 10:18:05 | 000,000,000 | ---D | M]

[2010-12-21 12:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Extensions
[2011-01-05 10:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions
[2010-04-30 12:34:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-01-02 14:36:52 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010-11-11 09:07:01 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2011-01-02 14:36:54 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
[2009-12-29 14:27:06 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010-12-08 17:17:41 | 000,000,000 | ---D | M] (omploader) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions\[email protected]
[2010-12-23 09:49:47 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions\[email protected]
[2010-10-11 08:30:27 | 000,000,000 | ---D | M] (SinaFox) -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\extensions\[email protected]
[2010-10-28 09:41:06 | 000,005,529 | ---- | M] () -- C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Profiles\10y1ecnu.default\searchplugins\SearchquWebSearch.xml
[2011-01-05 10:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-04-23 08:44:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-05 07:06:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-11-26 13:43:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-04-23 08:44:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-09-15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-03-14 15:30:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010-03-14 15:30:49 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010-03-14 15:30:49 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010-10-28 09:41:06 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
[2010-03-14 15:30:49 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008-04-14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BOC ProcessProtect Class) - {776B71E2-B4CC-4C94-BC7C-09103AA690B6} - C:\WINDOWS\system32\ProcessProtection.dll (www.ISRA.org.cn)
O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\zhenhui\Application Data\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (ClueIEAddin) - {c14aa221-bae1-45f6-b0b3-90c23f2daa7d} - C:\Clue\adxloader.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TransDesktop] F:\Tools\桌面文字透明工具\TransDesktop.exe (Flyingstar Software Studio)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [FBackup Scheduler] C:\Program Files\Softland\FBackup 4\fbaSched.exe (Softland)
O4 - HKCU..\Run: [VoipBuster] C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe File not found
O4 - HKCU..\Run: [VoipDiscount] C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe (VoipDiscount)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [removeSearchqudatamngr] File not found
O4 - HKLM..\RunOnce: [removeSearchqutoolbar] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to procexp.lnk = C:\temp\SysinternalsSuite\procexp.exe (Sysinternals - www.sysinternals.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to Tcpview.lnk = C:\temp\SysinternalsSuite\Tcpview.exe (Sysinternals - www.sysinternals.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk = C:\WINDOWS\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 1200
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\zhenhui\Application Data\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\zhenhui\Application Data\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\zhenhui\Application Data\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\zhenhui\Application Data\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\Bin\AddEmotion.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: bankofchina.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: boc.cn ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: boc.cn ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: com.cn ([mybank.icbc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: com.cn ([vip.icbc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: com.cn ([www.icbc] http in Trusted sites)
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} https://download.ali...401/aliedit.cab (EditCtrl Class)
O16 - DPF: {5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} http://securitycheck...Security_cn.cab (ICBC Security Ctrl)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1236937579218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} https://mybank.icbc....afeControls.cab (AxSubmitControl Class)
O16 - DPF: {A72B8CD1-7B63-4B08-8B40-F4B81DD0A7E7} https://masstransit-...s/webclient.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.241.0.200 129.241.0.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ivt.ntnu.no
O18 - Protocol\Handler\KuGoo {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (酷狗)
O18 - Protocol\Handler\KuGoo3 {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (酷狗)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O24 - Desktop Components:0 () - E:\Entertain\Pic\Haichen\Desktop\1.jpeg
O24 - Desktop Components:1 () - E:\Entertain\Pic\Haichen\Desktop\2.jpeg
O24 - Desktop Components:2 () - E:\Entertain\Pic\Haichen\Desktop\5.jpeg
O24 - Desktop Components:3 () - E:\Entertain\Pic\Haichen\Desktop\4.jpeg
O24 - Desktop Components:4 () - E:\Entertain\Pic\Haichen\Desktop\3.jpeg
O24 - Desktop Components:5 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\zhenhui\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - msnsspc.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-10-25 14:31:08 | 000,000,023 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-01-06 10:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Application Data\Malwarebytes
[2011-01-06 10:17:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-01-06 10:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-01-06 10:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-01-06 10:17:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-01-06 10:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-01-05 10:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\F-Secure Client Security
[2011-01-05 10:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
[2011-01-04 11:54:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Softland
[2011-01-04 11:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FBackup 4
[2011-01-04 11:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2011-01-04 11:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Application Data\Softland
[2011-01-04 10:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VoipDiscount
[2011-01-04 10:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\VoipDiscount.com
[2011-01-04 10:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Application Data\VoipBuster
[2011-01-03 21:57:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Standalone System Sweeper
[2011-01-03 10:00:52 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011-01-03 10:00:49 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011-01-03 10:00:24 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011-01-03 10:00:20 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011-01-03 10:00:01 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011-01-03 09:59:58 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011-01-03 09:59:50 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011-01-03 09:59:33 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011-01-03 09:59:17 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011-01-03 09:59:15 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011-01-03 09:59:12 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011-01-03 09:59:03 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011-01-03 09:58:59 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011-01-03 09:58:56 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011-01-03 09:58:53 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011-01-03 09:58:40 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011-01-03 09:58:28 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011-01-03 09:58:25 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011-01-03 09:58:22 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011-01-03 09:58:16 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011-01-03 09:58:00 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011-01-03 09:57:49 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011-01-03 09:57:46 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011-01-03 09:57:26 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011-01-03 09:57:23 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011-01-03 09:57:21 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011-01-03 09:57:18 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011-01-03 09:57:15 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011-01-03 09:57:12 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011-01-03 09:56:43 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011-01-03 09:56:39 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011-01-03 09:56:36 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011-01-03 09:56:35 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011-01-03 09:56:31 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011-01-03 09:56:28 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011-01-03 09:56:16 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011-01-03 09:56:13 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011-01-03 09:55:47 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011-01-03 09:55:45 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011-01-03 09:55:42 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011-01-03 09:55:39 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011-01-03 09:55:33 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011-01-03 09:54:42 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011-01-03 09:54:38 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011-01-03 09:54:35 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011-01-03 09:54:32 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011-01-03 09:54:30 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011-01-03 09:53:57 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011-01-03 09:53:55 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011-01-03 09:53:53 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011-01-03 09:53:47 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011-01-03 09:53:25 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011-01-03 09:53:22 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011-01-03 09:53:20 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011-01-03 09:53:18 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011-01-03 09:52:57 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011-01-03 09:52:52 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011-01-03 09:52:50 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011-01-03 09:52:38 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011-01-03 09:52:35 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011-01-03 09:52:33 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011-01-03 09:52:31 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011-01-03 09:52:28 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011-01-03 09:52:26 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011-01-03 09:52:24 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011-01-03 09:52:21 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011-01-03 09:52:19 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011-01-03 09:52:13 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011-01-03 09:52:11 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011-01-03 09:52:08 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011-01-03 09:52:07 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011-01-03 09:51:55 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011-01-03 09:51:50 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011-01-03 09:51:46 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011-01-03 09:51:42 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011-01-03 09:51:18 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011-01-03 09:51:16 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011-01-03 09:51:01 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011-01-03 09:50:59 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011-01-03 09:50:57 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011-01-03 09:50:48 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011-01-03 09:50:07 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011-01-03 09:49:57 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011-01-03 09:49:53 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011-01-03 09:49:51 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011-01-03 09:49:19 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011-01-03 09:49:17 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011-01-03 09:49:15 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011-01-03 09:49:12 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011-01-03 09:48:53 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011-01-03 09:48:41 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011-01-03 09:48:39 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011-01-03 09:48:31 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011-01-03 09:48:23 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011-01-03 09:48:21 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011-01-03 09:48:13 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011-01-03 09:48:11 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011-01-03 09:48:09 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011-01-03 09:48:06 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011-01-03 09:48:04 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011-01-03 09:48:02 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011-01-03 09:47:55 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011-01-03 09:47:53 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011-01-03 09:47:51 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011-01-03 09:47:49 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011-01-03 09:47:47 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011-01-03 09:46:32 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011-01-03 09:46:15 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011-01-03 09:46:13 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011-01-03 09:46:12 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011-01-03 09:46:10 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011-01-03 09:46:10 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011-01-03 09:46:08 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011-01-03 09:45:59 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011-01-03 09:45:57 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011-01-03 09:45:55 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011-01-03 09:45:52 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011-01-03 09:45:49 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011-01-03 09:45:47 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011-01-03 09:44:55 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011-01-03 09:44:18 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011-01-03 09:42:58 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011-01-03 09:42:51 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011-01-03 09:42:26 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011-01-03 09:42:25 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011-01-03 09:42:23 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011-01-03 09:42:11 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011-01-03 09:41:51 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011-01-03 09:41:50 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011-01-03 09:41:44 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011-01-03 09:41:42 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011-01-03 09:41:40 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011-01-03 09:41:39 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011-01-03 09:41:24 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011-01-03 09:41:20 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011-01-03 09:41:19 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011-01-03 09:40:00 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011-01-03 09:39:54 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011-01-03 09:39:45 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011-01-03 09:39:43 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011-01-03 09:39:42 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011-01-03 09:39:39 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011-01-03 09:39:38 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011-01-03 09:39:37 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011-01-03 09:39:36 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011-01-03 09:39:34 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011-01-03 09:39:15 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011-01-03 09:39:14 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011-01-03 09:39:11 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011-01-03 09:38:49 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011-01-03 09:38:48 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011-01-03 09:38:48 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011-01-03 09:38:47 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011-01-03 09:38:46 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011-01-03 09:38:45 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011-01-03 09:38:44 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011-01-03 09:38:43 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011-01-03 09:38:37 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011-01-03 09:38:22 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011-01-03 09:38:14 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011-01-03 09:38:05 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011-01-03 09:38:05 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011-01-03 09:38:05 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011-01-03 09:38:04 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011-01-03 09:38:04 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011-01-03 09:38:01 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011-01-03 09:38:01 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011-01-03 09:38:00 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011-01-03 09:38:00 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011-01-03 09:37:58 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011-01-03 09:37:57 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011-01-03 09:37:21 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011-01-03 09:37:20 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011-01-03 09:37:20 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011-01-03 09:37:19 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011-01-03 09:37:19 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011-01-03 09:37:18 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011-01-03 09:37:18 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011-01-03 09:37:17 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011-01-03 09:37:15 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011-01-03 09:37:15 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011-01-03 09:37:15 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011-01-03 09:37:14 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011-01-03 09:37:13 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011-01-03 09:37:13 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011-01-03 09:37:12 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011-01-03 09:37:12 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011-01-03 09:37:12 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011-01-03 09:37:11 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011-01-03 09:37:08 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011-01-03 09:37:05 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011-01-03 09:37:04 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011-01-03 09:37:04 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011-01-03 09:37:03 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011-01-03 09:37:03 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011-01-03 09:37:02 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011-01-03 09:37:02 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011-01-03 09:36:28 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011-01-03 09:36:23 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011-01-03 09:36:08 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011-01-03 09:36:07 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011-01-03 09:36:06 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011-01-03 09:36:05 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011-01-03 09:36:05 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011-01-03 09:36:03 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011-01-03 09:36:00 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011-01-03 09:36:00 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011-01-03 09:35:58 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011-01-03 09:35:57 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011-01-03 09:35:57 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011-01-02 15:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011-01-02 15:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-01-02 15:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-01-02 14:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011-01-02 14:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010-12-21 13:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tecplot 360 2010
[2010-12-21 13:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Tecplot
[2010-12-21 13:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Local Settings\Application Data\Downloaded Installations
[2010-12-21 12:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar
[2010-12-21 12:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\icons
[2010-12-19 21:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\My Documents\SweetScape
[2010-12-19 21:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Local Settings\Application Data\010 Editor
[2010-12-19 21:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\010 Editor v3
[2010-12-19 21:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\010 Editor v3
[2010-12-19 21:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Start Menu\Programs\Notepad++
[2010-12-19 21:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
[2010-12-19 21:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010-12-19 21:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Application Data\Notepad++
[2010-12-19 20:36:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010-12-15 16:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2010-12-15 16:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Local Settings\Application Data\Xenocode
[2010-12-15 16:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDFArea
[2010-12-15 16:28:31 | 002,254,768 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.CommandBars.v12.1.1.ocx
[2010-12-15 16:28:31 | 000,559,024 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.SkinFramework.v12.1.1.ocx
[2010-12-15 16:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\PDFArea
[2010-12-07 14:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zhenhui\Application Data\mIRC
[2010-12-07 13:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImageMagick 6.6.6 Q16
[2010-12-07 13:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\ImageMagick-6.6.6-Q16
[2009-12-22 12:25:50 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2009-12-22 12:25:50 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[64 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-01-06 10:50:59 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\byjyenaj.sys
[2011-01-06 10:49:20 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{42393342-0E75-483F-A8FD-783ED390B69B}.job
[2011-01-06 10:35:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\matlab.ini
[2011-01-06 10:34:14 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\yutwlhd.sys
[2011-01-06 10:17:14 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-01-06 01:39:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2011-01-05 18:00:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\fba_Phd-thesis Backup.job
[2011-01-05 17:45:54 | 029,065,357 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\integrated.opj
[2011-01-05 16:43:06 | 000,002,401 | ---- | M] () -- C:\WINDOWS\System32\drivers\AlKernel.sys
[2011-01-05 16:00:03 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\SogouImeMgr.job
[2011-01-05 10:13:57 | 000,042,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011-01-05 10:13:50 | 000,516,428 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-01-05 10:13:50 | 000,098,766 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-01-05 10:10:44 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk
[2011-01-05 10:10:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-01-05 10:09:51 | 000,003,050 | ---- | M] () -- C:\aclient.cfg
[2011-01-05 10:09:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-01-04 12:38:52 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to Tcpview.lnk
[2011-01-04 12:37:53 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to procexp.lnk
[2011-01-04 12:12:57 | 179,835,504 | ---- | M] () -- C:\Documents and Settings\zhenhui\My Documents\bakupreg.reg
[2011-01-04 12:07:44 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\TaskManager_Reset.reg
[2011-01-04 11:54:08 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FBackup 4.lnk
[2011-01-04 10:10:03 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\VoipDiscount.lnk
[2011-01-03 10:07:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-01-03 09:50:22 | 000,001,172 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat
[2011-01-02 17:27:10 | 002,291,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-01-02 16:31:42 | 000,047,859 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\img_35862.jpg
[2011-01-02 16:31:42 | 000,009,665 | ---- | M] () -- C:\Documents and Settings\zhenhui\.recently-used.xbel
[2011-01-02 16:30:37 | 000,466,726 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\img_3586.jpg
[2011-01-02 15:03:00 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011-01-02 14:54:38 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011-01-01 16:23:37 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MATLAB R2007a.lnk
[2010-12-30 22:56:24 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-12-30 21:43:04 | 000,000,397 | ---- | M] () -- C:\Documents and Settings\zhenhui\My Documents\tecplot.phy
[2010-12-29 11:41:25 | 000,059,454 | ---- | M] () -- C:\Documents and Settings\zhenhui\My Documents\Report-CentervsFrame.pdf
[2010-12-28 12:48:35 | 000,011,318 | ---- | M] () -- C:\Documents and Settings\zhenhui\gsview32.ini
[2010-12-26 17:23:42 | 001,380,723 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\Arockiasamy (1984) Semisubmersible response to transient ice forces.pdf
[2010-12-26 13:40:41 | 000,002,289 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\F-Secure SSH Client.lnk
[2010-12-26 12:34:40 | 000,518,809 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\sdarticle.pdf
[2010-12-24 10:01:50 | 000,086,118 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\merry.png
[2010-12-23 22:28:48 | 000,002,297 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\F-Secure SSH File Transfer.lnk
[2010-12-23 17:25:53 | 000,007,228 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\test
[2010-12-23 09:42:40 | 000,003,630 | RHS- | M] () -- C:\Documents and Settings\zhenhui\ntuser.pol
[2010-12-23 03:01:29 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-12-22 19:50:39 | 000,018,952 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010-12-21 13:06:24 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tecplot 360 2010.lnk
[2010-12-21 12:03:55 | 000,001,202 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\Popular ScreenSavers.lnk
[2010-12-21 12:03:55 | 000,001,178 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\Paltalk.lnk
[2010-12-20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-12-20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-12-20 17:25:21 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-12-20 17:25:19 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\zhenhui\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-12-19 18:12:43 | 000,000,218 | -HS- | M] () -- C:\boot.ini
[2010-12-15 17:52:35 | 000,023,452 | ---- | M] () -- C:\bar.emf
[2010-12-10 15:12:39 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\Template_Paper_POAC11.doc
[2010-12-08 19:14:34 | 000,000,041 | ---- | M] () -- C:\AClient.dat
[2010-12-08 17:28:02 | 000,286,720 | ---- | M] () -- C:\Documents and Settings\zhenhui\My Documents\Database2.accdb
[2010-12-07 13:15:15 | 000,001,683 | ---- | M] () -- C:\Documents and Settings\zhenhui\Desktop\ImageMagick Display.lnk
[2010-12-07 11:54:55 | 001,830,692 | ---- | M] () -- C:\Documents and Settings\zhenhui\My Documents\sdarticle2.pdf
[2010-12-07 11:54:16 | 000,327,212 | ---- | M] () -- C:\Documents and Settings\zhenhui\My Documents\sdarticle.pdf
[64 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-01-06 10:50:59 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\byjyenaj.sys
[2011-01-06 10:34:14 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\yutwlhd.sys
[2011-01-06 10:17:14 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-01-05 17:45:50 | 029,065,357 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\integrated.opj
[2011-01-05 10:13:51 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2011-01-05 10:07:10 | 000,042,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011-01-04 13:10:01 | 000,000,490 | ---- | C] () -- C:\WINDOWS\tasks\fba_Phd-thesis Backup.job
[2011-01-04 12:38:52 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to Tcpview.lnk
[2011-01-04 12:37:53 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to procexp.lnk
[2011-01-04 12:08:41 | 179,835,504 | ---- | C] () -- C:\Documents and Settings\zhenhui\My Documents\bakupreg.reg
[2011-01-04 12:07:43 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\TaskManager_Reset.reg
[2011-01-04 11:54:08 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FBackup 4.lnk
[2011-01-04 10:10:03 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\VoipDiscount.lnk
[2011-01-03 10:00:49 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011-01-03 10:00:46 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011-01-03 09:50:53 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011-01-03 09:50:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011-01-03 09:47:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011-01-03 09:42:56 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011-01-03 09:42:52 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011-01-03 09:42:49 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011-01-03 09:42:45 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011-01-03 09:42:42 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011-01-03 09:39:41 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011-01-03 09:39:40 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011-01-03 09:39:40 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011-01-03 09:36:53 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011-01-03 09:36:52 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011-01-03 09:36:51 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011-01-03 09:36:49 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011-01-03 09:36:48 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011-01-03 09:36:48 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011-01-03 09:36:48 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011-01-03 09:36:47 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011-01-03 09:36:46 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011-01-03 09:36:39 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011-01-02 16:31:42 | 000,009,665 | ---- | C] () -- C:\Documents and Settings\zhenhui\.recently-used.xbel
[2011-01-02 16:31:41 | 000,047,859 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\img_35862.jpg
[2011-01-02 16:30:37 | 000,466,726 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\img_3586.jpg
[2011-01-02 15:03:00 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011-01-02 14:54:38 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010-12-29 11:41:25 | 000,059,454 | ---- | C] () -- C:\Documents and Settings\zhenhui\My Documents\Report-CentervsFrame.pdf
[2010-12-26 17:23:39 | 001,380,723 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\Arockiasamy (1984) Semisubmersible response to transient ice forces.pdf
[2010-12-24 10:01:50 | 000,086,118 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\merry.png
[2010-12-23 17:25:25 | 000,007,228 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\test
[2010-12-21 13:06:24 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tecplot 360 2010.lnk
[2010-12-21 12:03:55 | 000,001,202 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\Popular ScreenSavers.lnk
[2010-12-21 12:03:55 | 000,001,178 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\Paltalk.lnk
[2010-12-10 15:12:39 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\Template_Paper_POAC11.doc
[2010-12-08 17:27:53 | 000,286,720 | ---- | C] () -- C:\Documents and Settings\zhenhui\My Documents\Database2.accdb
[2010-12-07 13:15:15 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\zhenhui\Desktop\ImageMagick Display.lnk
[2010-12-07 11:54:49 | 001,830,692 | ---- | C] () -- C:\Documents and Settings\zhenhui\My Documents\sdarticle2.pdf
[2010-12-07 11:54:14 | 000,327,212 | ---- | C] () -- C:\Documents and Settings\zhenhui\My Documents\sdarticle.pdf
[2010-09-24 07:50:50 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\zhenhui\Application Data\Rim.Desktop.Exception.log
[2010-09-08 16:20:59 | 001,380,976 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010-08-18 09:41:52 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\zhenhui\Application Data\WDS30_Migrate_Shortcuts.ini
[2010-08-11 10:47:48 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\zhenhui\Application Data\Rim.Desktop.HttpServerSetup.log
[2010-07-23 09:54:52 | 000,019,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\eps2kt1.sys
[2010-07-23 09:54:52 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\ft2kco.dll
[2010-07-23 09:54:42 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\Chip_usb.sys
[2010-07-23 09:54:42 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ChipCo.dll
[2010-07-23 09:43:39 | 000,389,175 | ---- | C] () -- C:\WINDOWS\System32\RsaFun.dll
[2010-07-23 09:43:39 | 000,282,734 | ---- | C] () -- C:\WINDOWS\System32\NPCard.dll
[2010-07-23 09:43:39 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\jcutilHUAUK.dll
[2010-07-23 09:43:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\jcutilHUAUKLCD.dll
[2010-07-23 09:43:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jcutilTdrUKLCD.dll
[2010-07-23 09:43:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UnblkPIN.dll
[2010-07-23 09:43:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\jcinTHTFUK.dll
[2010-07-23 09:43:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\jcinpublic.dll
[2010-07-23 09:43:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\jcinHUAUK.dll
[2010-07-23 09:43:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jcutilgem101101.dll
[2010-07-23 09:43:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jcinGEM101.dll
[2010-07-23 09:43:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jcinGD84.dll
[2010-07-23 09:43:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jcinWATCHK.dll
[2010-07-23 09:43:38 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\jcinGEM102.dll
[2010-07-23 09:43:37 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jcidTHTFUK.dll
[2010-07-23 09:43:37 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jcidHUAUK.dll
[2010-07-23 09:43:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jcidGEM101.dll
[2010-07-23 09:43:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jcidGD84.dll
[2010-07-23 09:43:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jcidWATCHK.dll
[2010-07-23 09:43:37 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\jcidGEM102.dll
[2010-07-23 09:43:36 | 000,262,208 | ---- | C] () -- C:\WINDOWS\System32\GPKPCSC.dll
[2010-07-23 09:43:36 | 000,241,758 | ---- | C] () -- C:\WINDOWS\System32\GPKPIN.dll
[2010-07-23 09:43:36 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\GdApi.dll
[2010-07-23 09:43:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CEA_Crypt.dll
[2010-07-23 09:43:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hmukchk.dll
[2010-07-23 09:43:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ChangPIN.dll
[2010-07-23 09:43:36 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\GEMPIN01.dll
[2010-07-15 09:22:10 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2010-04-16 17:40:14 | 000,000,083 | ---- | C] () -- C:\WINDOWS\PDF Password Remover.INI
[2010-03-17 14:06:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-03-04 15:31:09 | 000,000,064 | ---- | C] () -- C:\WINDOWS\manager.INI
[2010-01-22 10:39:02 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\zhenhui\Application Data\gnuplot_history
[2010-01-20 14:09:04 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\zhenhui\Local Settings\Application Data\PUTTY.RND
[2010-01-15 12:45:02 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\pdg2.dll
[2010-01-14 11:45:23 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\zhenhui\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-31 10:31:47 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\zhenhui\Application Data\promtAcroTrans.log
[2009-12-29 14:23:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2009-12-22 15:01:40 | 000,000,027 | ---- | C] () -- C:\WINDOWS\AdvConfig.ini
[2009-12-22 11:13:55 | 000,048,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030a.dtd
[2009-12-21 23:10:39 | 000,000,284 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2009-12-21 15:11:08 | 000,000,654 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-06-30 13:31:39 | 000,002,401 | ---- | C] () -- C:\WINDOWS\System32\drivers\AlKernel.sys
[2009-05-08 11:06:56 | 000,584,192 | ---- | C] () -- C:\WINDOWS\System32\ssapi.dll
[2009-03-13 13:51:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009-03-13 04:50:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007-09-27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007-09-27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007-09-27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007-01-04 17:15:52 | 000,315,920 | ---- | C] () -- C:\WINDOWS\patchbld.dll
[2007-01-04 17:15:40 | 000,170,512 | ---- | C] () -- C:\WINDOWS\PATCHW32.DLL
[2004-08-22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll

========== LOP Check ==========

[2010-01-22 09:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010-07-15 12:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011-01-05 10:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009-12-21 15:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2010-08-04 15:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010-01-14 14:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paessler
[2010-01-28 09:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010-08-11 10:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011-01-04 11:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softland
[2010-03-10 18:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperStar
[2011-01-05 18:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-01-05 10:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2009-12-21 15:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010-04-09 16:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011-01-05 10:15:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2010-04-16 17:00:58 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\zhenhui\Application Data\.#
[2010-01-22 09:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Autodesk
[2011-01-03 09:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\BITS
[2010-08-12 16:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Blackberry Desktop
[2009-12-22 12:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Design Science
[2011-01-05 10:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\EndNote
[2010-12-27 00:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\F-Secure
[2009-12-22 10:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\F-Secure SSH
[2010-10-29 13:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\FileZilla
[2009-12-29 14:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\FlashGet
[2009-12-29 14:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\FlashGetBHO
[2011-01-02 16:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\gtk-2.0
[2010-01-13 14:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Helios
[2010-07-23 13:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\ICBC Security Ctrl
[2010-07-16 17:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\inkscape
[2009-12-22 15:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Kingsoft
[2009-12-28 09:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\LSTC
[2010-12-19 21:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Notepad++
[2009-12-31 10:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\PROject MT
[2010-09-24 07:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Research In Motion
[2011-01-06 09:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\SGPPLog
[2011-01-04 11:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Softland
[2011-01-06 10:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\SogouExplorer
[2011-01-06 10:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\SogouPY
[2009-12-22 11:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\SogouPY.users
[2010-01-20 14:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\StarNet
[2010-06-26 15:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\StreamTorrent
[2009-12-23 14:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Tencent
[2011-01-04 10:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\VoipBuster
[2011-01-05 11:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\VoipDiscount
[2010-03-29 14:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\VoipZoom
[2010-03-25 10:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\webex
[2009-12-21 21:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Windows Desktop Search
[2010-07-16 15:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Windows Live Writer
[2009-12-28 11:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Windows Search
[2009-12-22 11:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zhenhui\Application Data\Xerox
[2011-01-05 18:00:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\Tasks\fba_Phd-thesis Backup.job
[2011-01-06 01:39:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job
[2011-01-05 16:00:03 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\SogouImeMgr.job
[2011-01-06 10:49:20 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{42393342-0E75-483F-A8FD-783ED390B69B}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010-06-30 14:46:39 | 000,041,773 | ---- | M] ()(C:\Documents and Settings\zhenhui\My Documents\L?nnsslipp.pdf) -- C:\Documents and Settings\zhenhui\My Documents\Lønnsslipp.pdf
[2010-06-30 14:46:39 | 000,041,773 | ---- | C] ()(C:\Documents and Settings\zhenhui\My Documents\L?nnsslipp.pdf) -- C:\Documents and Settings\zhenhui\My Documents\Lønnsslipp.pdf

========== Alternate Data Streams ==========

@Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A870F8B
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CFF5F08

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP