Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BSOD, 0x10004130 error, windows cannot find 'C:\WINDOWS\

Started by jennyllm , Jul 27 2011 10:50 PM

  • Please log in to reply

#1
jennyllm
Posted 27 July 2011 - 10:50 PM

jennyllm

    Member

  • Member
  • PipPip
  • 27 posts
Last week Thursday, my laptop had been hit by the facebook new virus. My antivirus detected a malware and stated that need to reboot to remove it. After I reboot, my laptop is unable to login to windows, not even in safe mode, safe mode in networking, safe mode in command prompt, last known good configuration with a BSOD popup. So I'd reformat my laptop with the Microsoft Windows XP Diamond Ultimate 2010. After few times of trying to format, finally my laptop is format using an external dvd-rom. But my laptop seems running very slow compared to the previous before format & my eset smart security scan a lot of virus in system32. Problems that I encounter are:-

1. Access violation at address 004B40D6 in module 'IUMain.exe'. Read of address 09EC8014.
2. The application failed to initialize properly (0xc000142). Click on OK to terminate the application.
3. wrg35j36.exe error.
4. The application failed to initialize properly (0xc0000005).
5. The instruction at "0x0fac1f86" referenced memory at "0x11999ef0". The memory could not be read.
6. Runtime error 216 at 0FAC1F86.
7. 0x10004130 error and a lots more which i can't stated out.

Can anyone please help me if my laptop can be cure from the viruses?


OTL logfile created on: 7/28/2011 11:42:44 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = D:\softwares\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.34 Gb Available Physical Memory | 27.24% Memory free
2.98 Gb Paging File | 1.86 Gb Available in Paging File | 62.42% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 69.25 Gb Free Space | 92.92% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 16.02 Gb Free Space | 21.49% Space Free | Partition Type: NTFS
Drive G: | 17.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-0467F99F79 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/28 11:42:41 | 000,606,720 | ---- | M] (OldTimer Tools) -- D:\softwares\OTL\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/07/24 12:10:06 | 010,099,032 | ---- | M] () -- C:\Program Files\Celcom Broadband\UIMain.exe
PRC - [2010/07/23 11:24:24 | 000,138,552 | ---- | M] () -- C:\Program Files\Celcom Broadband\UIExec.exe
PRC - [2010/07/23 11:24:20 | 000,255,800 | ---- | M] () -- C:\Program Files\Celcom Broadband\AssistantServices.exe
PRC - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/09/11 07:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/06/15 20:00:00 | 001,870,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/06/15 20:00:00 | 000,147,456 | ---- | M] () -- C:\WINDOWS\Resources\DiamondStyle\LClock\LClock.exe
PRC - [2008/08/16 16:18:56 | 000,913,408 | ---- | M] (zbshareware, Inc) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2007/09/11 12:26:12 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe


========== Modules (SafeList) ==========

MOD - [2011/07/28 11:42:41 | 000,606,720 | ---- | M] (OldTimer Tools) -- D:\softwares\OTL\OTL.exe
MOD - [2009/09/11 07:36:56 | 000,011,952 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\eplgHooks.dll
MOD - [2009/06/15 20:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll
MOD - [2007/09/11 12:24:00 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Spooler)
SRV - File not found [On_Demand | Stopped] -- -- (MSIServer)
SRV - File not found [On_Demand | Stopped] -- -- (ImapiService)
SRV - [2011/07/24 22:46:38 | 000,813,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\vnfuiwwn.dll -- (awnrqpgi)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/07/23 11:24:20 | 000,255,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Celcom Broadband\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/09/11 07:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/06/15 20:00:00 | 000,221,696 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2009/06/15 20:00:00 | 000,131,584 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)
SRV - [2009/06/15 20:00:00 | 000,124,928 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2009/06/15 20:00:00 | 000,108,032 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2009/06/15 20:00:00 | 000,108,032 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2009/06/15 20:00:00 | 000,092,672 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\SCardSvr.exe -- (SCardSvr)
SRV - [2009/06/15 20:00:00 | 000,074,240 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2009/06/15 20:00:00 | 000,070,656 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2009/06/15 20:00:00 | 000,052,224 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2009/06/15 20:00:00 | 000,025,088 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2009/06/15 20:00:00 | 000,017,408 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2009/06/15 20:00:00 | 000,004,096 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2009/06/15 20:00:00 | 000,004,096 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2007/02/17 06:24:38 | 000,032,768 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/03 11:14:16 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/05/19 14:12:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/05/19 14:12:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/09/11 02:39:08 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/08/25 11:22:40 | 000,014,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/05/14 17:03:12 | 004,742,144 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/26 06:22:50 | 000,985,472 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/03/26 06:22:10 | 000,210,560 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/26 06:22:06 | 000,731,264 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/13 18:21:56 | 000,547,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/04/16 19:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 53 C8 AB 37 4B CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/07/26 09:29:41 | 000,000,000 | ---D | M]

[2011/07/24 13:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2011/07/24 13:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c428jk6m.default\extensions

Hosts file not found
O2 - BHO: () - {6A5BBC74-8147-8F5F-E6D4-64EC17B7AF92} - C:\WINDOWS\system32\vnfuiwwn.dll (Microsoft Corporation)
O2 - BHO: (NJStarBHO Class) - {E74F179F-F6CC-4BE0-9638-DEA49583953F} - C:\Program Files\NJStar Communicator\NJStarBHO32.dll (NJStar Software Corp.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Regedit32] File not found
O4 - HKLM..\Run: [UIExec] C:\Program Files\Celcom Broadband\UIExec.exe ()
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (zbshareware, Inc)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] File not found
O4 - HKCU..\Run: [LClock] C:\WINDOWS\Resources\DiamondStyle\LClock\LClock.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\70njo87.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\djozvv66m8.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\fl61nijo.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\hcdi8e1v7w.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\v03m69703.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\xsnojzavrrn.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\xxnou93a.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\yyoupql0.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\ze870rrhid.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-2264126421-8124159057-191515620-1481\djwi2kcew.exe) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/24 13:46:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/25 11:41:58 | 000,000,643 | R--- | M] () - G:\AutoRun.dat -- [ CDFS ]
O32 - AutoRun File - [2010/05/19 22:23:56 | 000,015,086 | R--- | M] () - G:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/06/03 10:26:31 | 000,000,047 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4b932828-b728-11e0-87c4-001e68b76fc1}\Shell - "" = AutoRun
O33 - MountPoints2\{4b932828-b728-11e0-87c4-001e68b76fc1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4b932828-b728-11e0-87c4-001e68b76fc1}\Shell\AutoRun\command - "" = G:\Install.exe -- [2010/07/24 11:24:46 | 000,302,392 | R--- | M] ()
O33 - MountPoints2\{be11562c-b5f9-11e0-87af-001e68b76fc1}\Shell - "" = AutoRun
O33 - MountPoints2\{be11562c-b5f9-11e0-87af-001e68b76fc1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be11562c-b5f9-11e0-87af-001e68b76fc1}\Shell\AutoRun\command - "" = E:\Install.exe
O33 - MountPoints2\{beda1b5d-b5cf-11e0-87ab-001e68b76fc1}\Shell - "" = AutoRun
O33 - MountPoints2\{beda1b5d-b5cf-11e0-87ab-001e68b76fc1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{beda1b5d-b5cf-11e0-87ab-001e68b76fc1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL xOaUsUf.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/28 11:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\A Tech Group
[2011/07/27 16:24:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/26 21:57:52 | 000,000,000 | ---D | C] -- C:\Jenny
[2011/07/26 15:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2011/07/26 15:21:36 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/26 15:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/26 15:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/26 15:21:33 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/26 15:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/26 14:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/26 14:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/26 10:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\NJStar Communicator
[2011/07/26 10:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\NJStar
[2011/07/26 10:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NJStar Communicator
[2011/07/26 10:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\NJStar Communicator
[2011/07/26 09:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Celcom Broadband
[2011/07/26 09:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Celcom Broadband
[2011/07/25 12:05:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/07/25 12:05:19 | 000,000,000 | ---D | C] -- C:\80687f2be5c02c4dc6
[2011/07/25 11:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/07/25 02:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\IObit
[2011/07/25 02:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/07/25 01:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Acer Crystal Eye webcam
[2011/07/25 01:12:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\BUVC_AP
[2011/07/25 01:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\InstallShield
[2011/07/25 01:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/07/25 00:00:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/07/25 00:00:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/24 23:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011/07/24 23:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\ESET
[2011/07/24 23:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\ESET
[2011/07/24 22:57:07 | 000,033,096 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwndis.sys
[2011/07/24 22:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/24 22:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/07/24 22:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/07/24 22:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Google
[2011/07/24 22:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\updates
[2011/07/24 22:43:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\PrivacIE
[2011/07/24 22:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Macromedia
[2011/07/24 22:11:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\IECompatCache
[2011/07/24 22:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\USB Disk Security
[2011/07/24 22:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USB Disk Security
[2011/07/24 22:05:50 | 017,293,368 | ---- | C] ( ) -- C:\Documents and Settings\user\Desktop\CyberLink.2525_YUC100108-03.exe.part
[2011/07/24 22:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2011/07/24 21:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\SuYin
[2011/07/24 21:42:42 | 002,835,456 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2011/07/24 21:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Adobe
[2011/07/24 21:35:54 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2011/07/24 21:35:54 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2011/07/24 21:35:54 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2011/07/24 21:35:54 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
[2011/07/24 21:35:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SupportAppXL
[2011/07/24 21:25:20 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/07/24 21:25:19 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/07/24 21:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/07/24 21:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/07/24 21:24:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/07/24 21:24:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/07/24 21:24:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/07/24 21:24:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/07/24 21:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/07/24 21:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/07/24 21:24:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/07/24 21:24:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/07/24 21:24:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/07/24 21:24:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/07/24 21:23:54 | 000,547,904 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\ar5211.sys
[2011/07/24 21:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/07/24 21:23:15 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/07/24 21:19:57 | 000,000,000 | --SD | C] -- C:\WINDOWS\Offline Web Pages
[2011/07/24 21:19:57 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/07/24 21:19:57 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/07/24 21:19:57 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/07/24 21:19:57 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/07/24 21:19:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/07/24 20:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Drvers
[2011/07/24 20:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/07/24 19:56:48 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2011/07/24 19:56:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Administrative Tools
[2011/07/24 19:53:41 | 001,315,776 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athw.sys
[2011/07/24 19:53:41 | 001,315,776 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athw.sys
[2011/07/24 19:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2011/07/24 19:53:21 | 000,000,000 | ---D | C] -- C:\temp
[2011/07/24 19:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2011/07/24 19:51:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2011/07/24 19:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2011/07/24 19:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Broadcom
[2011/07/24 19:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/07/24 19:48:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/07/24 19:46:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/07/24 19:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USB 2.0 Card Reader
[2011/07/24 19:46:02 | 000,266,240 | ---- | C] (Realtek Semiconduct Corp. ) -- C:\WINDOWS\System32\rts5121.dll
[2011/07/24 19:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\USB 2.0 Card Reader
[2011/07/24 19:45:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/07/24 19:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2011/07/24 19:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011/07/24 19:31:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011/07/24 16:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\CyberLink
[2011/07/24 16:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Youcam
[2011/07/24 16:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\CyberLink
[2011/07/24 16:39:19 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/07/24 16:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\CyberLink YouCam
[2011/07/24 16:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2011/07/24 16:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/07/24 16:33:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2011/07/24 16:32:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/07/24 16:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/07/24 13:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Identities
[2011/07/24 13:50:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Music
[2011/07/24 13:50:02 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/07/24 13:50:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Pictures
[2011/07/24 13:49:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Microsoft
[2011/07/24 13:49:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user\Application Data\Microsoft
[2011/07/24 13:49:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\SendTo
[2011/07/24 13:49:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2011/07/24 13:49:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Application Data
[2011/07/24 13:49:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Startup
[2011/07/24 13:49:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu
[2011/07/24 13:49:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents
[2011/07/24 13:49:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Favorites
[2011/07/24 13:49:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Accessories
[2011/07/24 13:49:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\IETldCache
[2011/07/24 13:49:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\Cookies
[2011/07/24 13:49:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\Templates
[2011/07/24 13:49:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\PrintHood
[2011/07/24 13:49:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\NetHood
[2011/07/24 13:49:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\Local Settings
[2011/07/24 13:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\WinRAR
[2011/07/24 13:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Mozilla
[2011/07/24 13:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Mozilla
[2011/07/24 13:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop
[2011/07/24 13:48:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/24 13:48:12 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/07/24 13:48:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/07/24 13:48:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/07/24 13:47:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/07/24 13:47:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/07/24 13:44:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/07/24 13:44:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/07/24 13:44:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/07/24 13:44:30 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/07/24 13:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/07/24 13:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/07/24 13:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/07/24 13:43:50 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/07/24 13:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/07/24 13:43:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/07/24 13:43:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/07/24 13:43:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/07/24 13:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/07/24 13:43:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/07/24 13:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/07/24 13:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/07/24 13:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/07/24 13:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/07/24 13:42:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/07/24 13:41:52 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/07/24 13:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/07/24 13:41:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/07/24 13:41:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/07/24 13:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet
[2011/07/24 13:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/07/24 13:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/07/24 13:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/07/24 13:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Firefox
[2011/07/24 13:38:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRM
[2011/07/24 13:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/07/24 13:37:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/07/24 13:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/07/24 13:37:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/07/24 13:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/07/24 13:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/07/24 13:36:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/07/24 13:36:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/07/24 13:34:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/27 17:17:00 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/07/27 16:35:18 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E18E7E31-19AD-43D1-90BA-748CD78B69E9}.job
[2011/07/27 14:03:22 | 000,379,284 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/27 14:03:22 | 000,052,414 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/27 13:59:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/27 13:59:12 | 000,182,179 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/27 13:59:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/26 15:21:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/26 14:52:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/26 13:11:23 | 000,067,584 | RHS- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\ze870rrhid.exe
[2011/07/26 10:47:29 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\NJStar Communicator.lnk
[2011/07/26 10:47:29 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NJStar Communicator.lnk
[2011/07/26 10:00:26 | 000,067,584 | RHS- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\yyoupql0.exe
[2011/07/26 10:00:26 | 000,067,584 | RHS- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\djozvv66m8.exe
[2011/07/26 10:00:24 | 000,067,584 | RHS- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\hcdi8e1v7w.exe
[2011/07/26 09:58:11 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Celcom Broadband.lnk
[2011/07/26 07:20:50 | 000,000,014 | ---- | M] () -- C:\Documents and Settings\user\log
[2011/07/26 07:16:24 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\user\Desktop\IE.lnk
[2011/07/25 11:54:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/25 02:04:31 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/07/25 01:39:12 | 000,000,021 | ---- | M] () -- C:\WINDOWS\tpcsd
[2011/07/24 23:03:05 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\user\Video.lnk
[2011/07/24 23:03:05 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\user\Pictures.lnk
[2011/07/24 23:03:05 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\user\Passwords.lnk
[2011/07/24 23:03:05 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\user\New Folder.lnk
[2011/07/24 23:03:05 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\user\Music.lnk
[2011/07/24 23:03:05 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\user\Documents.lnk
[2011/07/24 22:43:00 | 000,067,584 | RHS- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\xxnou93a.exe
[2011/07/24 22:42:59 | 000,067,584 | RHS- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\v03m69703.exe
[2011/07/24 22:30:32 | 017,293,368 | ---- | M] ( ) -- C:\Documents and Settings\user\Desktop\CyberLink.2525_YUC100108-03.exe.part
[2011/07/24 22:09:22 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\USB Disk Security.lnk
[2011/07/24 22:05:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\user\Desktop\CyberLink.2525_YUC100108-03.exe
[2011/07/24 21:59:09 | 000,099,840 | RHS- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\xsnojzavrrn.exe
[2011/07/24 21:59:09 | 000,099,328 | RHS- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\70njo87.exe
[2011/07/24 21:59:07 | 000,099,840 | RHS- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\fl61nijo.exe
[2011/07/24 21:32:57 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/07/24 19:41:54 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/07/24 19:32:49 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011/07/24 19:32:49 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011/07/24 19:03:43 | 000,000,125 | RHS- | M] () -- C:\Documents and Settings\user\autorun.inf
[2011/07/24 19:03:12 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\user\Desktop\CyberLink YouCam.lnk
[2011/07/24 16:37:17 | 000,131,072 | RHS- | M] () -- C:\Documents and Settings\user\cuecuf.scr
[2011/07/24 13:50:25 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/24 13:47:46 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/07/24 13:47:29 | 000,100,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/24 13:46:31 | 000,000,630 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/24 13:46:05 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/24 13:46:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/07/24 13:46:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/07/24 13:46:05 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/07/24 13:46:05 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/07/24 13:46:01 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/24 13:46:01 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/24 13:45:52 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/24 13:45:33 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/24 13:45:24 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/24 13:41:49 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/24 13:34:14 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/26 15:21:36 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/26 14:52:34 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/26 13:11:26 | 000,067,584 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\ze870rrhid.exe
[2011/07/26 10:47:29 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\NJStar Communicator.lnk
[2011/07/26 10:47:29 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NJStar Communicator.lnk
[2011/07/26 10:00:30 | 000,067,584 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\djozvv66m8.exe
[2011/07/26 10:00:29 | 000,067,584 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\yyoupql0.exe
[2011/07/26 10:00:29 | 000,067,584 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\hcdi8e1v7w.exe
[2011/07/26 09:58:07 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Celcom Broadband.lnk
[2011/07/26 08:44:40 | 000,187,566 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2011/07/26 07:16:24 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\user\Desktop\IE.lnk
[2011/07/25 12:51:44 | 000,146,036 | R--- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2011/07/25 02:04:12 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/07/25 01:39:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\tpcsd
[2011/07/25 01:05:41 | 000,000,553 | R--- | C] () -- C:\WINDOWS\USetup.iss
[2011/07/25 01:05:20 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/07/24 23:37:10 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\user\log
[2011/07/24 22:46:41 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/07/24 22:43:03 | 000,067,584 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\xxnou93a.exe
[2011/07/24 22:43:03 | 000,067,584 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\v03m69703.exe
[2011/07/24 22:10:58 | 000,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E18E7E31-19AD-43D1-90BA-748CD78B69E9}.job
[2011/07/24 22:09:22 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\USB Disk Security.lnk
[2011/07/24 22:05:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Desktop\CyberLink.2525_YUC100108-03.exe
[2011/07/24 21:59:13 | 000,099,840 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\xsnojzavrrn.exe
[2011/07/24 21:59:12 | 000,099,328 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\70njo87.exe
[2011/07/24 21:59:11 | 000,099,840 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\fl61nijo.exe
[2011/07/24 21:43:55 | 006,416,928 | ---- | C] () -- C:\WINDOWS\System\DriveIcon.dll
[2011/07/24 21:42:41 | 001,826,816 | R--- | C] () -- C:\WINDOWS\SkyTel.EXE
[2011/07/24 21:32:57 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2011/07/24 21:25:23 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/24 21:25:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/24 21:24:52 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/07/24 21:24:32 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/07/24 21:24:32 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/07/24 21:24:32 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/07/24 21:24:32 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/07/24 21:24:32 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/07/24 21:24:32 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/07/24 21:24:32 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/07/24 21:24:32 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/07/24 21:24:32 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/07/24 21:24:32 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/07/24 21:24:32 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/07/24 21:24:31 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/07/24 21:24:31 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2011/07/24 21:24:31 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/07/24 21:24:31 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/07/24 21:24:31 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/07/24 21:24:31 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/07/24 21:24:31 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/07/24 21:24:31 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/07/24 21:23:29 | 000,002,016 | ---- | C] () -- C:\WINDOWS\System32\nvsmb.nvu
[2011/07/24 21:23:14 | 000,100,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/24 21:22:27 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2011/07/24 21:22:22 | 000,000,630 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/24 19:53:41 | 000,155,408 | ---- | C] () -- C:\WINDOWS\System32\netathw.inf
[2011/07/24 19:53:41 | 000,034,415 | ---- | C] () -- C:\WINDOWS\System32\netathw.cat
[2011/07/24 19:51:55 | 000,627,546 | ---- | C] () -- C:\WINDOWS\System32\bcmwl5.inf
[2011/07/24 19:51:55 | 000,013,349 | ---- | C] () -- C:\WINDOWS\System32\bcm43xx.cat
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32D.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32C.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32D.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32C.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32D.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32C.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32D.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32C.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32D.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32C.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32D.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32C.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32D.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32C.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32D.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32C.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32D.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32C.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32D.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32C.BAT
[2011/07/24 19:51:55 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2011/07/24 19:47:04 | 000,000,898 | ---- | C] () -- C:\WINDOWS\System32\nvsmu.nvu
[2011/07/24 19:46:02 | 006,184,960 | ---- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll
[2011/07/24 19:43:14 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\My Bluetooth Places.lnk
[2011/07/24 19:41:54 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/07/24 19:32:49 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011/07/24 19:32:49 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011/07/24 19:30:58 | 000,000,520 | R--- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2011/07/24 19:30:58 | 000,000,520 | R--- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2011/07/24 19:30:58 | 000,000,008 | R--- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2011/07/24 19:03:45 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\user\Video.lnk
[2011/07/24 19:03:45 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\user\Pictures.lnk
[2011/07/24 19:03:45 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\user\Passwords.lnk
[2011/07/24 19:03:45 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\user\New Folder.lnk
[2011/07/24 19:03:45 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\user\Music.lnk
[2011/07/24 19:03:45 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\user\Documents.lnk
[2011/07/24 19:03:43 | 000,000,125 | RHS- | C] () -- C:\Documents and Settings\user\autorun.inf
[2011/07/24 16:39:08 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\user\Desktop\CyberLink YouCam.lnk
[2011/07/24 16:37:17 | 000,131,072 | RHS- | C] () -- C:\Documents and Settings\user\cuecuf.scr
[2011/07/24 16:33:05 | 000,182,179 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/24 16:33:02 | 000,018,070 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2011/07/24 16:31:36 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011/07/24 16:31:34 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011/07/24 16:31:34 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011/07/24 16:31:32 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011/07/24 16:31:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2011/07/24 16:31:29 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011/07/24 16:31:27 | 001,363,968 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/07/24 16:31:19 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/07/24 16:31:16 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/07/24 13:50:25 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/24 13:50:10 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Outlook Express.lnk
[2011/07/24 13:49:36 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Remote Assistance.lnk
[2011/07/24 13:49:36 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Windows Media Player.lnk
[2011/07/24 13:47:46 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/07/24 13:46:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/24 13:46:05 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/24 13:46:05 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/07/24 13:46:05 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/07/24 13:46:05 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/07/24 13:46:05 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/07/24 13:45:54 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/24 13:45:54 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/24 13:45:52 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/24 13:45:33 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/24 13:44:28 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/07/24 13:41:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/24 13:39:14 | 002,359,352 | ---- | C] () -- C:\WINDOWS\StartOrb.bmp
[2011/07/24 13:37:12 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/07/24 13:37:12 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/07/24 13:37:10 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/07/24 13:37:04 | 000,062,694 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/07/24 13:36:57 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\msdtc.exe
[2009/06/15 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/06/15 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/06/15 20:00:00 | 000,379,284 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/15 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/06/15 20:00:00 | 000,258,816 | ---- | C] () -- C:\WINDOWS\System32\tewnkuei.dat
[2009/06/15 20:00:00 | 000,222,976 | ---- | C] () -- C:\WINDOWS\System32\ubfdgcfz.dat
[2009/06/15 20:00:00 | 000,221,696 | ---- | C] () -- C:\WINDOWS\System32\dmadmin.exe
[2009/06/15 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/06/15 20:00:00 | 000,154,368 | ---- | C] () -- C:\WINDOWS\System32\kijdtimd.dat
[2009/06/15 20:00:00 | 000,137,472 | ---- | C] () -- C:\WINDOWS\System32\nzalcitc.dat
[2009/06/15 20:00:00 | 000,131,584 | ---- | C] () -- C:\WINDOWS\System32\rsvp.exe
[2009/06/15 20:00:00 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\netdde.exe
[2009/06/15 20:00:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\SCardSvr.exe
[2009/06/15 20:00:00 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\locator.exe
[2009/06/15 20:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\tlntsvr.exe
[2009/06/15 20:00:00 | 000,058,112 | ---- | C] () -- C:\WINDOWS\System32\fvhriobl.dat
[2009/06/15 20:00:00 | 000,055,040 | ---- | C] () -- C:\WINDOWS\System32\efqcxwxg.dat
[2009/06/15 20:00:00 | 000,052,414 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/15 20:00:00 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\clipsrv.exe
[2009/06/15 20:00:00 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\ntsd.exe
[2009/06/15 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/06/15 20:00:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\shmgrate.exe
[2009/06/15 20:00:00 | 000,042,240 | ---- | C] () -- C:\WINDOWS\System32\yxtoaarn.dat
[2009/06/15 20:00:00 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\oguxnyyp.dat
[2009/06/15 20:00:00 | 000,031,488 | ---- | C] () -- C:\WINDOWS\System32\mbqcfxoe.dat
[2009/06/15 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/06/15 20:00:00 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\ups.exe
[2009/06/15 20:00:00 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\control.exe
[2009/06/15 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/06/15 20:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/06/15 20:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\dllhost.exe
[2009/06/15 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/06/15 20:00:00 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/09/11 12:24:28 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/09/11 12:12:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/07/24 19:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broadcom
[2011/07/24 22:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/07/25 02:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/07/24 16:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/07/24 23:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ESET
[2011/07/25 02:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IObit
[2011/07/26 10:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\NJStar
[2011/07/24 23:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\updates
[2011/07/27 17:17:00 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/07/27 16:35:18 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E18E7E31-19AD-43D1-90BA-748CD78B69E9}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 28 July 2011 - 11:04 AM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 

:processes
killallprocesses

:Services
Spooler
MSIServer
ImapiService
awnrqpgi

:OTL
SRV - File not found [Auto | Stopped] -- -- (Spooler)
SRV - File not found [On_Demand | Stopped] -- -- (MSIServer)
SRV - File not found [On_Demand | Stopped] -- -- (ImapiService)
SRV - [2011/07/24 22:46:38 | 000,813,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\vnfuiwwn.dll -- (awnrqpgi)
O2 - BHO: () - {6A5BBC74-8147-8F5F-E6D4-64EC17B7AF92} - C:\WINDOWS\system32\vnfuiwwn.dll (Microsoft Corporation)
O2 - BHO: (NJStarBHO Class) - {E74F179F-F6CC-4BE0-9638-DEA49583953F} - C:\Program Files\NJStar Communicator\NJStarBHO32.dll (NJStar Software Corp.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Regedit32] File not found
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (zbshareware, Inc)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] File not found
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\70njo87.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\djozvv66m8.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\fl61nijo.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\hcdi8e1v7w.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\v03m69703.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\xsnojzavrrn.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\xxnou93a.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\yyoupql0.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\ze870rrhid.exe ()
[2011/07/26 13:11:26 | 000,067,584 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\ze870rrhid.exe
[2011/07/26 10:47:29 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\NJStar Communicator.lnk
[2011/07/26 10:47:29 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NJStar Communicator.lnk
[2011/07/26 10:00:30 | 000,067,584 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\djozvv66m8.exe
[2011/07/26 10:00:29 | 000,067,584 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\yyoupql0.exe
[2011/07/26 10:00:29 | 000,067,584 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\hcdi8e1v7w.exe
[2011/07/26 07:16:24 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\user\Desktop\IE.lnk
[2011/07/25 02:04:12 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/07/24 22:46:41 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/07/24 22:43:03 | 000,067,584 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\xxnou93a.exe
[2011/07/24 22:43:03 | 000,067,584 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\v03m69703.exe
[2011/07/24 22:10:58 | 000,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E18E7E31-19AD-43D1-90BA-748CD78B69E9}.job
[2011/07/24 22:09:22 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\USB Disk Security.lnk
[2011/07/24 22:05:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Desktop\CyberLink.2525_YUC100108-03.exe
[2011/07/24 21:59:13 | 000,099,840 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\xsnojzavrrn.exe
[2011/07/24 21:59:12 | 000,099,328 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\70njo87.exe
[2011/07/24 21:59:11 | 000,099,840 | RHS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\fl61nijo.exe
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-2264126421-8124159057-191515620-1481\djwi2kcew.exe) - File not found
O33 - MountPoints2\{4b932828-b728-11e0-87c4-001e68b76fc1}\Shell - "" = AutoRun
O33 - MountPoints2\{4b932828-b728-11e0-87c4-001e68b76fc1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4b932828-b728-11e0-87c4-001e68b76fc1}\Shell\AutoRun\command - "" = G:\Install.exe -- [2010/07/24 11:24:46 | 000,302,392 | R--- | M] ()
O33 - MountPoints2\{be11562c-b5f9-11e0-87af-001e68b76fc1}\Shell - "" = AutoRun
O33 - MountPoints2\{be11562c-b5f9-11e0-87af-001e68b76fc1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be11562c-b5f9-11e0-87af-001e68b76fc1}\Shell\AutoRun\command - "" = E:\Install.exe
O33 - MountPoints2\{beda1b5d-b5cf-11e0-87ab-001e68b76fc1}\Shell - "" = AutoRun
O33 - MountPoints2\{beda1b5d-b5cf-11e0-87ab-001e68b76fc1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{beda1b5d-b5cf-11e0-87ab-001e68b76fc1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL xOaUsUf.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Install.exe

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\WINDOWS\Tasks\At*.job 
   
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Ron
  • 0

#3
jennyllm
Posted 31 July 2011 - 01:55 AM

jennyllm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Ron,

I'd followed your instruction to copy & paste the code box to run fix. When it was running, a windows command processor error znd internet explorer error popup. i just click don't send. After more than 16 hours of running the fix, I'd realised from the windows task manager stated the OTL is not responding. So I use the force shut down to shut down my laptop. But after my windows reboot, i'd found that my laptop got a lots of problem. I can't run anything so I choose to reboot from the last known good configuration but again, i can't install my drivers because of the rundll32 error. What should i do now? I can't even connect my broadband. Help advise! Thanks!!
  • 0

#4
RKinner
Posted 31 July 2011 - 02:02 AM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Try Safe Mode with Networking
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

To get the internet to work:

In IE, Files, uncheck Work Offline. Restart IE and test. If still no good:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, (Tools or the Firefox button), Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Restart and test. If still no good:

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box: 

ipconfig /flushdns

netsh  winsock  reset catalog

netsh  int ip reset reset.log
(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Reboot and test. If it still doesn't work:


1. Click "Start," click "Control Panel," click "Network and Internet Connections," and then click "Network Connections."
2. Right-click the network connection that you want to configure (the one you use to connect to the Internet), and then click Properties.
3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click "Internet Protocol (TCP/IP)", and then click "Properties."

4. Click "Use the following DNS server addresses," and then type 8.8.8.8 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

5. Click "OK"

Reboot and test. If it still doesn't work:

(Start) Right click on My Computer, select Manage then Device Manager. Find the Network Adapters and click on the + in front to open up the sub entries. Right click on each sun-entry under Network Adapters and Uninstall. (Doesn't hurt to write down the names in case you need to download the drivers from the PC Maker's website. Normally you don't but with malware you never know.) Reboot and test. If it still doesn't work:

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box: 

ipconfig  /all
ipconfig  /release
ipconfig  /renew
ipconfig  /all

Report any errors you get and the IP addresses of the last ipconfig /all

Ron
  • 0

#5
jennyllm
Posted 31 July 2011 - 02:24 AM

jennyllm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
My broadband had been connected to my laptop but there is no service available. I cannot connect it. But I used that broadband to another laptop, it works. I tried the command prompt, a windows command processor error popup, 3 options to choose, 1-debug, 2-senderror report, 3-don't send. I'd select don't send & the command prompt closed automatically. In the network connections, I can't see the one that i used to connect even though i had plug in to the usb. When I tried the device manager, I click to select device manager when i right click my computer, it totally did not run. How can i get my broadband to run in my laptop? I think my laptop cannot detect my broadband at all.
  • 0

#6
jennyllm
Posted 31 July 2011 - 02:30 AM

jennyllm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
When I first login to my windows, I get an update.exe - Application Error (The instruction at "0x00000000" referenced memory at "0x00000000". The memory could not be "read". Click on OK to terminate the program. Click on CANCEL to debug the program.)
  • 0

#7
jennyllm
Posted 31 July 2011 - 02:31 AM

jennyllm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Do you want me to run the otl scan again and post the log to you?
  • 0

#8
RKinner
Posted 31 July 2011 - 07:28 AM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Yes. Let's see what is going on.
  • 0

#9
jennyllm
Posted 31 July 2011 - 08:48 AM

jennyllm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I'd made the quick scan with OTL & scan complete but why i didn't get any logs like usual? What should i do now?
  • 0

#10
RKinner
Posted 31 July 2011 - 09:36 AM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
See if there are any logs in the folder:
C:\_OTL\MovedFiles\

If so copy and paste them.

Go on and try MalwareBytesAntiMalware and Combofix.

Ron
  • 0

Advertisements

#11
jennyllm
Posted 31 July 2011 - 09:51 AM

jennyllm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OTL logfile created on: 7/31/2011 11:11:05 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.25 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 81.76% Memory free
3.97 Gb Paging File | 3.68 Gb Available in Paging File | 92.61% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 69.25 Gb Free Space | 92.92% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 15.97 Gb Free Space | 21.43% Space Free | Partition Type: NTFS
Drive G: | 15.01 Gb Total Space | 14.96 Gb Free Space | 99.71% Space Free | Partition Type: FAT32

Computer Name: USER-0467F99F79 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\explorer.exe:userini.exe
PRC - [2011/07/31 16:36:44 | 001,870,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2011/07/31 14:42:09 | 000,129,536 | -H-- | M] () -- C:\Documents and Settings\user\Application Data\WMPRWISE.EXE
PRC - [2011/07/31 14:39:53 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Temp\qtfcyyp.exe
PRC - [2011/07/31 11:17:34 | 000,247,808 | ---- | M] () -- C:\WINDOWS\Temp\Mkx.exe
PRC - [2011/07/30 23:07:33 | 000,081,408 | ---- | M] ( ) -- C:\Documents and Settings\user\Application Data\0b5u.exe
PRC - [2011/07/28 11:41:43 | 000,454,656 | ---- | M] (A Tech Group) -- D:\softwares\Notepad\pnpsetup.exe
PRC - [2011/07/07 12:47:12 | 000,606,720 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2010/07/23 11:24:24 | 000,138,552 | ---- | M] () -- C:\Program Files\Celcom Broadband\UIExec.exe
PRC - [2009/06/15 20:00:00 | 000,147,456 | ---- | M] () -- C:\WINDOWS\Resources\DiamondStyle\LClock\LClock.exe
PRC - [2009/06/15 20:00:00 | 000,061,440 | -H-- | M] () -- C:\WINDOWS\system32\ffke7y.exe
PRC - [2007/09/11 12:26:12 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/07/17 22:40:30 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe


========== Modules (SafeList) ==========

MOD - [2011/07/07 12:47:12 | 000,606,720 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
MOD - [2009/06/15 20:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll
MOD - [2007/09/11 12:24:00 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/24 22:46:38 | 000,813,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\vnfuiwwn.dll -- (awnrqpgi)
SRV - [2009/06/15 20:00:00 | 000,221,696 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2009/06/15 20:00:00 | 000,131,584 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)
SRV - [2009/06/15 20:00:00 | 000,124,928 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2009/06/15 20:00:00 | 000,108,032 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2009/06/15 20:00:00 | 000,108,032 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2009/06/15 20:00:00 | 000,092,672 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\SCardSvr.exe -- (SCardSvr)
SRV - [2009/06/15 20:00:00 | 000,074,240 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2009/06/15 20:00:00 | 000,070,656 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2009/06/15 20:00:00 | 000,052,224 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2009/06/15 20:00:00 | 000,025,088 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2009/06/15 20:00:00 | 000,017,408 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2009/06/15 20:00:00 | 000,004,096 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2009/06/15 20:00:00 | 000,004,096 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2007/02/17 06:24:38 | 000,032,768 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Driver Services (SafeList) ==========

DRV - [2008/09/11 02:39:08 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/08/25 11:22:40 | 000,014,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/05/14 17:03:12 | 004,742,144 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/12/13 18:21:56 | 000,547,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/04/16 19:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 53 C8 AB 37 4B CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/07/26 09:29:41 | 000,000,000 | ---D | M]

[2011/07/24 13:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2011/07/24 13:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c428jk6m.default\extensions

O1 HOSTS File: ([2011/07/31 23:10:09 | 000,000,063 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 www.Brenz.pl
O1 - Hosts: ::1 localhost
O2 - BHO: () - {6A5BBC74-8147-8F5F-E6D4-64EC17B7AF92} - C:\WINDOWS\system32\vnfuiwwn.dll (Microsoft Corporation)
O4 - HKLM..\Run: [8DDYX0ZBPZ] C:\WINDOWS\Temp\Mkx.exe ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [f099kno] C:\Documents and Settings\user\Application Data\0b5u.exe ( )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [UIExec] C:\Program Files\Celcom Broadband\UIExec.exe ()
O4 - HKLM..\Run: [userini] C:\WINDOWS\system32\userini.exe ()
O4 - HKCU..\Run: [8DDYX0ZBPZ] C:\WINDOWS\Temp\Mkx.exe ()
O4 - HKCU..\Run: [engel] C:\Documents and Settings\user\Application Data\updates\updates.exe ()
O4 - HKCU..\Run: [LClock] C:\WINDOWS\Resources\DiamondStyle\LClock\LClock.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Microsoft Firewall 2.9] C:\Documents and Settings\user\Application Data\WMPRWISE.EXE ()
O4 - HKCU..\Run: [userini] C:\WINDOWS\system32\userini.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 60xu9 = C:\DOCUME~1\user\LOCALS~1\Temp\qtfcyyp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: userini = C:\WINDOWS\system32\userini.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: apps = C:\WINDOWS\system32\ffke7y.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: userini = C:\WINDOWS\system32\userini.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/24 13:46:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/31 23:03:20 | 000,606,720 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/07/31 16:06:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/07/31 14:42:24 | 000,157,184 | ---- | C] (-) -- C:\Documents and Settings\user\Application Data\ssjat8hre.exe
[2011/07/31 14:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\updates
[2011/07/31 08:13:58 | 000,240,640 | ---- | C] (Gable) -- C:\WINDOWS\System32\drivers\svajnager.exe
[2011/07/31 08:13:58 | 000,236,032 | ---- | C] (Flee Gusty Wagon Biker) -- C:\WINDOWS\System32\drivers\svajnager.exe961
[2011/07/30 23:20:10 | 000,157,184 | ---- | C] (-) -- C:\Documents and Settings\user\Application Data\daiu49ahx.exe
[2011/07/30 23:07:34 | 000,081,408 | ---- | C] ( ) -- C:\Documents and Settings\user\Application Data\0b5u.exe
[2011/07/29 15:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/07/29 15:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/07/29 15:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/07/29 14:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/07/28 11:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\A Tech Group
[2011/07/27 16:24:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/26 21:57:52 | 000,000,000 | ---D | C] -- C:\Jenny
[2011/07/26 15:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2011/07/26 15:21:36 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/26 15:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/26 15:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/26 15:21:33 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/26 15:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/26 14:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/26 14:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/26 10:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\NJStar Communicator
[2011/07/26 10:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\NJStar
[2011/07/26 10:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NJStar Communicator
[2011/07/26 10:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\NJStar Communicator
[2011/07/26 09:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Celcom Broadband
[2011/07/26 09:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Celcom Broadband
[2011/07/26 08:49:24 | 002,835,968 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2011/07/25 12:05:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/07/25 12:05:19 | 000,000,000 | ---D | C] -- C:\80687f2be5c02c4dc6
[2011/07/25 11:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/07/25 02:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\IObit
[2011/07/25 02:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/07/25 01:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Acer Crystal Eye webcam
[2011/07/25 01:12:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\BUVC_AP
[2011/07/25 01:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\InstallShield
[2011/07/25 01:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/07/25 00:00:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/07/25 00:00:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/24 23:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011/07/24 23:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\ESET
[2011/07/24 23:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\ESET
[2011/07/24 22:57:07 | 000,033,096 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwndis.sys
[2011/07/24 22:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/24 22:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/07/24 22:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/07/24 22:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Google
[2011/07/24 22:43:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\PrivacIE
[2011/07/24 22:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Macromedia
[2011/07/24 22:11:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\IECompatCache
[2011/07/24 22:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\USB Disk Security
[2011/07/24 22:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USB Disk Security
[2011/07/24 22:05:50 | 017,293,368 | ---- | C] ( ) -- C:\Documents and Settings\user\Desktop\CyberLink.2525_YUC100108-03.exe.part
[2011/07/24 22:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2011/07/24 21:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\SuYin
[2011/07/24 21:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Adobe
[2011/07/24 21:35:54 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2011/07/24 21:35:54 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2011/07/24 21:35:54 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2011/07/24 21:35:54 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
[2011/07/24 21:35:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SupportAppXL
[2011/07/24 21:25:20 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/07/24 21:25:19 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/07/24 21:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/07/24 21:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/07/24 21:24:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/07/24 21:24:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/07/24 21:24:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/07/24 21:24:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/07/24 21:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/07/24 21:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/07/24 21:24:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/07/24 21:24:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/07/24 21:24:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/07/24 21:24:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/07/24 21:23:54 | 000,547,904 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\ar5211.sys
[2011/07/24 21:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/07/24 21:23:15 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/07/24 21:19:57 | 000,000,000 | --SD | C] -- C:\WINDOWS\Offline Web Pages
[2011/07/24 21:19:57 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/07/24 21:19:57 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/07/24 21:19:57 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/07/24 21:19:57 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/07/24 21:19:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/07/24 21:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/07/24 20:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Drvers
[2011/07/24 20:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/07/24 19:56:48 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2011/07/24 19:56:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Administrative Tools
[2011/07/24 19:53:41 | 001,315,776 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athw.sys
[2011/07/24 19:53:41 | 001,315,776 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athw.sys
[2011/07/24 19:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2011/07/24 19:53:21 | 000,000,000 | ---D | C] -- C:\temp
[2011/07/24 19:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2011/07/24 19:51:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2011/07/24 19:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2011/07/24 19:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Broadcom
[2011/07/24 19:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/07/24 19:48:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/07/24 19:46:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/07/24 19:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USB 2.0 Card Reader
[2011/07/24 19:46:02 | 000,266,240 | ---- | C] (Realtek Semiconduct Corp. ) -- C:\WINDOWS\System32\rts5121.dll
[2011/07/24 19:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\USB 2.0 Card Reader
[2011/07/24 19:45:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/07/24 19:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2011/07/24 19:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011/07/24 19:31:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011/07/24 16:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\CyberLink
[2011/07/24 16:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Youcam
[2011/07/24 16:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\CyberLink
[2011/07/24 16:39:19 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/07/24 16:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\CyberLink YouCam
[2011/07/24 16:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2011/07/24 16:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/07/24 16:33:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2011/07/24 16:32:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/07/24 16:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/07/24 13:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Identities
[2011/07/24 13:50:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Music
[2011/07/24 13:50:02 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/07/24 13:50:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Pictures
[2011/07/24 13:49:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Microsoft
[2011/07/24 13:49:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user\Application Data\Microsoft
[2011/07/24 13:49:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\SendTo
[2011/07/24 13:49:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2011/07/24 13:49:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Application Data
[2011/07/24 13:49:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Startup
[2011/07/24 13:49:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu
[2011/07/24 13:49:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents
[2011/07/24 13:49:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Favorites
[2011/07/24 13:49:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Accessories
[2011/07/24 13:49:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\IETldCache
[2011/07/24 13:49:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\Cookies
[2011/07/24 13:49:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\Templates
[2011/07/24 13:49:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\PrintHood
[2011/07/24 13:49:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\NetHood
[2011/07/24 13:49:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\Local Settings
[2011/07/24 13:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\WinRAR
[2011/07/24 13:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Mozilla
[2011/07/24 13:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Mozilla
[2011/07/24 13:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop
[2011/07/24 13:48:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/24 13:48:12 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/07/24 13:48:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/07/24 13:48:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/07/24 13:47:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/07/24 13:47:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/07/24 13:44:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/07/24 13:44:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/07/24 13:44:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/07/24 13:44:30 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/07/24 13:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/07/24 13:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/07/24 13:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/07/24 13:43:50 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/07/24 13:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/07/24 13:43:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/07/24 13:43:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/07/24 13:43:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/07/24 13:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/07/24 13:43:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/07/24 13:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/07/24 13:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/07/24 13:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/07/24 13:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/07/24 13:42:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/07/24 13:41:52 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/07/24 13:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/07/24 13:41:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/07/24 13:41:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/07/24 13:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet
[2011/07/24 13:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/07/24 13:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/07/24 13:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/07/24 13:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Firefox
[2011/07/24 13:38:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRM
[2011/07/24 13:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/07/24 13:37:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/07/24 13:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/07/24 13:37:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/07/24 13:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/07/24 13:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/07/24 13:36:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/07/24 13:36:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/07/24 13:34:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/31 23:11:40 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/31 22:56:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/07/31 22:54:01 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/07/31 22:27:39 | 000,045,628 | ---- | M] () -- C:\WINDOWS\System32\userini.exe
[2011/07/31 22:24:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/07/31 22:21:41 | 000,380,160 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/31 22:21:40 | 000,052,932 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/31 22:17:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/31 22:17:46 | 000,182,179 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/31 22:17:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/31 15:06:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\setup.INI
[2011/07/31 14:46:07 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\user\Application Data\4ldb7kiyd.exe
[2011/07/31 14:44:23 | 000,157,184 | ---- | M] (-) -- C:\Documents and Settings\user\Application Data\ssjat8hre.exe
[2011/07/31 14:44:11 | 000,240,640 | ---- | M] (Gable) -- C:\WINDOWS\System32\drivers\svajnager.exe
[2011/07/31 14:44:11 | 000,000,017 | ---- | M] () -- C:\WINDOWS\keys.ini
[2011/07/31 14:42:09 | 000,129,536 | -H-- | M] () -- C:\Documents and Settings\user\Application Data\WMPRWISE.EXE
[2011/07/31 08:13:58 | 000,236,032 | ---- | M] (Flee Gusty Wagon Biker) -- C:\WINDOWS\System32\drivers\svajnager.exe961
[2011/07/31 08:13:58 | 000,000,017 | ---- | M] () -- C:\WINDOWS\keys.ini249
[2011/07/31 01:08:23 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\mlog
[2011/07/30 23:22:58 | 000,157,184 | ---- | M] (-) -- C:\Documents and Settings\user\Application Data\daiu49ahx.exe
[2011/07/30 23:16:17 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\user\Application Data\oi0a5uij.exe
[2011/07/30 23:07:34 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\user\Application Data\c4ib5fma.bat
[2011/07/30 23:07:34 | 000,000,103 | -H-- | M] () -- C:\Documents and Settings\user\Application Data\MouseDriver.bat
[2011/07/30 23:07:33 | 000,081,408 | ---- | M] ( ) -- C:\Documents and Settings\user\Application Data\0b5u.exe
[2011/07/30 21:10:04 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/07/30 20:49:35 | 000,000,014 | ---- | M] () -- C:\Documents and Settings\user\log
[2011/07/29 15:40:22 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/07/29 15:40:22 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/07/26 15:21:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/26 14:52:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/26 09:58:11 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Celcom Broadband.lnk
[2011/07/25 11:54:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/25 01:39:12 | 000,000,021 | ---- | M] () -- C:\WINDOWS\tpcsd
[2011/07/24 23:03:05 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\user\Video.lnk
[2011/07/24 23:03:05 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\user\Pictures.lnk
[2011/07/24 23:03:05 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\user\Passwords.lnk
[2011/07/24 23:03:05 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\user\New Folder.lnk
[2011/07/24 23:03:05 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\user\Music.lnk
[2011/07/24 23:03:05 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\user\Documents.lnk
[2011/07/24 22:30:32 | 017,293,368 | ---- | M] ( ) -- C:\Documents and Settings\user\Desktop\CyberLink.2525_YUC100108-03.exe.part
[2011/07/24 21:32:57 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/07/24 19:41:54 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/07/24 19:32:49 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011/07/24 19:32:49 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011/07/24 19:03:43 | 000,000,125 | RHS- | M] () -- C:\Documents and Settings\user\autorun.inf
[2011/07/24 19:03:12 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\user\Desktop\CyberLink YouCam.lnk
[2011/07/24 16:37:17 | 000,131,072 | RHS- | M] () -- C:\Documents and Settings\user\cuecuf.scr
[2011/07/24 13:50:25 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/24 13:47:46 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/07/24 13:47:29 | 000,100,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/24 13:46:31 | 000,000,630 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/24 13:46:05 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/24 13:46:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/07/24 13:46:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/07/24 13:46:05 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/07/24 13:46:05 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/07/24 13:46:01 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/24 13:46:01 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/24 13:45:52 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/24 13:45:33 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/24 13:45:24 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/24 13:41:49 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/07 12:47:12 | 000,606,720 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/31 22:27:36 | 000,045,628 | ---- | C] () -- C:\WINDOWS\System32\userini.exe
[2011/07/31 15:06:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup.INI
[2011/07/31 14:44:38 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\user\Application Data\4ldb7kiyd.exe
[2011/07/31 14:42:17 | 000,129,536 | -H-- | C] () -- C:\Documents and Settings\user\Application Data\WMPRWISE.EXE
[2011/07/31 11:18:25 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/07/31 11:17:38 | 000,000,248 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/07/31 11:17:20 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/07/31 08:13:58 | 000,000,017 | ---- | C] () -- C:\WINDOWS\keys.ini249
[2011/07/31 08:13:58 | 000,000,017 | ---- | C] () -- C:\WINDOWS\keys.ini
[2011/07/31 01:04:30 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\System32\mlog
[2011/07/30 23:14:29 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\user\Application Data\oi0a5uij.exe
[2011/07/30 23:07:34 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\user\Application Data\c4ib5fma.bat
[2011/07/30 23:07:34 | 000,000,103 | -H-- | C] () -- C:\Documents and Settings\user\Application Data\MouseDriver.bat
[2011/07/30 22:55:14 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/29 15:40:22 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/07/29 15:40:22 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/07/26 15:21:36 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/26 14:52:34 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/26 09:58:07 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Celcom Broadband.lnk
[2011/07/26 09:15:09 | 000,146,036 | R--- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2011/07/26 08:44:40 | 000,187,566 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2011/07/25 01:39:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\tpcsd
[2011/07/25 01:05:41 | 000,000,553 | R--- | C] () -- C:\WINDOWS\USetup.iss
[2011/07/25 01:05:20 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/07/24 23:37:10 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\user\log
[2011/07/24 21:43:55 | 006,416,928 | ---- | C] () -- C:\WINDOWS\System\DriveIcon.dll
[2011/07/24 21:32:57 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2011/07/24 21:25:23 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/24 21:25:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/24 21:24:52 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/07/24 21:24:32 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/07/24 21:24:32 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/07/24 21:24:32 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/07/24 21:24:32 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/07/24 21:24:32 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/07/24 21:24:32 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/07/24 21:24:32 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/07/24 21:24:32 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/07/24 21:24:32 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/07/24 21:24:32 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/07/24 21:24:32 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/07/24 21:24:31 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/07/24 21:24:31 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2011/07/24 21:24:31 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/07/24 21:24:31 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/07/24 21:24:31 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/07/24 21:24:31 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/07/24 21:24:31 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/07/24 21:24:31 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/07/24 21:23:29 | 000,002,016 | ---- | C] () -- C:\WINDOWS\System32\nvsmb.nvu
[2011/07/24 21:23:14 | 000,100,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/24 21:22:27 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2011/07/24 21:22:22 | 000,000,630 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/24 19:53:41 | 000,155,408 | ---- | C] () -- C:\WINDOWS\System32\netathw.inf
[2011/07/24 19:53:41 | 000,034,415 | ---- | C] () -- C:\WINDOWS\System32\netathw.cat
[2011/07/24 19:51:55 | 000,627,546 | ---- | C] () -- C:\WINDOWS\System32\bcmwl5.inf
[2011/07/24 19:51:55 | 000,013,349 | ---- | C] () -- C:\WINDOWS\System32\bcm43xx.cat
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32D.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32C.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32D.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32C.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32D.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32C.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32D.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32C.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32D.BAT
[2011/07/24 19:51:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32C.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32D.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32C.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32D.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32C.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32D.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32C.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32D.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32C.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32D.BAT
[2011/07/24 19:51:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32C.BAT
[2011/07/24 19:51:55 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2011/07/24 19:47:04 | 000,000,898 | ---- | C] () -- C:\WINDOWS\System32\nvsmu.nvu
[2011/07/24 19:46:02 | 006,184,960 | ---- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll
[2011/07/24 19:43:14 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\My Bluetooth Places.lnk
[2011/07/24 19:41:54 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/07/24 19:32:49 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011/07/24 19:32:49 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011/07/24 19:30:58 | 000,000,520 | R--- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2011/07/24 19:30:58 | 000,000,520 | R--- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2011/07/24 19:30:58 | 000,000,008 | R--- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2011/07/24 19:03:45 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\user\Video.lnk
[2011/07/24 19:03:45 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\user\Pictures.lnk
[2011/07/24 19:03:45 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\user\Passwords.lnk
[2011/07/24 19:03:45 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\user\New Folder.lnk
[2011/07/24 19:03:45 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\user\Music.lnk
[2011/07/24 19:03:45 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\user\Documents.lnk
[2011/07/24 19:03:43 | 000,000,125 | RHS- | C] () -- C:\Documents and Settings\user\autorun.inf
[2011/07/24 16:39:08 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\user\Desktop\CyberLink YouCam.lnk
[2011/07/24 16:37:17 | 000,131,072 | RHS- | C] () -- C:\Documents and Settings\user\cuecuf.scr
[2011/07/24 16:33:05 | 000,182,179 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/24 16:33:02 | 000,018,070 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2011/07/24 16:31:36 | 001,654,784 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011/07/24 16:31:34 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011/07/24 16:31:34 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011/07/24 16:31:32 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011/07/24 16:31:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2011/07/24 16:31:29 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011/07/24 16:31:27 | 001,363,968 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/07/24 16:31:19 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/07/24 16:31:16 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/07/24 13:50:25 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/24 13:50:10 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Outlook Express.lnk
[2011/07/24 13:49:36 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Remote Assistance.lnk
[2011/07/24 13:49:36 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Windows Media Player.lnk
[2011/07/24 13:47:46 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/07/24 13:46:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/24 13:46:05 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/24 13:46:05 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/07/24 13:46:05 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/07/24 13:46:05 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/07/24 13:46:05 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/07/24 13:45:54 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/24 13:45:54 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/24 13:45:52 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/24 13:45:33 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/24 13:44:28 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/07/24 13:41:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/24 13:39:14 | 002,359,352 | ---- | C] () -- C:\WINDOWS\StartOrb.bmp
[2011/07/24 13:37:12 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/07/24 13:37:12 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/07/24 13:37:10 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/07/24 13:37:04 | 000,062,694 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/07/24 13:36:57 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\msdtc.exe
[2009/06/15 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/06/15 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/06/15 20:00:00 | 000,409,344 | ---- | C] () -- C:\WINDOWS\System32\ubfdgcfz.dat
[2009/06/15 20:00:00 | 000,380,160 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/15 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/06/15 20:00:00 | 000,258,816 | ---- | C] () -- C:\WINDOWS\System32\tewnkuei.dat
[2009/06/15 20:00:00 | 000,221,696 | ---- | C] () -- C:\WINDOWS\System32\dmadmin.exe
[2009/06/15 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/06/15 20:00:00 | 000,153,856 | ---- | C] () -- C:\WINDOWS\System32\kijdtimd.dat
[2009/06/15 20:00:00 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\nzalcitc.dat
[2009/06/15 20:00:00 | 000,131,584 | ---- | C] () -- C:\WINDOWS\System32\rsvp.exe
[2009/06/15 20:00:00 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\netdde.exe
[2009/06/15 20:00:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\SCardSvr.exe
[2009/06/15 20:00:00 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\locator.exe
[2009/06/15 20:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\tlntsvr.exe
[2009/06/15 20:00:00 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\ffke7y.exe
[2009/06/15 20:00:00 | 000,058,112 | ---- | C] () -- C:\WINDOWS\System32\fvhriobl.dat
[2009/06/15 20:00:00 | 000,055,040 | ---- | C] () -- C:\WINDOWS\System32\efqcxwxg.dat
[2009/06/15 20:00:00 | 000,052,932 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/15 20:00:00 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\clipsrv.exe
[2009/06/15 20:00:00 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\ntsd.exe
[2009/06/15 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/06/15 20:00:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\shmgrate.exe
[2009/06/15 20:00:00 | 000,042,240 | ---- | C] () -- C:\WINDOWS\System32\yxtoaarn.dat
[2009/06/15 20:00:00 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\oguxnyyp.dat
[2009/06/15 20:00:00 | 000,031,488 | ---- | C] () -- C:\WINDOWS\System32\mbqcfxoe.dat
[2009/06/15 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/06/15 20:00:00 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\ups.exe
[2009/06/15 20:00:00 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\control.exe
[2009/06/15 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/06/15 20:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/06/15 20:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\dllhost.exe
[2009/06/15 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/06/15 20:00:00 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/09/11 12:24:28 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/09/11 12:12:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/07/24 19:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broadcom
[2011/07/24 22:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/07/25 02:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/07/24 16:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/07/24 23:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ESET
[2011/07/25 02:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IObit
[2011/07/26 10:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\NJStar
[2011/07/31 14:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\updates
[2011/07/31 22:54:01 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/07/31 22:24:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/07/31 22:56:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 45628 bytes -> C:\WINDOWS\explorer.exe:userini.exe

< End of report >



Did you mean that I just proceed with the malware and combofix without waiting for your instruction for this fixing?
  • 0

#12
jennyllm
Posted 31 July 2011 - 10:07 AM

jennyllm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
For your information,

1. although I had plug in my broadband to my laptop, but my laptop did not detect it & i can't connect it.

2. When i try to open add/ remove programs which I right click on "My Computer" a rundll32.exe popup. Stated that "Windows cannot find 'rundll32.exe'. Make sure you typed the name correctly and ten try again. To search for a file, click the start button, and then click Search."

3. I tried to double click the notepad, device manager but they did not open up.

4. When I click command prompt, a messege popup which stated that "Windows Command Proccessor has encountered a problem and needs to close. We are sorry for the inconvenience."

5. Malwarebytes' Anti-Malware ([OpenEvent] Failed to perform desired action. Error Code:2).

So, I'm unable to go on with the Malware and also the Combofix. Please advise on your next reply. Thanks very much for helping.
  • 0

#13
RKinner
Posted 31 July 2011 - 03:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Can you right click on Start and select Explore? Does Explorer come up?



Can you boot into Safe Mode? ( Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode. Login with your usual login.)

Right click on Start and select Explore.

Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button

Now navigate to C:\Windows\System32

(Click on the Views button and change it to Details.) See if you can find rundll32.exe If not, look in C:\Windows\System32\dllcache. If you find it there copy it then move to C:\Windows\system32 and paste it.

Also see if you can find notepad.exe it should be in C:\Windows\



Try and delete these files:

C:\WINDOWS\system32\vnfuiwwn.dll

C:\Documents and Settings\user\Start Menu\Programs\Startup\70njo87.exe ()
C:\Documents and Settings\user\Start Menu\Programs\Startup\djozvv66m8.exe ()
C:\Documents and Settings\user\Start Menu\Programs\Startup\fl61nijo.exe ()
C:\Documents and Settings\user\Start Menu\Programs\Startup\hcdi8e1v7w.exe ()
C:\Documents and Settings\user\Start Menu\Programs\Startup\v03m69703.exe ()
C:\Documents and Settings\user\Start Menu\Programs\Startup\xsnojzavrrn.exe ()
C:\Documents and Settings\user\Start Menu\Programs\Startup\xxnou93a.exe ()
C:\Documents and Settings\user\Start Menu\Programs\Startup\yyoupql0.exe ()
C:\Documents and Settings\user\Start Menu\Programs\Startup\ze870rrhid.exe ()

C:\WINDOWS\tasks\At1.job

Then try OTL again.

Ron
  • 0

#14
jennyllm
Posted 31 July 2011 - 08:45 PM

jennyllm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Yes, I can right click explorer & I'd already make those tools settings. All done. I'd searched the rundll32.exe, search result shown that the file is in C:\WINDOWS\Prefetch (files included there are RUNDLL32.EXE-2C703AED.pf, RUNDLL32.EXE-4ABAF25B.pf, RUNDLL32.EXE-14EC1EE8.pf, RUNDLL32.EXE-451FC2C0.pf, RUNDLL32.EXE-1586E753.pf, RUNDLL32.EXE-2855CE4C.pf, RUNDLL32.EXE-147710F4.pf & RUNDLL32.EXE-285569AC.pf).

I can't find rundll32.exe in C:\Windows\System32\dllcache.

Yes, i can find NOTEPAD.EXE in C:\WINDOWS. What to do next?

Cannot delete vnfuiwwn: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use.

I'd set the folder options Under the Hidden files and folders section select the radio button labeled Show hidden files and folders, but when i want to open C:\Documents and Settings\User\Start Menu\Programs\Startup, there are nothing inside & when i check back the show hidden files and folders, it was back to "Do not show hidden files and folders. (No matter in normal or safe mode)

So all the delete tasks are unable to perform.

Please advise what should I do next.
  • 0

#15
jennyllm
Posted 31 July 2011 - 09:43 PM

jennyllm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Yes, the explorer do come up. Yes I can boot in safe mode.

Had set the folder settings but the Show hidden files and folders option always back to "Do not show hidden files and folders" even though I'd clicked apply and ok. For more than 5 times I'd repeated this action.

Can't find rundll32.exe file in C:\Windows\System32\dllcache. 8 files of rundll32.exe. found in C:\WINDOWS\Prefetch (files including RUNDLL32.EXE-147710F4.pf, RUNDLL32.EXE-14EC1EE8.pf, RUNDLL32.EXE-1586E753.pf, RUNDLL32.EXE-285569AC.pf, RUNDLL32.EXE-2855CE4C.pf, RUNDLL32.EXE-2C703AED.pf, RUNDLL32.EXE-451FC2C0.pf & RUNDLL32.EXE-4ABAF25B.pf)

Notepad.exe can be found in C:\Windows\. Please advise what to do?

vnfuiwwn.dll cannot delete: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use.

No files found in C:\Documents and Settings\user\Start Menu\Programs\Startup\

Can't find this file C:\WINDOWS\tasks\At1.job

Please advise what to do next. Thanks.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP